From 2695789db45c2e7fe92e53a49521dc22fdffe317 Mon Sep 17 00:00:00 2001 From: Mark Reynolds Date: Wed, 28 Oct 2020 10:34:31 -0400 Subject: [PATCH] New validation efforts in 389-ds-base require that the backend entry for a database be created before the mapping tree entry. This enforces that the mapping tree entry (the suffix) actually belongs to an existing backend. For IPA we simply need to reverse the order of the backend vs mapping tree creation in cainstance.py -> __create_ds_db() Fixes: https://pagure.io/freeipa/issue/8558 --- ipaserver/install/cainstance.py | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index fca829de094..1c2fab1dffb 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -1162,17 +1162,6 @@ def __create_ds_db(self): backend = 'ipaca' suffix = DN(('o', 'ipaca')) - # replication - dn = DN(('cn', str(suffix)), ('cn', 'mapping tree'), ('cn', 'config')) - entry = api.Backend.ldap2.make_entry( - dn, - objectclass=["top", "extensibleObject", "nsMappingTree"], - cn=[suffix], - ) - entry['nsslapd-state'] = ['Backend'] - entry['nsslapd-backend'] = [backend] - api.Backend.ldap2.add_entry(entry) - # database dn = DN(('cn', 'ipaca'), ('cn', 'ldbm database'), ('cn', 'plugins'), ('cn', 'config')) @@ -1184,6 +1173,17 @@ def __create_ds_db(self): entry['nsslapd-suffix'] = [suffix] api.Backend.ldap2.add_entry(entry) + # replication + dn = DN(('cn', str(suffix)), ('cn', 'mapping tree'), ('cn', 'config')) + entry = api.Backend.ldap2.make_entry( + dn, + objectclass=["top", "extensibleObject", "nsMappingTree"], + cn=[suffix], + ) + entry['nsslapd-state'] = ['Backend'] + entry['nsslapd-backend'] = [backend] + api.Backend.ldap2.add_entry(entry) + def __setup_replication(self): repl = replication.CAReplicationManager(self.realm, self.fqdn) repl.setup_cs_replication(self.master_host)