freeipa

Clone
Source Code
GIT

dc22527 Add safe updates for objectClasses

2 files Authored by mkosek 11 years ago, Committed by rcritten 11 years ago,
raw patch tree parent
2 files changed. 52 lines added. 2 lines removed.
install/updates/10-bind-schema.update
file modified
+2 -0
ipaserver/install/ldapupdate.py
file modified
+50 -2 
    Add safe updates for objectClasses
    
    Current objectclass updates in a form of "replace" update instruction
    dependent on exact match of the old object class specification in the
    update instruction and the real value in LDAP. However, this approach is
    very error prone as object class definition can easily differ as for
    example because of unexpected X-ORIGIN value. Such objectclass update
    failures may lead to serious malfunctions later.
    
    When comparing the objectclasses, make sure we normalize them both
    before we compare them to mitigate these kinds of errors. python-ldap's
    objectclass model can be utilized to do the normalization part.
    
    One objectclass update instruction was changed to do a replace of
    an objectclass separately from add update instruction so that we
    really only replace what's stored in LDAP.
    
    https://fedorahosted.org/freeipa/ticket/2440
file modified
+2 -0
file modified
+50 -2
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.