Title: #3269: [ipa-4-6] DL0 replica install: fix nsDS5ReplicaBindDN config
When setting up a 4.x replica in DL0 from a 3.x replica, the first 4.x
replica installation succeeds but if a second 4.x replica is configured,
the replication is not properly set.
This happens because the replica setup needs to add nsDS5ReplicaBindDN:
krbprincipalname=ldap/replica@DOMAIN to the entry
cn=replica,cn=...,cn=mapping tree,cn=config in order to allow replication
(on the 3.x master, the replication manager group is not supported yet).
The issue is that this attribute is added only when the entry
does not exist. This condition is true for the first replica install but false
for the second replica install.
The fix consists in checking if the remote server has ds version < 1.3.0
(in this case it is a 3.x server). If it's the case, the installer
will use nsDS5ReplicaBindDN attribute with the replica krbprincipalname.
Otherwise the nsDS5ReplicaBindDN attribute will use the replication manager
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/3269/head:pr3269
git checkout pr3269