rpms / freeipa

Clone
Source Code
GIT

Files

f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 main rawhide
  1.   f40
  2.   freeipa-support-389-ds-with-lmdb-backup.patch
Blob Blame History Raw 
From 677d30806662856595289525ef529a77adbf2272 Mon Sep 17 00:00:00 2001
From: Florence Blanc-Renaud <flo@redhat.com>
Date: Fri, 26 Jan 2024 13:26:48 +0100
Subject: [PATCH] ipa-backup: adapt for 389ds switch to LMDB

ipa-backup is relying on the presence of the directory
/var/lib/dirsrv/slapd-<INSTANCE>/db/ipaca/
to detect if the CA is installed on the server and backup
the ipaca backend.

With the switch to LMDB, this directory does not exist and the
backup is missing ipaca information.

Use lib389.cli_ctl.dblib.run_dbscan utility instead to
check if ipaca backend is present (this method has been
introduced in 389ds 2.1.0 and works with Berkeley DB and LMDB).

Fixes: https://pagure.io/freeipa/issue/9516
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
---
 freeipa.spec.in                 | 7 ++++---
 ipaserver/install/ipa_backup.py | 8 ++++++--
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index a091fee68..997a55d8d 100755
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -78,8 +78,8 @@
 %global ds_version 1.4.3.16-12
 %global selinux_policy_version 3.14.3-107
 %else
-# DNA interval enabled
-%global ds_version 2.0.5-1
+# version supporting LMDB and lib389.cli_ctl.dblib.run_dbscan utility
+%global ds_version 2.1.0
 %global selinux_policy_version 38.1.1-1
 %endif
 
@@ -124,10 +124,11 @@
 
 # Make sure to use 389-ds-base versions that fix https://github.com/389ds/389-ds-base/issues/4700
 # and has DNA interval enabled
+# version supporting LMDB and lib389.cli_ctl.dblib.run_dbscan utility
 %if 0%{?fedora} < 34
 %global ds_version 1.4.4.16-1
 %else
-%global ds_version 2.0.7-1
+%global ds_version 2.1.0
 %endif
 
 # Fix for TLS 1.3 PHA, RHBZ#1775146
diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py
index 2904c9e2e..f4fa73ff5 100644
--- a/ipaserver/install/ipa_backup.py
+++ b/ipaserver/install/ipa_backup.py
@@ -41,6 +41,7 @@ from ipaserver.install import installutils
 from ipapython import ipaldap
 from ipaplatform.constants import constants
 from ipaplatform.tasks import tasks
+from lib389.cli_ctl.dblib import run_dbscan
 
 # pylint: disable=import-error
 if six.PY3:
@@ -337,8 +338,11 @@ class Backup(admintool.AdminTool):
             instance = ipaldap.realm_to_serverid(api.env.realm)
             if os.path.exists(paths.VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE %
                               instance):
-                if os.path.exists(paths.SLAPD_INSTANCE_DB_DIR_TEMPLATE %
-                                  (instance, 'ipaca')):
+                # Check existence of ipaca backend
+                dbpath = (paths.SLAPD_INSTANCE_DB_DIR_TEMPLATE %
+                          (instance, ""))
+                output = run_dbscan(['-L', dbpath])
+                if 'ipaca/' in output:
                     self.db2ldif(instance, 'ipaca', online=options.online)
                 self.db2ldif(instance, 'userRoot', online=options.online)
                 self.db2bak(instance, online=options.online)
-- 
2.43.0
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.