[Freeipa-devel] [PATCH 0416][WIP] fix broken configuration of sidgen and extdom plugins
Alexander Bokovoy
abokovoy at redhat.com
Fri Feb 19 10:12:26 UTC 2016
On Fri, 19 Feb 2016, Martin Basti wrote:
>WIP patch attached
>
>https://fedorahosted.org/freeipa/ticket/5665
>
Comments inline.
>+ # we need to run sidgen task
>+ sidgen_task_dn = DN("cn=sidgen,cn=ipa-sidgen-task,cn=tasks,"
>+ "cn=config")
>+ sidgen_tasks_attr = {
>+ "objectclass": ["top", "extensibleObject"],
>+ "cn": ["sidgen"],
>+ "delay": [0],
>+ "nsslapd-basedn": [self.api.env.basedn],
>+ }
May be you are better to name this task more uniquely?
Something like 'cn=generate domain sid,cn=...'?
>+
>+ task_entry = ldap.make_entry(sidgen_task_dn,
>+ **sidgen_tasks_attr)
>+ try:
>+ ldap.add_entry(task_entry)
>+ except errors.DuplicateEntry:
>+ self.log.debug("sidgen task already created")
>+ else:
>+ self.log.debug("sidgen task has been created")
There could be multiple tasks running in parallel, that's why it could
be good to use a different and unique name.
>+ # we have to check all trusts domains which have been added after the
>+ # upgrade that caused bug was done.
>+
>+ base_dn = DN(self.api.env.container_adtrusts, self.api.env.basedn)
>+ trust_domain_entries, truncated = ldap.find_entries(
>+ base_dn=base_dn,
>+ scope=ldap.SCOPE_ONELEVEL,
>+ attrs_list=[attr_name, "cn"],
>+ )
>+
>+ if truncated:
>+ self.log.warning("update_sids: Search results were truncated")
>+
>+ for entry in trust_domain_entries:
>+ if entry.single_value[attr_name] is None:
>+ domain = entry.single_value["cn"]
>+ self.log.error(
>+ "Your trust to %s is broken. Please re-create it by "
>+ "running 'ipa trust-add' again", domain)
>+
>+ sysupgrade.set_upgrade_state('sidgen', 'update_sids', False)
>+ return False, ()
This part looks fine. Basically, a similar check needs to be added to
trust_find, trust_show, and may be trust_add.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list