IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-20 11:48:43 -06:00
Code Issues Packages Projects Releases Wiki Activity

handle multiple managed suffixes

Browse Source 
trigger topology updaet if suffix entry is added
    trigger topology update if managedSuffix is modified in host entry

Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
Ludwig Krispenz 2015-08-06 16:40:52 +02:00 committed by Jan Cholasta
parent 80e11d2469
commit fcb9854dcb
10 changed files with 221 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
daemons/ipa-slapi-plugins/topology/topology.h
View File

@ -90,8 +90,10 @@ typedef struct topo_replica {
struct topo_replica *next;
Slapi_Mutex *repl_lock;
char *shared_config_base;
Slapi_DN *shared_config_sdn;
char *repl_root;
char *strip_attrs;
char *total_attrs;
char *repl_attrs;
TopoReplicaSegmentList *repl_segments;
TopoReplicaHost *hosts;
} TopoReplica;
@ -227,6 +229,10 @@ int ipa_topo_setup_gssapi_agmt(char *hostname, TopoReplica *repl_conf,
TopoReplicaAgmt *agmt);
void ipa_topo_queue_apply_shared_config(time_t event_time, void *arg);
int ipa_topo_apply_shared_config(void);
int ipa_topo_apply_shared_replica_config(TopoReplica *replica_config);
void ipa_topo_util_suffix_init(Slapi_Entry *config);
void ipa_topo_util_suffix_update(Slapi_Entry *config_post, Slapi_Entry *config_pre,
LDAPMod **mods);
int ipa_topo_setup_managed_servers(void);
int ipa_topo_util_start(int delay);
int ipa_topo_util_update_agmt_list(TopoReplica *repl_conf,
@ -274,10 +280,12 @@ int ipa_topo_util_agmt_is_marked(Slapi_Entry * repl_agmt);
char *ipa_topo_agmt_attr_is_managed(char *type, char *direction);
int ipa_topo_cfg_attr_is_restricted(char *type);
int ipa_topo_util_setup_servers(void);
void ipa_topo_util_update_segments_for_host(Slapi_Entry *hostentry);
void ipa_topo_util_update_segments_for_host(TopoReplica *conf, char *hostname);
char *ipa_topo_util_get_ldap_principal(char *repl_root, char *hostname);
void ipa_topo_util_disable_repl_for_principal(char *repl_root, char *principal);
void ipa_topo_util_add_host(Slapi_Entry *hostentry);
void ipa_topo_util_delete_host(Slapi_Entry *hostentry);
void ipa_topo_util_update_host(Slapi_Entry *hostentry, LDAPMod **mods);
void ipa_topo_util_disable_repl_from_host(char *repl_root, char *delhost);
void ipa_topo_util_delete_segments_for_host(char *repl_root, char *delhost);
@ -293,6 +301,7 @@ TopoReplicaSegment *ipa_topo_util_segment_from_entry(TopoReplica *conf,
TopoReplicaSegment *ipa_topo_util_find_segment(TopoReplica *conf,
Slapi_Entry *entry);
TopoReplica *ipa_topo_util_conf_from_entry(Slapi_Entry *entry);
TopoReplica *ipa_topo_util_replica_init(Slapi_Entry *entry);
TopoReplica *ipa_topo_util_get_conf_for_segment(Slapi_Entry *segment_entry);
Slapi_Entry *ipa_topo_util_get_entry(char *dn);
int ipa_topo_util_modify(Slapi_DN *entrySDN, Slapi_Mods *smods);

12
daemons/ipa-slapi-plugins/topology/topology_agmt.c
View File

@ -228,20 +228,20 @@ ipa_topo_agmt_setup(char *hostname, TopoReplica *conf,
}
if (agmt->repl_attrs) {
slapi_entry_add_string(e, "nsDS5ReplicatedAttributeList",agmt->repl_attrs);
} else {
slapi_entry_add_string(e, "nsDS5ReplicatedAttributeList", REPL_ATTR_LIST);
} else if (conf->repl_attrs) {
slapi_entry_add_string(e, "nsDS5ReplicatedAttributeList",conf->repl_attrs);
}
if (agmt->strip_attrs) {
slapi_entry_add_string(e, "nsds5ReplicaStripAttrs", agmt->strip_attrs);
} else {
slapi_entry_add_string(e, "nsds5ReplicaStripAttrs", REPL_ATTR_STRIP);
} else if (conf->strip_attrs) {
slapi_entry_add_string(e, "nsds5ReplicaStripAttrs", conf->strip_attrs);
}
if (agmt->total_attrs) {
slapi_entry_add_string(e, "nsDS5ReplicatedAttributeListTotal",
agmt->total_attrs);
} else {
} else if (conf->total_attrs) {
slapi_entry_add_string(e, "nsDS5ReplicatedAttributeListTotal",
REPL_ATTR_LIST_TOTAL);
conf->total_attrs);
}
pb = slapi_pblock_new();

4
daemons/ipa-slapi-plugins/topology/topology_cfg.c
View File

@ -809,6 +809,9 @@ ipa_topo_cfg_replica_new(void)
topoRepl->next = NULL;
topoRepl->repl_segments = NULL;
topoRepl->repl_root = NULL;
topoRepl->strip_attrs = NULL;
topoRepl->total_attrs = NULL;
topoRepl->repl_attrs = NULL;
topoRepl->shared_config_base = NULL;
topoRepl->hosts = NULL;
topoRepl->repl_lock = slapi_new_mutex();
@ -851,7 +854,6 @@ ipa_topo_cfg_replica_free(TopoReplica *tconf)
slapi_destroy_mutex(tconf->repl_lock);
slapi_ch_free_string(&tconf->shared_config_base);
slapi_ch_free_string(&tconf->repl_root);
slapi_sdn_free(&tconf->shared_config_sdn);
seg = tconf->repl_segments;
while (seg) {
seg_next = seg->next;

24
daemons/ipa-slapi-plugins/topology/topology_init.c
View File

@ -13,7 +13,6 @@ static int ipa_topo_close(Slapi_PBlock * pb);
static int ipa_topo_preop_init(Slapi_PBlock *pb);
static int ipa_topo_postop_init(Slapi_PBlock *pb);
static int ipa_topo_internal_postop_init(Slapi_PBlock *pb);
static int ipa_topo_apply_shared_replica_config(char *replica_root);
static int ipa_topo_rootdse_init(Slapi_PBlock *pb);
static int ipa_topo_rootdse_search(Slapi_PBlock *pb, Slapi_Entry* e,
Slapi_Entry* entryAfter, int *returncode,
@ -147,6 +146,7 @@ ipa_topo_apply_shared_config(void)
int i = 0;
int rc = 0;
char **shared_replica_root = NULL;
TopoReplica *replica_config = NULL;
while (0 == ipa_topo_acquire_startup_inprogress()) {
DS_Sleep(1);
@ -154,7 +154,14 @@ ipa_topo_apply_shared_config(void)
shared_replica_root = ipa_topo_get_plugin_replica_root();
while (rc == 0 && shared_replica_root[i]) {
rc = ipa_topo_apply_shared_replica_config(shared_replica_root[i]);
/* get replica onfig entry from shared tree */
replica_config = ipa_topo_util_get_replica_conf(shared_replica_root[i]);
if (NULL == replica_config) {
slapi_log_error(SLAPI_LOG_PLUGIN, IPA_TOPO_PLUGIN_SUBSYSTEM,
"cannot find replica entry for: %s\n", shared_replica_root[i]);
} else {
rc = ipa_topo_apply_shared_replica_config(replica_config);
}
i++;
}
/* initialize the list of managed servers */
@ -176,21 +183,16 @@ ipa_topo_apply_shared_config(void)
return (rc);
}
static int
ipa_topo_apply_shared_replica_config(char *replica_root)
int
ipa_topo_apply_shared_replica_config(TopoReplica *replica_config)
{
TopoReplica *replica_config = NULL;
TopoReplicaSegmentList *replica_segments = NULL;
int rc = 0;
/* step 1. get replica onfig entry from shared tree
* search replica entry for replcia root below shared config base
*/
replica_config = ipa_topo_util_get_replica_conf(replica_root);
if (replica_config) {
/* step 2. get all segments for the replica from the shared config */
/* get all segments for the replica from the shared config */
replica_segments = ipa_topo_util_get_replica_segments(replica_config);
/* step 3. get all replication agreements for replica root */
/* get all replication agreements for replica root */
rc = ipa_topo_util_update_agmt_list(replica_config, replica_segments);
}
return (rc);

13
daemons/ipa-slapi-plugins/topology/topology_post.c
View File

@ -64,6 +64,7 @@ ipa_topo_post_add(Slapi_PBlock *pb)
switch (entry_type) {
case TOPO_CONFIG_ENTRY:
/* initialize the shared topology data for a replica */
ipa_topo_util_suffix_init(add_entry);
break;
case TOPO_SEGMENT_ENTRY: {
TopoReplicaSegment *tsegm = NULL;
@ -103,7 +104,7 @@ ipa_topo_post_add(Slapi_PBlock *pb)
* a segment which so far was inactive since
* the host was not managed
*/
ipa_topo_util_update_segments_for_host(add_entry);
ipa_topo_util_add_host(add_entry);
break;
}
case TOPO_DOMLEVEL_ENTRY: {
@ -135,6 +136,7 @@ ipa_topo_post_mod(Slapi_PBlock *pb)
int entry_type;
Slapi_Entry *mod_entry = NULL;
Slapi_Entry *pre_entry = NULL;
LDAPMod **mods;
slapi_log_error(SLAPI_LOG_PLUGIN, IPA_TOPO_PLUGIN_SUBSYSTEM,
"--> ipa_topo_post_mod\n");
@ -142,6 +144,7 @@ ipa_topo_post_mod(Slapi_PBlock *pb)
/* 1. get entry */
slapi_pblock_get(pb,SLAPI_ENTRY_POST_OP,&mod_entry);
slapi_pblock_get(pb,SLAPI_ENTRY_PRE_OP,&pre_entry);
slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &mods);
if (mod_entry == NULL || pre_entry == NULL) {
slapi_log_error(SLAPI_LOG_PLUGIN, IPA_TOPO_PLUGIN_SUBSYSTEM, "no entry\n");
@ -158,9 +161,9 @@ ipa_topo_post_mod(Slapi_PBlock *pb)
switch (entry_type) {
case TOPO_CONFIG_ENTRY:
ipa_topo_util_suffix_update(mod_entry, pre_entry, mods);
break;
case TOPO_SEGMENT_ENTRY: {
LDAPMod **mods;
TopoReplica *tconf = ipa_topo_util_get_conf_for_segment(mod_entry);
TopoReplicaSegment *tsegm = NULL;
if (tconf) tsegm = ipa_topo_util_find_segment(tconf, pre_entry);
@ -169,7 +172,6 @@ ipa_topo_post_mod(Slapi_PBlock *pb)
"ipa_topo_post_mod - segment to be modified does not exist\n");
break;
}
slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &mods);
ipa_topo_util_segment_update(tconf, tsegm, mods,ipa_topo_get_plugin_hostname());
ipa_topo_util_existing_agmts_update(tconf, tsegm, mods,
ipa_topo_get_plugin_hostname());
@ -191,7 +193,10 @@ ipa_topo_post_mod(Slapi_PBlock *pb)
slapi_ch_free_string(&domlevel);
break;
}
case TOPO_HOST_ENTRY:
case TOPO_HOST_ENTRY: {
ipa_topo_util_update_host(mod_entry, mods);
break;
}
case TOPO_IGNORE_ENTRY:
break;
}

54
daemons/ipa-slapi-plugins/topology/topology_pre.c
View File

@ -75,6 +75,34 @@ ipa_topo_is_agmt_attr_restricted(Slapi_PBlock *pb)
}
return rc;
}
int
ipa_topo_is_invalid_managed_suffix(Slapi_PBlock *pb)
{
LDAPMod **mods;
int i;
int rc = 0;
slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &mods);
for (i = 0; (mods != NULL) && (mods[i] != NULL); i++) {
if (0 == strcasecmp(mods[i]->mod_type, "ipaReplTopoManagedSuffix")) {
switch (mods[i]->mod_op & ~LDAP_MOD_BVALUES) {
case LDAP_MOD_DELETE:
/* only deletion of specific valuses supported */
if (NULL == mods[i]->mod_bvalues || NULL == mods[i]->mod_bvalues[0]) {
rc = 1;
}
break;
case LDAP_MOD_ADD:
break;
case LDAP_MOD_REPLACE:
rc = 1;
break;
}
}
}
return rc;
}
int
ipa_topo_is_segm_attr_restricted(Slapi_PBlock *pb)
{
@ -373,6 +401,28 @@ ipa_topo_check_segment_updates(Slapi_PBlock *pb)
return rc;
}
int
ipa_topo_check_host_updates(Slapi_PBlock *pb)
{
int rc = 0;
Slapi_Entry *mod_entry;
char *pi;
/* we have to check if the operation is triggered by the
* topology plugin itself - allow it
*/
slapi_pblock_get(pb, SLAPI_PLUGIN_IDENTITY,&pi);
if (pi && 0 == strcasecmp(pi, ipa_topo_get_plugin_id())) {
return 0;
}
slapi_pblock_get(pb,SLAPI_MODIFY_EXISTING_ENTRY,&mod_entry);
if (TOPO_HOST_ENTRY == ipa_topo_check_entry_type(mod_entry) &&
(ipa_topo_is_invalid_managed_suffix(pb))) {
rc = 1;
}
return rc;
}
int
ipa_topo_check_topology_disconnect(Slapi_PBlock *pb)
{
@ -502,6 +552,10 @@ ipa_topo_pre_mod(Slapi_PBlock *pb)
/* some updates to segments are not supported */
errtxt = slapi_ch_smprintf("Modification of connectivity and segment nodes "
" is not supported.\n");
} else if (ipa_topo_check_host_updates(pb)) {
/* some updates to segments are not supported */
errtxt = slapi_ch_smprintf("Modification of managed suffixes must explicitely "
" list suffix.\n");
}
if (errtxt) {
int rc = LDAP_UNWILLING_TO_PERFORM;

142
daemons/ipa-slapi-plugins/topology/topology_util.c
View File

@ -182,10 +182,7 @@ ipa_topo_util_get_replica_conf(char *repl_root)
"ipa_topo_util_get_replica_conf: "
"server configuration missing\n");
} else {
topoRepl = ipa_topo_cfg_replica_new();
topoRepl->shared_config_base =
slapi_ch_strdup(slapi_entry_get_dn_const(entries[0]));
topoRepl->repl_root = slapi_ch_strdup(repl_root);
topoRepl = ipa_topo_util_replica_init(entries[0]);
}
}
slapi_ch_free_string(&filter);
@ -424,6 +421,7 @@ ipa_topo_util_segm_from_agmt(Slapi_Entry *repl_agmt)
agmt->origin = slapi_ch_strdup(segment->from);
agmt->target = slapi_ch_strdup(segment->to);
agmt->rdn = slapi_entry_attr_get_charptr(repl_agmt, "cn");
agmt->repl_timeout = slapi_entry_attr_get_charptr(repl_agmt, "nsds5replicatimeout");
agmt->repl_root = slapi_entry_attr_get_charptr(repl_agmt, "nsds5replicaroot");
@ -456,6 +454,21 @@ ipa_topo_util_get_conf_for_segment(Slapi_Entry *segment_entry)
return tconf;
}
TopoReplica *
ipa_topo_util_replica_init(Slapi_Entry *conf)
{
TopoReplica *topoRepl = NULL;
topoRepl = ipa_topo_cfg_replica_new();
if (topoRepl) {
topoRepl->shared_config_base = slapi_ch_strdup(slapi_entry_get_dn_const(conf));
topoRepl->repl_root = slapi_entry_attr_get_charptr(conf,"ipaReplTopoConfRoot");
topoRepl->repl_attrs = slapi_entry_attr_get_charptr(conf, "nsDS5ReplicatedAttributeList");
topoRepl->strip_attrs = slapi_entry_attr_get_charptr(conf, "nsds5ReplicaStripAttrs");
topoRepl->total_attrs = slapi_entry_attr_get_charptr(conf, "nsDS5ReplicatedAttributeListTotal");
}
return topoRepl;
}
TopoReplica *
ipa_topo_util_conf_from_entry(Slapi_Entry *entry)
{
@ -1288,11 +1301,10 @@ ipa_topo_util_agmt_is_marked(Slapi_Entry *repl_agmt)
}
void
ipa_topo_util_update_segments_for_host(Slapi_Entry *hostentry)
ipa_topo_util_update_segments_for_host(TopoReplica *conf, char *hostname)
{
int rc = 0;
int nentries;
char* newhost = NULL;
Slapi_Entry **entries;
Slapi_Entry *repl_agmt;
Slapi_PBlock *pb = NULL;
@ -1302,11 +1314,10 @@ ipa_topo_util_update_segments_for_host(Slapi_Entry *hostentry)
* Since the host was not yet managed new segments ghave to be
* created
*/
newhost = slapi_entry_attr_get_charptr(hostentry,"cn");
pb = slapi_pblock_new();
filter = slapi_ch_smprintf("(&(objectclass=nsds5replicationagreement)(nsds5replicahost=%s))",
newhost);
filter = slapi_ch_smprintf("(&(objectclass=nsds5replicationagreement)(nsds5replicahost=%s)(nsds5replicaroot=%s))",
hostname, conf->repl_root);
slapi_search_internal_set_pb(pb, "cn=config", LDAP_SCOPE_SUB,
filter, NULL, 0, NULL, NULL,
ipa_topo_get_plugin_id(), 0);
@ -1317,15 +1328,15 @@ ipa_topo_util_update_segments_for_host(Slapi_Entry *hostentry)
slapi_log_error(SLAPI_LOG_PLUGIN, IPA_TOPO_PLUGIN_SUBSYSTEM,
"ipa_topo_util_update_segments_for_host: "
"no replication agreeements for host %s: error %d\n",
newhost, rc);
goto error_return;
hostname, rc);
return;
} else {
slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
if (NULL == entries || NULL == entries[0]) {
slapi_log_error(SLAPI_LOG_PLUGIN, IPA_TOPO_PLUGIN_SUBSYSTEM,
"ipa_topo_util_update_segments_for_host: "
"no agrements found\n");
goto error_return;
return;
}
}
@ -1333,9 +1344,8 @@ ipa_topo_util_update_segments_for_host(Slapi_Entry *hostentry)
nentries = 0;
repl_agmt = entries[0];
while (repl_agmt) {
TopoReplica *conf = NULL;
TopoReplicaSegment *topo_segm;
char *repl_root = NULL;
TopoReplicaSegment *topo_segm = NULL;
TopoReplicaAgmt *topo_agmt = NULL;
slapi_log_error(SLAPI_LOG_PLUGIN, IPA_TOPO_PLUGIN_SUBSYSTEM,
"ipa_topo_util_update_segments_for_host: "
@ -1343,27 +1353,29 @@ ipa_topo_util_update_segments_for_host(Slapi_Entry *hostentry)
slapi_entry_get_dn_const(repl_agmt));
/* generate segment from agreement */
repl_root = slapi_entry_attr_get_charptr(repl_agmt,"nsds5replicaroot");
conf = ipa_topo_cfg_replica_find(repl_root,1);
if (conf == NULL) goto next_agmt;
topo_segm = ipa_topo_util_segm_from_agmt(repl_agmt);
rc = ipa_topo_util_segment_write(conf, topo_segm);
if (rc != 0) {
slapi_log_error(SLAPI_LOG_PLUGIN, IPA_TOPO_PLUGIN_SUBSYSTEM,
"ipa_topo_util_update_segments_for_host: "
"failed to write segment for host %s: error %d\n",
newhost, rc);
hostname, rc);
}
rc = ipa_topo_util_agmt_mark(conf, repl_agmt, topo_segm);
if (rc != 0) {
slapi_log_error(SLAPI_LOG_PLUGIN, IPA_TOPO_PLUGIN_SUBSYSTEM,
"ipa_topo_util_update_segments_for_host: "
"failed to mark agreement for host %s: error %d\n",
newhost, rc);
hostname, rc);
}
/* segment has been recreated and added during postp of segment_write
* but the correct agreement rdn was lost, set it now */
topo_agmt = ipa_topo_util_find_segment_agmt(conf->repl_segments,
ipa_topo_get_plugin_hostname(),
hostname);
if (topo_agmt) {
ipa_topo_util_set_agmt_rdn(topo_agmt, repl_agmt);
}
ipa_topo_cfg_segment_add(conf, topo_segm);
next_agmt:
slapi_ch_free_string(&repl_root);
repl_agmt = entries[++nentries];
}
@ -1371,9 +1383,6 @@ next_agmt:
slapi_free_search_results_internal(pb);
slapi_pblock_destroy(pb);
error_return:
slapi_ch_free_string(&newhost);
}
void
@ -1432,6 +1441,61 @@ ipa_topo_util_delete_segments_for_host(char *repl_root, char *delhost)
"ipa_topo_util_delete_segments_for_host <-- done\n");
}
void
ipa_topo_util_add_managed_host(char *suffix, char *addhost)
{
TopoReplica *conf = ipa_topo_cfg_replica_find(suffix,1);
if (conf) {
ipa_topo_util_update_segments_for_host(conf, addhost);
}
}
void
ipa_topo_util_add_host(Slapi_Entry *hostentry)
{
char* addhost = NULL;
char **suffixes = NULL;
int i=0;
addhost = slapi_entry_attr_get_charptr(hostentry,"cn");
suffixes = slapi_entry_attr_get_charray(hostentry,"ipaReplTopoManagedSuffix");
while (suffixes && suffixes[i]) {
ipa_topo_util_add_managed_host(suffixes[i], addhost);
i++;
}
slapi_ch_free_string(&addhost);
slapi_ch_array_free(suffixes);
}
void
ipa_topo_util_update_host(Slapi_Entry *hostentry, LDAPMod **mods)
{
char* modhost = NULL;
int i, j;
modhost = slapi_entry_attr_get_charptr(hostentry,"cn");
for (i = 0; (mods != NULL) && (mods[i] != NULL); i++) {
if (0 == strcasecmp(mods[i]->mod_type, "ipaReplTopoManagedSuffix")) {
switch (mods[i]->mod_op & ~LDAP_MOD_BVALUES) {
case LDAP_MOD_DELETE:
/* preop check ensures we have valuses */
if (NULL == mods[i]->mod_bvalues || NULL == mods[i]->mod_bvalues[0]) {
}
break;
case LDAP_MOD_ADD:
for (j = 0; mods[i]->mod_bvalues[j] != NULL; j++) {
ipa_topo_util_add_managed_host(mods[i]->mod_bvalues[j]->bv_val, modhost);
}
break;
case LDAP_MOD_REPLACE:
break;
}
}
}
slapi_ch_free_string(&modhost);
}
void
ipa_topo_util_delete_host(Slapi_Entry *hostentry)
{
@ -1673,3 +1737,29 @@ ipa_topo_util_reset_init(char *repl_root)
slapi_mods_free(&smods);
}
}
void
ipa_topo_util_suffix_init(Slapi_Entry *config_entry)
{
int rc = 0;
TopoReplica *topoRepl = NULL;
char *repl_suffix = slapi_entry_attr_get_charptr(config_entry,"ipaReplTopoConfRoot");
if (repl_suffix) {
topoRepl = ipa_topo_util_replica_init(config_entry);
if (topoRepl) {
rc = ipa_topo_cfg_replica_add(topoRepl);
rc = ipa_topo_apply_shared_replica_config(topoRepl);
if (rc)
slapi_log_error(SLAPI_LOG_PLUGIN, IPA_TOPO_PLUGIN_SUBSYSTEM,
"ipa_topo_util_suffix_init: failed to init suffix %s\n", repl_suffix);
}
}
slapi_ch_free_string(&repl_suffix);
}
void
ipa_topo_util_suffix_update(Slapi_Entry *config_post, Slapi_Entry *config_pre,
LDAPMod **mods)
{
}

2
install/share/70topology.ldif
View File

@ -9,7 +9,7 @@ attributetypes: ( 2.16.840.1.113730.3.8.20.2.5 NAME 'ipaReplTopoSegmentStatus' D
attributetypes: ( 2.16.840.1.113730.3.8.20.2.6 NAME 'ipaReplTopoSegmentGenerated' DESC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'FreeIPA' )
attributetypes: ( 2.16.840.1.113730.3.8.20.2.7 NAME 'ipaReplTopoManagedAgreementState' DESC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'FreeIPA' )
attributetypes: ( 2.16.840.1.113730.3.8.20.2.8 NAME 'ipaReplTopoManagedSuffix' DESC 'IPA defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'FreeIPA' )
objectclasses: ( 2.16.840.1.113730.3.8.20.1.1 NAME 'ipaReplTopoConf' DESC 'IPA defined objectclass' SUP top STRUCTURAL MUST ipaReplTopoConfRoot MAY ( cn $ nsDS5ReplicaRoot $ nsDS5ReplicatedAttributeList $ nsDS5ReplicatedAttributeListTotal ) X-ORIGIN 'Free IPA' )
objectclasses: ( 2.16.840.1.113730.3.8.20.1.1 NAME 'ipaReplTopoConf' DESC 'IPA defined objectclass' SUP top STRUCTURAL MUST ipaReplTopoConfRoot MAY ( cn $ nsDS5ReplicaRoot $ nsDS5ReplicatedAttributeList $ nsDS5ReplicatedAttributeListTotal $ nsds5ReplicaStripAttrs) X-ORIGIN 'Free IPA' )
objectclasses: ( 2.16.840.1.113730.3.8.20.1.2 NAME 'ipaReplTopoSegment' DESC 'IPA defined objectclass' SUP top STRUCTURAL MUST ( ipaReplTopoSegmentDirection $ ipaReplTopoSegmentLeftNode $ ipaReplTopoSegmentRightNode) MAY ( cn $ ipaReplTopoSegmentStatus $ ipaReplTopoSegmentGenerated $ nsDS5ReplicatedAttributeList $ nsDS5ReplicatedAttributeListTotal $ nsds5BeginReplicaRefresh $ description $ nsds5replicaTimeout $ nsds5ReplicaEnabled $ nsds5ReplicaStripAttrs $ nsds5replicaSessionPauseTime $ nsds5ReplicaProtocolTimeout ) X-ORIGIN 'Free IPA' )
objectclasses: ( 2.16.840.1.113730.3.8.20.1.3 NAME 'ipaReplTopoManagedAgreement' DESC 'marker objectclass for managed replication agreements' SUP top AUXILIARY MAY ( ipaReplTopoManagedAgreementState ) X-ORIGIN 'Free IPA' )
objectclasses: ( 2.16.840.1.113730.3.8.20.1.4 NAME 'ipaReplTopoManagedServer' DESC 'part of managed replication topology' SUP top AUXILIARY MAY ( ipaReplTopoManagedSuffix ) X-ORIGIN 'Free IPA' )

3
install/share/topology-entries.ldif
View File

@ -10,4 +10,7 @@ changetype: add
objectclass: top
objectclass: iparepltopoconf
ipaReplTopoConfRoot: $SUFFIX
nsDS5ReplicatedAttributeList: $EXCLUDES
nsDS5ReplicatedAttributeListTotal: $TOTAL_EXCLUDES
nsds5ReplicaStripAttrs: $STRIP_ATTRS
cn: realm

5
ipaserver/install/dsinstance.py
View File

@ -484,6 +484,11 @@ class DsInstance(service.Service):
DOMAIN_LEVEL=self.domainlevel,
MAX_DOMAIN_LEVEL=constants.MAX_DOMAIN_LEVEL,
MIN_DOMAIN_LEVEL=constants.MIN_DOMAIN_LEVEL,
STRIP_ATTRS=" ".join(replication.STRIP_ATTRS),
EXCLUDES='(objectclass=*) $ EXCLUDE ' +
' '.join(replication.EXCLUDES),
TOTAL_EXCLUDES='(objectclass=*) $ EXCLUDE ' +
' '.join(replication.TOTAL_EXCLUDES),
)
def __create_instance(self):