Blame SOURCES/0009-Issue-51113-Allow-using-uid-for-replication-manager-.patch

5873fa
From 52ce524f7672563b543e84401665765cfa72dea5 Mon Sep 17 00:00:00 2001
5873fa
From: Mark Reynolds <mreynolds@redhat.com>
5873fa
Date: Tue, 26 May 2020 17:03:11 -0400
5873fa
Subject: [PATCH 09/12] Issue 51113 - Allow using uid for replication manager
5873fa
 entry
5873fa
5873fa
Bug Description:  Currently it was hardcoded to only allow "cn" as
5873fa
                  the rdn attribute for the replication manager entry.
5873fa
5873fa
Fix description:  Allow setting the rdn attribute of the replication
5873fa
                  manager DS ldap object, and include the schema that
5873fa
                  allows "uid".
5873fa
5873fa
relates:  https://pagure.io/389-ds-base/issue/51113
5873fa
5873fa
Reviewed by: spichugi & firstyear(Thanks!!)
5873fa
---
5873fa
 src/lib389/lib389/cli_conf/replication.py | 53 ++++++++++++-----------
5873fa
 src/lib389/lib389/replica.py              | 11 +++--
5873fa
 2 files changed, 35 insertions(+), 29 deletions(-)
5873fa
5873fa
diff --git a/src/lib389/lib389/cli_conf/replication.py b/src/lib389/lib389/cli_conf/replication.py
5873fa
index 09cb9b435..b9bc3d291 100644
5873fa
--- a/src/lib389/lib389/cli_conf/replication.py
5873fa
+++ b/src/lib389/lib389/cli_conf/replication.py
5873fa
@@ -199,19 +199,21 @@ def enable_replication(inst, basedn, log, args):
5873fa
 
5873fa
     # Create replication manager if password was provided
5873fa
     if args.bind_dn and args.bind_passwd:
5873fa
-        cn_rdn = args.bind_dn.split(",", 1)[0]
5873fa
-        cn_val = cn_rdn.split("=", 1)[1]
5873fa
-        manager = BootstrapReplicationManager(inst, dn=args.bind_dn)
5873fa
+        rdn = args.bind_dn.split(",", 1)[0]
5873fa
+        rdn_attr, rdn_val = rdn.split("=", 1)
5873fa
+        manager = BootstrapReplicationManager(inst, dn=args.bind_dn, rdn_attr=rdn_attr)
5873fa
         try:
5873fa
             manager.create(properties={
5873fa
-                'cn': cn_val,
5873fa
+                'cn': rdn_val,
5873fa
+                'uid': rdn_val,
5873fa
                 'userPassword': args.bind_passwd
5873fa
             })
5873fa
         except ldap.ALREADY_EXISTS:
5873fa
             # Already there, but could have different password.  Delete and recreate
5873fa
             manager.delete()
5873fa
             manager.create(properties={
5873fa
-                'cn': cn_val,
5873fa
+                'cn': rdn_val,
5873fa
+                'uid': rdn_val,
5873fa
                 'userPassword': args.bind_passwd
5873fa
             })
5873fa
         except ldap.NO_SUCH_OBJECT:
5873fa
@@ -511,22 +513,23 @@ def get_cl(inst, basedn, log, args):
5873fa
 
5873fa
 
5873fa
 def create_repl_manager(inst, basedn, log, args):
5873fa
-    manager_cn = "replication manager"
5873fa
+    manager_name = "replication manager"
5873fa
     repl_manager_password = ""
5873fa
     repl_manager_password_confirm = ""
5873fa
 
5873fa
     if args.name:
5873fa
-        manager_cn = args.name
5873fa
-
5873fa
-    if is_a_dn(manager_cn):
5873fa
-        # A full DN was provided, make sure it uses "cn" for the RDN
5873fa
-        if manager_cn.split("=", 1)[0].lower() != "cn":
5873fa
-            raise ValueError("Replication manager DN must use \"cn\" for the rdn attribute")
5873fa
-        manager_dn = manager_cn
5873fa
-        manager_rdn = manager_dn.split(",", 1)[0]
5873fa
-        manager_cn = manager_rdn.split("=", 1)[1]
5873fa
+        manager_name = args.name
5873fa
+
5873fa
+    if is_a_dn(manager_name):
5873fa
+        # A full DN was provided
5873fa
+        manager_dn = manager_name
5873fa
+        manager_rdn = manager_name.split(",", 1)[0]
5873fa
+        manager_attr, manager_name = manager_rdn.split("=", 1)
5873fa
+        if manager_attr.lower() not in ['cn', 'uid']:
5873fa
+            raise ValueError(f'The RDN attribute "{manager_attr}" is not allowed, you must use "cn" or "uid"')
5873fa
     else:
5873fa
-        manager_dn = "cn={},cn=config".format(manager_cn)
5873fa
+        manager_dn = "cn={},cn=config".format(manager_name)
5873fa
+        manager_attr = "cn"
5873fa
 
5873fa
     if args.passwd:
5873fa
         repl_manager_password = args.passwd
5873fa
@@ -544,10 +547,11 @@ def create_repl_manager(inst, basedn, log, args):
5873fa
                 repl_manager_password = ""
5873fa
                 repl_manager_password_confirm = ""
5873fa
 
5873fa
-    manager = BootstrapReplicationManager(inst, dn=manager_dn)
5873fa
+    manager = BootstrapReplicationManager(inst, dn=manager_dn, rdn_attr=manager_attr)
5873fa
     try:
5873fa
         manager.create(properties={
5873fa
-            'cn': manager_cn,
5873fa
+            'cn': manager_name,
5873fa
+            'uid': manager_name,
5873fa
             'userPassword': repl_manager_password
5873fa
         })
5873fa
         if args.suffix:
5873fa
@@ -564,7 +568,8 @@ def create_repl_manager(inst, basedn, log, args):
5873fa
         # Already there, but could have different password.  Delete and recreate
5873fa
         manager.delete()
5873fa
         manager.create(properties={
5873fa
-            'cn': manager_cn,
5873fa
+            'cn': manager_name,
5873fa
+            'uid': manager_name,
5873fa
             'userPassword': repl_manager_password
5873fa
         })
5873fa
         if args.suffix:
5873fa
@@ -954,6 +959,7 @@ def get_winsync_agmt_status(inst, basedn, log, args):
5873fa
     status = agmt.status(winsync=True, use_json=args.json)
5873fa
     log.info(status)
5873fa
 
5873fa
+
5873fa
 #
5873fa
 # Tasks
5873fa
 #
5873fa
@@ -1347,8 +1353,7 @@ def create_parser(subparsers):
5873fa
     agmt_set_parser.add_argument('--wait-async-results', help="The amount of time in milliseconds the server waits if "
5873fa
                                                               "the consumer is not ready before resending data")
5873fa
     agmt_set_parser.add_argument('--busy-wait-time', help="The amount of time in seconds a supplier should wait after "
5873fa
-                                                          "a consumer sends back a busy response before making another "
5873fa
-                                                          "attempt to acquire access.")
5873fa
+                                 "a consumer sends back a busy response before making another attempt to acquire access.")
5873fa
     agmt_set_parser.add_argument('--session-pause-time', help="The amount of time in seconds a supplier should wait between update sessions.")
5873fa
     agmt_set_parser.add_argument('--flow-control-window', help="Sets the maximum number of entries and updates sent by a supplier, which are not acknowledged by the consumer.")
5873fa
     agmt_set_parser.add_argument('--flow-control-pause', help="The time in milliseconds to pause after reaching the number of entries and updates set in \"--flow-control-window\"")
5873fa
@@ -1438,8 +1443,7 @@ def create_parser(subparsers):
5873fa
     winsync_agmt_add_parser.add_argument('--subtree-pair', help="Set the subtree pair: <DS_SUBTREE>:<WINDOWS_SUBTREE>")
5873fa
     winsync_agmt_add_parser.add_argument('--conn-timeout', help="The timeout used for replicaton connections")
5873fa
     winsync_agmt_add_parser.add_argument('--busy-wait-time', help="The amount of time in seconds a supplier should wait after "
5873fa
-                                                          "a consumer sends back a busy response before making another "
5873fa
-                                                          "attempt to acquire access.")
5873fa
+                                         "a consumer sends back a busy response before making another attempt to acquire access.")
5873fa
     winsync_agmt_add_parser.add_argument('--session-pause-time', help="The amount of time in seconds a supplier should wait between update sessions.")
5873fa
     winsync_agmt_add_parser.add_argument('--init', action='store_true', default=False, help="Initialize the agreement after creating it.")
5873fa
 
5873fa
@@ -1468,8 +1472,7 @@ def create_parser(subparsers):
5873fa
     winsync_agmt_set_parser.add_argument('--subtree-pair', help="Set the subtree pair: <DS_SUBTREE>:<WINDOWS_SUBTREE>")
5873fa
     winsync_agmt_set_parser.add_argument('--conn-timeout', help="The timeout used for replicaton connections")
5873fa
     winsync_agmt_set_parser.add_argument('--busy-wait-time', help="The amount of time in seconds a supplier should wait after "
5873fa
-                                                          "a consumer sends back a busy response before making another "
5873fa
-                                                          "attempt to acquire access.")
5873fa
+                                         "a consumer sends back a busy response before making another attempt to acquire access.")
5873fa
     winsync_agmt_set_parser.add_argument('--session-pause-time', help="The amount of time in seconds a supplier should wait between update sessions.")
5873fa
 
5873fa
     # Get
5873fa
diff --git a/src/lib389/lib389/replica.py b/src/lib389/lib389/replica.py
5873fa
index e3fc7fe1f..f8adb3ce2 100644
5873fa
--- a/src/lib389/lib389/replica.py
5873fa
+++ b/src/lib389/lib389/replica.py
5873fa
@@ -1779,15 +1779,18 @@ class BootstrapReplicationManager(DSLdapObject):
5873fa
     :type instance: lib389.DirSrv
5873fa
     :param dn: The dn to create
5873fa
     :type dn: str
5873fa
+    :param rdn_attr: The attribute to use for the RDN
5873fa
+    :type rdn_attr: str
5873fa
     """
5873fa
-    def __init__(self, instance, dn='cn=replication manager,cn=config'):
5873fa
+    def __init__(self, instance, dn='cn=replication manager,cn=config', rdn_attr='cn'):
5873fa
         super(BootstrapReplicationManager, self).__init__(instance, dn)
5873fa
-        self._rdn_attribute = 'cn'
5873fa
+        self._rdn_attribute = rdn_attr
5873fa
         self._must_attributes = ['cn', 'userPassword']
5873fa
         self._create_objectclasses = [
5873fa
             'top',
5873fa
-            'netscapeServer',
5873fa
-            'nsAccount'
5873fa
+            'inetUser',  # for uid
5873fa
+            'netscapeServer',  # for cn
5873fa
+            'nsAccount',  # for authentication attributes
5873fa
             ]
5873fa
         if ds_is_older('1.4.0'):
5873fa
             self._create_objectclasses.remove('nsAccount')
5873fa
-- 
5873fa
2.26.2
5873fa