[Freeipa-devel] DN patch and documentation

Petr Viktorin pviktori at redhat.com
Fri Jul 27 12:24:42 UTC 2012 

On 07/26/2012 11:48 PM, John Dennis wrote:
> I have applied the suggested fixes, rebased against master, run all the
> unit tests successfully, built RPM's, did a full install without errors,
> and brought up the web UI successfully.
>
> The current code can be found here:
>
> git clone git://fedorapeople.org/~jdennis/freeipa.dn.git
> git checkout dn
>
> I did not squash the individual commits (but they should be before we
> apply to master).

Thank you!

> Please test (again).
>
> I continue to believe the greatest lurking liability is the installer
> code and the individual command line utilities (e.g. replica-manage,
> etc.) Aside from the server install I have not exercised those components.

Please test them, most of them just don't work. They're practically the 
only ones that use the old Entity & Entry, so related bugs won't show up 
unless you run the utilities.




ipa-ldap-updater still fails:

2012-07-27T10:21:05Z DEBUG Traceback (most recent call last):
   File 
"/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py", 
line 112, in __upgrade
     self.modified = ld.update(self.files)
   File 
"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py", line 
879, in update
     updates = api.Backend.updateclient.update(POST_UPDATE, 
self.dm_password, self.ldapi, self.live_run)
   File 
"/usr/lib/python2.7/site-packages/ipaserver/install/plugins/updateclient.py", 
line 134, in update
     if dn not in rdn_count_list[rdn_count]:
IndexError: list index out of range

The offending code is:
     rdn_count = len(DN(dn))
     rdn_count_list = dn_by_rdn_count.setdefault(rdn_count, [])
     if dn not in rdn_count_list[rdn_count]:
         rdn_count_list[rdn_count].append(dn)

rdn_count_list is dn_by_rdn_count[rdn_count]; indexing with rdn_count 
again is an error.

I find the variable names are a bit confusing here.




ipa-replica-prepare is also unusable:

$ sudo ipa-replica-prepare vm-125.$DOMAIN --ip-address $IP
Directory Manager (existing master) password:

Preparing replica for vm-125.idm.lab.bos.redhat.com from 
vm-134.idm.lab.bos.redhat.com
preparation of replica failed: '__getitem__'
'__getitem__'
   File "/sbin/ipa-replica-prepare", line 461, in <module>
     main()

   File "/sbin/ipa-replica-prepare", line 309, in main
     dirman_password)

   File 
"/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", 
line 99, in enable_replication_version_checking
     conn.modify_s(entry[0].dn, [(ldap.MOD_REPLACE, 
'nsslapd-pluginenabled', 'on')])

   File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line 
143, in __getattr__
     return self.__dict__[name]

i.e. entry[0] tries to call entry.__getitem__.

I haven't tested any replica-related tools since I couldn't prepare a 
replica.




ipa-compliance still has the same error as before




ipa-managed-entries still fails:
   File 
"/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", 
line 607, in run_script
     return_value = main_function()

   File "install/tools/ipa-managed-entries", line 133, in main
     managed_entries = [entry.cn for entry in entries]

You need entry.data['cn'] instead.




I also get several errors in the DNS plugin test suite:

Traceback (most recent call last):
   File "/home/pviktori/freeipa/ipaserver/rpcserver.py", line 332, in 
wsgi_execute
     result = self.Command[name](*args, **options)
   File "/home/pviktori/freeipa/ipalib/frontend.py", line 435, in __call__
     ret = self.run(*args, **options)
   File "/home/pviktori/freeipa/ipalib/frontend.py", line 747, in run
     return self.execute(*args, **options)
   File "/home/pviktori/freeipa/ipalib/plugins/dns.py", line 2458, in 
execute
     result = super(dnsrecord_mod, self).execute(*keys, **options)
   File "/home/pviktori/freeipa/ipalib/plugins/baseldap.py", line 1351, 
in execute
     assert isinstance(dn, DN)
AssertionError

ipa: INFO: admin at IDM.LAB.BOS.REDHAT.COM: dnsrecord_mod(u'dnszone.test', 
u'testcnamerec', arecord=(u'10.0.0.1',), cnamerecord=None, rights=False, 
structured=False, all=False, raw=False, version=u'2.41'): AssertionError

This is a good catch; the dnsrecord_mod post_callback should return the 
DN, not None.


-- 
Petr³

More information about the Freeipa-devel mailing list