Client install checks for nss_ldap

In order to check presence of nss_ldap or nss-pam-ldapd when installing
client with '--no-sssd' option there was added code into ipa-client-install.
Checking is based on existence of one of nss_ldap configuration files.
This configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or
'/etc/libnss_ldap.conf'. Optionaly the nss_ldap could cooperate with
pam_ldap module and hence the presence of it is checked by looking for
'pam_ldap.conf' file. Existence of nss-pam-ldapd is checked against
existence of 'nslcd.conf' file. All this checking is done by function
nssldap_exists(). Because both modules are maintained by two different
functions, the function returns tuple containing return code and dictionary
structure - its key is name of target function and value is list of existing
configuration files. Files to check are specified inside the
nssldap_exists() function. nssldap_exists() also returns True if any of
the mandatory files was found, otherwise returns False.

In order to fit the returned values, the functions
configure_{ldap|nslcd}_conf() were slightly modified. They accept one more
parameter which is list of existing files.  They are not checking existence
of above mentioned files anymore.

https://fedorahosted.org/freeipa/ticket/2063
This commit is contained in:
Ondrej Hamada 2011-12-05 10:19:10 +01:00 committed by Rob Crittenden
parent 181e6da9d8
commit 005b74d869

View File

@ -145,6 +145,27 @@ def nickname_exists(nickname):
else:
return False
# Checks whether nss_ldap or nss-pam-ldapd is installed. If anyone of mandatory files was found returns True and list of all files found.
def nssldap_exists():
files_to_check = [{'function':'configure_ldap_conf', 'mandatory':['/etc/ldap.conf','/etc/nss_ldap.conf','/etc/libnss-ldap.conf'], 'optional':['/etc/pam_ldap.conf']},
{'function':'configure_nslcd_conf', 'mandatory':['/etc/nslcd.conf']}]
files_found = {}
retval = False
for function in files_to_check:
files_found[function['function']]=[]
for file_type in ['mandatory','optional']:
try:
for filename in function[file_type]:
if file_exists(filename):
files_found[function['function']].append(filename)
if file_type == 'mandatory':
retval = True
except KeyError:
pass
return (retval, files_found)
def emit_quiet(quiet, message):
if not quiet:
print message
@ -409,7 +430,7 @@ def configure_ipa_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server):
return 0
def configure_ldap_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options):
def configure_ldap_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options, files):
ldapconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer")
ldapconf.setOptionAssignment(" ")
@ -440,24 +461,22 @@ def configure_ldap_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, d
opts.append({'name':'empty', 'type':'empty'})
ret = (0, None, None)
files = []
# Depending on the release and distribution this may exist in any
# number of different file names, update what we find
for filename in ['/etc/ldap.conf', '/etc/nss_ldap.conf', '/etc/libnss-ldap.conf', '/etc/pam_ldap.conf']:
if file_exists(filename):
try:
fstore.backup_file(filename)
ldapconf.newConf(filename, opts)
files.append(filename)
except Exception, e:
print "Creation of %s: %s" % (filename, str(e))
return (1, 'LDAP', filename)
for filename in files:
try:
fstore.backup_file(filename)
ldapconf.newConf(filename, opts)
except Exception, e:
print "Creation of %s: %s" % (filename, str(e))
return (1, 'LDAP', filename)
if files:
return (0, 'LDAP', ', '.join(files))
return ret
def configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options):
def configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options, files):
nslcdconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer")
nslcdconf.setOptionAssignment(" ")
@ -481,12 +500,12 @@ def configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server,
opts.append({'name':'empty', 'type':'empty'})
if file_exists('/etc/nslcd.conf'):
for filename in files:
try:
fstore.backup_file('/etc/nslcd.conf')
nslcdconf.newConf('/etc/nslcd.conf', opts)
fstore.backup_file(filename)
nslcdconf.newConf(filename, opts)
except Exception, e:
print "Creation of %s: %s" % ('/etc/nslcd.conf', str(e))
print "Creation of %s: %s" % (filename, str(e))
return (1, None, None)
nslcd = ipaservices.knownservices.nslcd
@ -505,7 +524,7 @@ def configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server,
root_logger.debug("%s daemon is not installed, skip configuration" % (nslcd.service_name))
return (0, None, None)
return (0, 'NSLCD', '/etc/nslcd.conf')
return (0, 'NSLCD', ', '.join(files))
def hardcode_ldap_server(cli_server):
"""
@ -851,6 +870,13 @@ def install(options, env, fstore, statestore):
print 'Invalid hostname \'%s\', must be lower-case.' % hostname
return CLIENT_INSTALL_ERROR
# when installing with '--no-sssd' option, check whether nss-ldap is installed
if not options.sssd:
(nssldap_installed, nosssd_files) = nssldap_exists()
if not nssldap_installed:
print "One of these packages must be installed: nss_ldap or nss-pam-ldapd"
return CLIENT_INSTALL_ERROR
# Create the discovery instance
ds = ipadiscovery.IPADiscovery()
@ -1183,7 +1209,7 @@ def install(options, env, fstore, statestore):
# change its configuration otherways
if not options.sssd:
for configurer in [configure_ldap_conf, configure_nslcd_conf]:
(retcode, conf, filename) = configurer(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options)
(retcode, conf, filename) = configurer(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options, nosssd_files[configurer.__name__])
if retcode:
return CLIENT_INSTALL_ERROR
if conf: