[Freeipa-devel] [PATCH 0126-0127] reset openldap client config to point to freshly promote replica

Martin Basti mbasti at redhat.com
Fri Jan 29 17:06:15 UTC 2016 


On 29.01.2016 09:01, Martin Babinsky wrote:
> On 01/20/2016 09:40 AM, Martin Babinsky wrote:
>> On 01/14/2016 05:29 PM, Martin Babinsky wrote:
>>> On 01/13/2016 05:59 PM, Rob Crittenden wrote:
>>>> Martin Babinsky wrote:
>>>>> fixes https://fedorahosted.org/freeipa/ticket/5584
>>>>>
>>>>> In order to ensure consistent behavior with ipa-client-install, I 
>>>>> opted
>>>>> to reuse the configure_openldap_conf() function and restoring the
>>>>> config
>>>>> from client sysrestore before modifying it.
>>>>>
>>>>> If you think this approach is not optimal please propose an 
>>>>> alternative
>>>>> solution.
>>>>
>>>> You could also just do an action set on URI to change the value, 
>>>> right?
>>>> It would need a new function but it would be very small.
>>>>
>>>> If you do end up keeping this I'd want a new commit message for moving
>>>> the code to include why you're moving it (to avoid the need to 
>>>> deference
>>>> the ticket).
>>>>
>>>> rob
>>>>
>>>
>>> Here's the patch that implements the change in URI directive. Please
>>> keep in mind that we not only have to change the URI to point to
>>> ourselves, we also have to do it in a way consistent with
>>> ipa-client-install, i.e. leave a comment with new URI if it was already
>>> set by third party.
>>>
>>> Plain 'addifnotset' directive will not do, however, because then we end
>>> up with two comments, one original, and one pointing to ourselves. 
>>> Plain
>>> 'set' may rewrite the URI set by user and thus we would have to test 
>>> its
>>> value anyway.
>>>
>>> The correct handling of these cases coupled with a way IPAChangeConf is
>>> written results in a solution presented here.
>>>
>>> The fact that it is not much shorter than configure_openldap_conf 
>>> and is
>>> additionally pretty ugly (a fact at least partially caused by me not
>>> being very fluent in IPAChangeConf usage) led me to the conclusion that
>>> restoring original ldap.conf and reusing already wirrten code for
>>> reediting it anew with replica as URI is actually not that bad idea.
>>>
>>>
>>>
>>
>> Bump for review/discussion.
>>
> Another bump.
>
Works for me, ACK

More information about the Freeipa-devel mailing list