<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<div class="moz-cite-prefix">On 06/24/2015 01:59 PM, Oleg Fayans
wrote:<br>
</div>
<blockquote cite="mid:558A9B8F.3080509@redhat.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
Hi Petr,<br>
<br>
Thanks for clarification! It seems though, that all possible
attributes are already mapped to the topologysegment-mod options:<br>
<br>
<small>[13:42:45]ofayans@vm-244:~]$ ipa show-mappings
topologysegment-mod<br>
Parameter : LDAP attribute<br>
========= : ==============<br>
stripattrs : nsds5replicastripattrs<br>
replattrs : nsds5replicatedattributelist<br>
replattrstotal : nsds5replicatedattributelisttotal<br>
timeout : nsds5replicatimeout<br>
enabled : nsds5replicaenabled<br>
rights : rights<br>
[13:47:41]ofayans@vm-244:~]$ ipa help topologysegment-mod<br>
Usage: ipa [global-options] topologysegment-mod TOPOLOGYSUFFIX
NAME [options]<br>
<br>
Modify a segment.<br>
Options:<br>
-h, --help show this help message and exit<br>
--stripattrs=STR A space separated list of attributes
which are removed<br>
from replication updates.<br>
--replattrs=STR Attributes that are not replicated to a
consumer<br>
server during a fractional update. E.g.,<br>
`(objectclass=*) $ EXCLUDE
accountlockout memberof<br>
--replattrstotal=STR Attributes that are not replicated to a
consumer<br>
server during a total update. E.g.
(objectclass=*) $<br>
EXCLUDE accountlockout<br>
--timeout=INT Number of seconds outbound LDAP
operations waits for a<br>
response from the remote replica before
timing out and<br>
failing<br>
--enabled=['on', 'off']<br>
Whether a replication agreement is
active, meaning<br>
whether replication is occurring per
that agreement<br>
--setattr=STR Set an attribute to a name/value pair.
Format is<br>
attr=value. For multi-valued attributes,
the command<br>
replaces the values already present.<br>
--addattr=STR Add an attribute/value pair. Format is
attr=value. The<br>
attribute must be part of the schema.<br>
--delattr=STR Delete an attribute/value pair. The
option will be<br>
evaluated last, after all sets and adds.<br>
--rights Display the access rights of this entry
(requires<br>
--all). See ipa man page for details.<br>
--all Retrieve and print all attributes from
the server.<br>
Affects command output.<br>
--raw Print entries as stored on the server.
Only affects<br>
output format.<br>
</small><br>
So, setattr, addattr and delattr should, I think, be explained in
the design document, with example usage.<br>
<br>
Another question that I have: <br>
In order to test topologysegment-reinitialize, I need to set the
replica timeout to, say, 1, then turn this replica off, then make
some changes on master and turn on the replica? I mean, my goal is
to make master to give up attempts to synchronize with replica, is
that correct?<br>
</blockquote>
I don't see why you want to do all these steps, initialize means
that the database of B is overwritten by the database of A, so you
could check that the content is the same. But to simulate a
situation where init is required is not so easy, if you turn the
replica on again, the changes could be normally replicated before
you start the init<br>
<blockquote cite="mid:558A9B8F.3080509@redhat.com" type="cite"> <br>
<div class="moz-cite-prefix">On 06/24/2015 12:28 PM, Petr Vobornik
wrote:<br>
</div>
<blockquote cite="mid:558A8640.6020905@redhat.com" type="cite">On
06/24/2015 12:19 PM, Oleg Fayans wrote: <br>
<blockquote type="cite">Hi Ludwig, <br>
<br>
I see some contradictions in the way the segment modification
cli is <br>
implemented: <br>
<br>
1. <br>
$ ipa help topologysegment-mod <br>
Usage: ipa [global-options] topologysegment-mod TOPOLOGYSUFFIX
NAME <br>
[options] <br>
<br>
$ ipa topologysegment-mod realm 127-to-244 --setattr=Segment
name=test <br>
ipa: ERROR: command 'topologysegment_mod' takes at most 2
arguments <br>
<br>
(suffix + name + options = 3, not 2) <br>
</blockquote>
<br>
'Segment name' is not correct attribute name. More below. <br>
<br>
<blockquote type="cite"> <br>
2. <br>
Is there a way to list all possible attributes available for
modification? <br>
When do topologysegment-show --all, I get quite a small number
of them, <br>
and even them I am unable to modify: <br>
<br>
$ ipa topologysegment-show realm 127-to-244 --all <br>
dn: <br>
cn=127-to-244,cn=realm,cn=topology,cn=ipa,cn=etc,dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com
<br>
<br>
Segment name: 127-to-244 <br>
Left node: vm-127.idm.lab.eng.brq.redhat.com <br>
Right node: vm-244.idm.lab.eng.brq.redhat.com <br>
Connectivity: both <br>
objectclass: top, iparepltoposegment <br>
<br>
$ ipa topologysegment-mod realm 127-to-244 <br>
--setattr=connectivity=left-right <br>
ipa: ERROR: attribute "connectivity" not allowed <br>
$ ipa topologysegment-mod realm 127-to-244
--setattr=direction=left-right <br>
ipa: ERROR: attribute "direction" not allowed <br>
<br>
</blockquote>
<br>
--XXXattr options work with LDAP attributes names. 'direction'
is the option name but not attribute name. Attribute name is
iparepltoposegmentdirection. <br>
<br>
You can see the mappings in, e.g.,: <br>
ipa show-mappings topologysegment-mod <br>
<br>
<br>
<br>
<br>
<br>
<br>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Oleg Fayans
Quality Engineer
FreeIPA team
RedHat.</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
</body>
</html>