|
|
5873fa |
From 52ce524f7672563b543e84401665765cfa72dea5 Mon Sep 17 00:00:00 2001
|
|
|
5873fa |
From: Mark Reynolds <mreynolds@redhat.com>
|
|
|
5873fa |
Date: Tue, 26 May 2020 17:03:11 -0400
|
|
|
5873fa |
Subject: [PATCH 09/12] Issue 51113 - Allow using uid for replication manager
|
|
|
5873fa |
entry
|
|
|
5873fa |
|
|
|
5873fa |
Bug Description: Currently it was hardcoded to only allow "cn" as
|
|
|
5873fa |
the rdn attribute for the replication manager entry.
|
|
|
5873fa |
|
|
|
5873fa |
Fix description: Allow setting the rdn attribute of the replication
|
|
|
5873fa |
manager DS ldap object, and include the schema that
|
|
|
5873fa |
allows "uid".
|
|
|
5873fa |
|
|
|
5873fa |
relates: https://pagure.io/389-ds-base/issue/51113
|
|
|
5873fa |
|
|
|
5873fa |
Reviewed by: spichugi & firstyear(Thanks!!)
|
|
|
5873fa |
---
|
|
|
5873fa |
src/lib389/lib389/cli_conf/replication.py | 53 ++++++++++++-----------
|
|
|
5873fa |
src/lib389/lib389/replica.py | 11 +++--
|
|
|
5873fa |
2 files changed, 35 insertions(+), 29 deletions(-)
|
|
|
5873fa |
|
|
|
5873fa |
diff --git a/src/lib389/lib389/cli_conf/replication.py b/src/lib389/lib389/cli_conf/replication.py
|
|
|
5873fa |
index 09cb9b435..b9bc3d291 100644
|
|
|
5873fa |
--- a/src/lib389/lib389/cli_conf/replication.py
|
|
|
5873fa |
+++ b/src/lib389/lib389/cli_conf/replication.py
|
|
|
5873fa |
@@ -199,19 +199,21 @@ def enable_replication(inst, basedn, log, args):
|
|
|
5873fa |
|
|
|
5873fa |
# Create replication manager if password was provided
|
|
|
5873fa |
if args.bind_dn and args.bind_passwd:
|
|
|
5873fa |
- cn_rdn = args.bind_dn.split(",", 1)[0]
|
|
|
5873fa |
- cn_val = cn_rdn.split("=", 1)[1]
|
|
|
5873fa |
- manager = BootstrapReplicationManager(inst, dn=args.bind_dn)
|
|
|
5873fa |
+ rdn = args.bind_dn.split(",", 1)[0]
|
|
|
5873fa |
+ rdn_attr, rdn_val = rdn.split("=", 1)
|
|
|
5873fa |
+ manager = BootstrapReplicationManager(inst, dn=args.bind_dn, rdn_attr=rdn_attr)
|
|
|
5873fa |
try:
|
|
|
5873fa |
manager.create(properties={
|
|
|
5873fa |
- 'cn': cn_val,
|
|
|
5873fa |
+ 'cn': rdn_val,
|
|
|
5873fa |
+ 'uid': rdn_val,
|
|
|
5873fa |
'userPassword': args.bind_passwd
|
|
|
5873fa |
})
|
|
|
5873fa |
except ldap.ALREADY_EXISTS:
|
|
|
5873fa |
# Already there, but could have different password. Delete and recreate
|
|
|
5873fa |
manager.delete()
|
|
|
5873fa |
manager.create(properties={
|
|
|
5873fa |
- 'cn': cn_val,
|
|
|
5873fa |
+ 'cn': rdn_val,
|
|
|
5873fa |
+ 'uid': rdn_val,
|
|
|
5873fa |
'userPassword': args.bind_passwd
|
|
|
5873fa |
})
|
|
|
5873fa |
except ldap.NO_SUCH_OBJECT:
|
|
|
5873fa |
@@ -511,22 +513,23 @@ def get_cl(inst, basedn, log, args):
|
|
|
5873fa |
|
|
|
5873fa |
|
|
|
5873fa |
def create_repl_manager(inst, basedn, log, args):
|
|
|
5873fa |
- manager_cn = "replication manager"
|
|
|
5873fa |
+ manager_name = "replication manager"
|
|
|
5873fa |
repl_manager_password = ""
|
|
|
5873fa |
repl_manager_password_confirm = ""
|
|
|
5873fa |
|
|
|
5873fa |
if args.name:
|
|
|
5873fa |
- manager_cn = args.name
|
|
|
5873fa |
-
|
|
|
5873fa |
- if is_a_dn(manager_cn):
|
|
|
5873fa |
- # A full DN was provided, make sure it uses "cn" for the RDN
|
|
|
5873fa |
- if manager_cn.split("=", 1)[0].lower() != "cn":
|
|
|
5873fa |
- raise ValueError("Replication manager DN must use \"cn\" for the rdn attribute")
|
|
|
5873fa |
- manager_dn = manager_cn
|
|
|
5873fa |
- manager_rdn = manager_dn.split(",", 1)[0]
|
|
|
5873fa |
- manager_cn = manager_rdn.split("=", 1)[1]
|
|
|
5873fa |
+ manager_name = args.name
|
|
|
5873fa |
+
|
|
|
5873fa |
+ if is_a_dn(manager_name):
|
|
|
5873fa |
+ # A full DN was provided
|
|
|
5873fa |
+ manager_dn = manager_name
|
|
|
5873fa |
+ manager_rdn = manager_name.split(",", 1)[0]
|
|
|
5873fa |
+ manager_attr, manager_name = manager_rdn.split("=", 1)
|
|
|
5873fa |
+ if manager_attr.lower() not in ['cn', 'uid']:
|
|
|
5873fa |
+ raise ValueError(f'The RDN attribute "{manager_attr}" is not allowed, you must use "cn" or "uid"')
|
|
|
5873fa |
else:
|
|
|
5873fa |
- manager_dn = "cn={},cn=config".format(manager_cn)
|
|
|
5873fa |
+ manager_dn = "cn={},cn=config".format(manager_name)
|
|
|
5873fa |
+ manager_attr = "cn"
|
|
|
5873fa |
|
|
|
5873fa |
if args.passwd:
|
|
|
5873fa |
repl_manager_password = args.passwd
|
|
|
5873fa |
@@ -544,10 +547,11 @@ def create_repl_manager(inst, basedn, log, args):
|
|
|
5873fa |
repl_manager_password = ""
|
|
|
5873fa |
repl_manager_password_confirm = ""
|
|
|
5873fa |
|
|
|
5873fa |
- manager = BootstrapReplicationManager(inst, dn=manager_dn)
|
|
|
5873fa |
+ manager = BootstrapReplicationManager(inst, dn=manager_dn, rdn_attr=manager_attr)
|
|
|
5873fa |
try:
|
|
|
5873fa |
manager.create(properties={
|
|
|
5873fa |
- 'cn': manager_cn,
|
|
|
5873fa |
+ 'cn': manager_name,
|
|
|
5873fa |
+ 'uid': manager_name,
|
|
|
5873fa |
'userPassword': repl_manager_password
|
|
|
5873fa |
})
|
|
|
5873fa |
if args.suffix:
|
|
|
5873fa |
@@ -564,7 +568,8 @@ def create_repl_manager(inst, basedn, log, args):
|
|
|
5873fa |
# Already there, but could have different password. Delete and recreate
|
|
|
5873fa |
manager.delete()
|
|
|
5873fa |
manager.create(properties={
|
|
|
5873fa |
- 'cn': manager_cn,
|
|
|
5873fa |
+ 'cn': manager_name,
|
|
|
5873fa |
+ 'uid': manager_name,
|
|
|
5873fa |
'userPassword': repl_manager_password
|
|
|
5873fa |
})
|
|
|
5873fa |
if args.suffix:
|
|
|
5873fa |
@@ -954,6 +959,7 @@ def get_winsync_agmt_status(inst, basedn, log, args):
|
|
|
5873fa |
status = agmt.status(winsync=True, use_json=args.json)
|
|
|
5873fa |
log.info(status)
|
|
|
5873fa |
|
|
|
5873fa |
+
|
|
|
5873fa |
#
|
|
|
5873fa |
# Tasks
|
|
|
5873fa |
#
|
|
|
5873fa |
@@ -1347,8 +1353,7 @@ def create_parser(subparsers):
|
|
|
5873fa |
agmt_set_parser.add_argument('--wait-async-results', help="The amount of time in milliseconds the server waits if "
|
|
|
5873fa |
"the consumer is not ready before resending data")
|
|
|
5873fa |
agmt_set_parser.add_argument('--busy-wait-time', help="The amount of time in seconds a supplier should wait after "
|
|
|
5873fa |
- "a consumer sends back a busy response before making another "
|
|
|
5873fa |
- "attempt to acquire access.")
|
|
|
5873fa |
+ "a consumer sends back a busy response before making another attempt to acquire access.")
|
|
|
5873fa |
agmt_set_parser.add_argument('--session-pause-time', help="The amount of time in seconds a supplier should wait between update sessions.")
|
|
|
5873fa |
agmt_set_parser.add_argument('--flow-control-window', help="Sets the maximum number of entries and updates sent by a supplier, which are not acknowledged by the consumer.")
|
|
|
5873fa |
agmt_set_parser.add_argument('--flow-control-pause', help="The time in milliseconds to pause after reaching the number of entries and updates set in \"--flow-control-window\"")
|
|
|
5873fa |
@@ -1438,8 +1443,7 @@ def create_parser(subparsers):
|
|
|
5873fa |
winsync_agmt_add_parser.add_argument('--subtree-pair', help="Set the subtree pair: <DS_SUBTREE>:<WINDOWS_SUBTREE>")
|
|
|
5873fa |
winsync_agmt_add_parser.add_argument('--conn-timeout', help="The timeout used for replicaton connections")
|
|
|
5873fa |
winsync_agmt_add_parser.add_argument('--busy-wait-time', help="The amount of time in seconds a supplier should wait after "
|
|
|
5873fa |
- "a consumer sends back a busy response before making another "
|
|
|
5873fa |
- "attempt to acquire access.")
|
|
|
5873fa |
+ "a consumer sends back a busy response before making another attempt to acquire access.")
|
|
|
5873fa |
winsync_agmt_add_parser.add_argument('--session-pause-time', help="The amount of time in seconds a supplier should wait between update sessions.")
|
|
|
5873fa |
winsync_agmt_add_parser.add_argument('--init', action='store_true', default=False, help="Initialize the agreement after creating it.")
|
|
|
5873fa |
|
|
|
5873fa |
@@ -1468,8 +1472,7 @@ def create_parser(subparsers):
|
|
|
5873fa |
winsync_agmt_set_parser.add_argument('--subtree-pair', help="Set the subtree pair: <DS_SUBTREE>:<WINDOWS_SUBTREE>")
|
|
|
5873fa |
winsync_agmt_set_parser.add_argument('--conn-timeout', help="The timeout used for replicaton connections")
|
|
|
5873fa |
winsync_agmt_set_parser.add_argument('--busy-wait-time', help="The amount of time in seconds a supplier should wait after "
|
|
|
5873fa |
- "a consumer sends back a busy response before making another "
|
|
|
5873fa |
- "attempt to acquire access.")
|
|
|
5873fa |
+ "a consumer sends back a busy response before making another attempt to acquire access.")
|
|
|
5873fa |
winsync_agmt_set_parser.add_argument('--session-pause-time', help="The amount of time in seconds a supplier should wait between update sessions.")
|
|
|
5873fa |
|
|
|
5873fa |
# Get
|
|
|
5873fa |
diff --git a/src/lib389/lib389/replica.py b/src/lib389/lib389/replica.py
|
|
|
5873fa |
index e3fc7fe1f..f8adb3ce2 100644
|
|
|
5873fa |
--- a/src/lib389/lib389/replica.py
|
|
|
5873fa |
+++ b/src/lib389/lib389/replica.py
|
|
|
5873fa |
@@ -1779,15 +1779,18 @@ class BootstrapReplicationManager(DSLdapObject):
|
|
|
5873fa |
:type instance: lib389.DirSrv
|
|
|
5873fa |
:param dn: The dn to create
|
|
|
5873fa |
:type dn: str
|
|
|
5873fa |
+ :param rdn_attr: The attribute to use for the RDN
|
|
|
5873fa |
+ :type rdn_attr: str
|
|
|
5873fa |
"""
|
|
|
5873fa |
- def __init__(self, instance, dn='cn=replication manager,cn=config'):
|
|
|
5873fa |
+ def __init__(self, instance, dn='cn=replication manager,cn=config', rdn_attr='cn'):
|
|
|
5873fa |
super(BootstrapReplicationManager, self).__init__(instance, dn)
|
|
|
5873fa |
- self._rdn_attribute = 'cn'
|
|
|
5873fa |
+ self._rdn_attribute = rdn_attr
|
|
|
5873fa |
self._must_attributes = ['cn', 'userPassword']
|
|
|
5873fa |
self._create_objectclasses = [
|
|
|
5873fa |
'top',
|
|
|
5873fa |
- 'netscapeServer',
|
|
|
5873fa |
- 'nsAccount'
|
|
|
5873fa |
+ 'inetUser', # for uid
|
|
|
5873fa |
+ 'netscapeServer', # for cn
|
|
|
5873fa |
+ 'nsAccount', # for authentication attributes
|
|
|
5873fa |
]
|
|
|
5873fa |
if ds_is_older('1.4.0'):
|
|
|
5873fa |
self._create_objectclasses.remove('nsAccount')
|
|
|
5873fa |
--
|
|
|
5873fa |
2.26.2
|
|
|
5873fa |
|