[Freeipa-devel] [PATCH 0126-0127] reset openldap client config to point to freshly promote replica

Martin Basti mbasti at redhat.com
Mon Feb 1 14:15:27 UTC 2016 


On 29.01.2016 18:06, Martin Basti wrote:
>
>
> On 29.01.2016 09:01, Martin Babinsky wrote:
>> On 01/20/2016 09:40 AM, Martin Babinsky wrote:
>>> On 01/14/2016 05:29 PM, Martin Babinsky wrote:
>>>> On 01/13/2016 05:59 PM, Rob Crittenden wrote:
>>>>> Martin Babinsky wrote:
>>>>>> fixes https://fedorahosted.org/freeipa/ticket/5584
>>>>>>
>>>>>> In order to ensure consistent behavior with ipa-client-install, I 
>>>>>> opted
>>>>>> to reuse the configure_openldap_conf() function and restoring the
>>>>>> config
>>>>>> from client sysrestore before modifying it.
>>>>>>
>>>>>> If you think this approach is not optimal please propose an 
>>>>>> alternative
>>>>>> solution.
>>>>>
>>>>> You could also just do an action set on URI to change the value, 
>>>>> right?
>>>>> It would need a new function but it would be very small.
>>>>>
>>>>> If you do end up keeping this I'd want a new commit message for 
>>>>> moving
>>>>> the code to include why you're moving it (to avoid the need to 
>>>>> deference
>>>>> the ticket).
>>>>>
>>>>> rob
>>>>>
>>>>
>>>> Here's the patch that implements the change in URI directive. Please
>>>> keep in mind that we not only have to change the URI to point to
>>>> ourselves, we also have to do it in a way consistent with
>>>> ipa-client-install, i.e. leave a comment with new URI if it was 
>>>> already
>>>> set by third party.
>>>>
>>>> Plain 'addifnotset' directive will not do, however, because then we 
>>>> end
>>>> up with two comments, one original, and one pointing to ourselves. 
>>>> Plain
>>>> 'set' may rewrite the URI set by user and thus we would have to 
>>>> test its
>>>> value anyway.
>>>>
>>>> The correct handling of these cases coupled with a way 
>>>> IPAChangeConf is
>>>> written results in a solution presented here.
>>>>
>>>> The fact that it is not much shorter than configure_openldap_conf 
>>>> and is
>>>> additionally pretty ugly (a fact at least partially caused by me not
>>>> being very fluent in IPAChangeConf usage) led me to the conclusion 
>>>> that
>>>> restoring original ldap.conf and reusing already wirrten code for
>>>> reediting it anew with replica as URI is actually not that bad idea.
>>>>
>>>>
>>>>
>>>
>>> Bump for review/discussion.
>>>
>> Another bump.
>>
> Works for me, ACK
>
Pushed to:
master: 23f5edb4be08b359c6acd8a18a5e23c3dd784136
ipa-4-3: c61bc48de6a75a948adad2032bd69d96007be444

More information about the Freeipa-devel mailing list