Refactor dsinstance ldap modify code

Just a patch to refactor lots of similar code in dsinstance and krbinstance using a simple helper method. Note, there are some differences: - Some code used to call ldapmodify without -h 127.0.0.1 - Some of the code used to just print an error rather than using logging.critical() - Some code used to log some extra debug Signed-off-by: Mark McLoughlin <markmc@redhat.com>
2025-02-25 18:55:28 -06:00 · 2007-12-13 09:31:28 +00:00 · 2007-12-13 09:31:28 +00:00 · 065827d6e1
commit 065827d6e1
parent 7ba901d777
3 changed files with 61 additions and 117 deletions
--- a/ipa-radius-server/plugins/radiusinstance.py
+++ b/ipa-radius-server/plugins/radiusinstance.py
@ -44,10 +44,6 @@ from ipaserver.funcs import DefaultUserContainer, DefaultGroupContainer

 #-------------------------------------------------------------------------------

-def ldap_mod(fd, dn, pwd):
-    args = ["/usr/bin/ldapmodify", "-h", "127.0.0.1", "-xv", "-D", dn, "-w", pwd, "-f", fd.name]
-    ipautil.run(args)
-
 def get_radius_version():
    version = None
    try:
@ -157,17 +153,26 @@ class RadiusInstance(service.Service):
        except Exception, e:
            logging.error("could not chown on %s to %s: %s", radius_util.RADIUS_IPA_KEYTAB_FILEPATH, radius_util.RADIUS_USER, e)

+    def __ldap_mod(self, step, ldif):
+        self.step(step)
+
+        txt = iputil.template_file(ipautil.SHARE_DIR + ldif, self.sub_dict)
+        fd = ipautil.write_tmp_file(txt)
+
+        args = ["/usr/bin/ldapmodify", "-h", "127.0.0.1", "-xv",
+                "-D", "cn=Directory Manager", "-w", self.dm_password, "-f", fd.name]
+
+        try:
+            ipautil.run(args)
+        except ipautil.CalledProcessError, e:
+            logging.critical("Failed to load %s: %s" % (ldif, str(e)))
+
+        fd.close()
+
    #FIXME, should use IPAdmin method
    def __set_ldap_encrypted_attributes(self):
-        ldif_file = 'encrypted_attribute.ldif'
-        self.step("setting ldap encrypted attributes")
-        ldif_txt = ipautil.template_file(ipautil.SHARE_DIR + ldif_file, {'ENCRYPTED_ATTRIBUTE':'radiusClientSecret'})
-        ldif_fd = ipautil.write_tmp_file(ldif_txt)
-        try:
-            ldap_mod(ldif_fd, "cn=Directory Manager", self.dm_password)
-        except ipautil.CalledProcessError, e:
-            logging.critical("Failed to load %s: %s" % (ldif_file, str(e)))
-        ldif_fd.close()
+        self.__ldap_mod("setting ldap encrypted attributes",
+                        "encrypted_attribute.ldif", {"ENCRYPTED_ATTRIBUTE" : "radiusClientSecret"})

 #-------------------------------------------------------------------------------

--- a/ipa-server/ipaserver/dsinstance.py
+++ b/ipa-server/ipaserver/dsinstance.py
@ -35,10 +35,6 @@ import ipaldap, ldap
 SERVER_ROOT_64 = "/usr/lib64/dirsrv"
 SERVER_ROOT_32 = "/usr/lib/dirsrv"

-def ldap_mod(fd, dn, pwd):
-    args = ["/usr/bin/ldapmodify", "-h", "127.0.0.1", "-xv", "-D", dn, "-w", pwd, "-f", fd.name]
-    ipautil.run(args)
-
 def realm_to_suffix(realm_name):
    s = realm_name.split(".")
    terms = ["dc=" + x.lower() for x in s]
@ -229,65 +225,39 @@ class DsInstance(service.Service):
        shutil.copyfile(ipautil.SHARE_DIR + "60ipaconfig.ldif",
                        schema_dirname(self.realm_name) + "60ipaconfig.ldif")

-    def __add_memberof_module(self):
-        self.step("enabling memboerof plugin")
-        memberof_txt = ipautil.template_file(ipautil.SHARE_DIR + "memberof-conf.ldif", self.sub_dict)
-        memberof_fd = ipautil.write_tmp_file(memberof_txt)
+    def __ldap_mod(self, step, ldif):
+        self.step(step)
+
+        txt = ipautil.template_file(ipautil.SHARE_DIR + ldif, self.sub_dict)
+        fd = ipautil.write_tmp_file(txt)
+
+        args = ["/usr/bin/ldapmodify", "-h", "127.0.0.1", "-xv",
+                "-D", "cn=Directory Manager", "-w", self.dm_password, "-f", fd.name]
+
        try:
-            ldap_mod(memberof_fd, "cn=Directory Manager", self.dm_password)
+            ipautil.run(args)
        except ipautil.CalledProcessError, e:
-            logging.critical("Failed to load memberof-conf.ldif: %s" % str(e))
-        memberof_fd.close()
+            logging.critical("Failed to load %s: %s" % (ldif, str(e)))
+
+        fd.close()
+
+    def __add_memberof_module(self):
+        self.__ldap_mod("enabling memberof plugin", "memberof-conf.ldif")

    def __init_memberof(self):
-        self.step("initializing group membership")
-        memberof_txt = ipautil.template_file(ipautil.SHARE_DIR + "memberof-task.ldif", self.sub_dict)
-        memberof_fd = ipautil.write_tmp_file(memberof_txt)
-        try:
-            ldap_mod(memberof_fd, "cn=Directory Manager", self.dm_password)
-        except ipautil.CalledProcessError, e:
-            logging.critical("Failed to load memberof-conf.ldif: %s" % str(e))
-        memberof_fd.close()
+        self.__ldap_mod("initializing group membership", "memberof-task.ldif")

    def __add_referint_module(self):
-        self.step("enabling referential integrity plugin")
-        referint_txt = ipautil.template_file(ipautil.SHARE_DIR + "referint-conf.ldif", self.sub_dict)
-        referint_fd = ipautil.write_tmp_file(referint_txt)
-        try:
-            ldap_mod(referint_fd, "cn=Directory Manager", self.dm_password)
-        except ipautil.CalledProcessError, e:
-            print "Failed to load referint-conf.ldif", e
-        referint_fd.close()
+        self.__ldap_mod("enabling referential integrity plugin", "referint-conf.ldif")

    def __add_dna_module(self):
-        self.step("enabling distributed numeric assignment plugin")
-        dna_txt = ipautil.template_file(ipautil.SHARE_DIR + "dna-conf.ldif", self.sub_dict)
-        dna_fd = ipautil.write_tmp_file(dna_txt)
-        try:
-            ldap_mod(dna_fd, "cn=Directory Manager", self.dm_password)
-        except ipautil.CalledProcessError, e:
-            print "Failed to load dna-conf.ldif", e
-        dna_fd.close()
+        self.__ldap_mod("enabling distributed numeric assignment plugin", "dna-conf.ldif")

    def __config_uidgid_gen_first_master(self):
-        self.step("configuring Posix uid/gid generation as first master")
-        dna_txt = ipautil.template_file(ipautil.SHARE_DIR + "dna-posix.ldif", self.sub_dict)
-        dna_fd = ipautil.write_tmp_file(dna_txt)
-        try:
-            ldap_mod(dna_fd, "cn=Directory Manager", self.dm_password)
-        except ipautil.CalledProcessError, e:
-            print "Failed to configure Posix uid/gid generation with dna-posix.ldif", e
-        dna_fd.close()
+        self.__ldap_mod("configuring Posix uid/gid generation as first master", "dna-posix.ldif")

    def __add_master_entry_first_master(self):
-        self.step("adding master entry as first master")
-        master_txt = ipautil.template_file(ipautil.SHARE_DIR + "master-entry.ldif", self.sub_dict)
-        master_fd = ipautil.write_tmp_file(master_txt)
-        try:
-            ldap_mod(master_fd, "cn=Directory Manager", self.dm_password)
-        except ipautil.CalledProcessError, e:
-            print "Failed to add master-entry.ldif", e
-        master_fd.close()
+        self.__ldap_mod("adding master entry as first master", "master-entry.ldif")

    def __enable_ssl(self):
        self.step("configuring ssl for ds instance")
@ -324,31 +294,10 @@ class DsInstance(service.Service):
        conn.unbind()

    def __add_default_layout(self):
-        self.step("adding default layout")
-        txt = ipautil.template_file(ipautil.SHARE_DIR + "bootstrap-template.ldif", self.sub_dict)
-        inf_fd = ipautil.write_tmp_file(txt)
-        logging.debug("adding default dfrom ipa.ipautil import *s layout")
-        args = ["/usr/bin/ldapmodify", "-xv", "-D", "cn=Directory Manager",
-                "-w", self.dm_password, "-f", inf_fd.name]
-        try:
-            ipautil.run(args)
-            logging.debug("done adding default ds layout")
-        except ipautil.CalledProcessError, e:
-            print "Failed to add default ds layout", e
-            logging.critical("Failed to add default ds layout %s" % e)
+        self.__ldap_mod("adding default layout", "bootstrap-template.ldif")
        
    def __create_indeces(self):
-        self.step("creating indeces")
-        txt = ipautil.template_file(ipautil.SHARE_DIR + "indeces.ldif", self.sub_dict)
-        inf_fd = ipautil.write_tmp_file(txt)
-        logging.debug("adding/updating indeces")
-        args = ["/usr/bin/ldapmodify", "-xv", "-D", "cn=Directory Manager",
-                "-w", self.dm_password, "-f", inf_fd.name]
-        try:
-            ipautil.run(args)
-            logging.debug("done adding/updating indeces")
-        except ipautil.CalledProcessError, e:
-            logging.critical("Failed to add/update indeces %s" % str(e))
+        self.__ldap_mod("creating indeces", "indeces.ldif")

    def __certmap_conf(self):
        self.step("configuring certmap.conf")
--- a/ipa-server/ipaserver/krbinstance.py
+++ b/ipa-server/ipaserver/krbinstance.py
@ -52,10 +52,6 @@ def host_to_domain(fqdn):
    s = fqdn.split(".")
    return ".".join(s[1:])

-def ldap_mod(fd, dn, pwd):
-    args = ["/usr/bin/ldapmodify", "-h", "127.0.0.1", "-xv", "-D", dn, "-w", pwd, "-f", fd.name]
-    ipautil.run(args)
-
 def update_key_val_in_file(filename, key, val):
    if os.path.exists(filename):
        pattern = "^[\s#]*%s\s*=\s*%s\s*" % (re.escape(key), re.escape(val))
@ -139,7 +135,7 @@ class KrbInstance(service.Service):

        self.__common_setup(ds_user, realm_name, host_name, admin_password)

-        self.start_creation(11, "Configuring Kerberos KDC")
+        self.start_creation(12, "Configuring Kerberos KDC")
        
        self.__configure_kdc_account_password()
        self.__configure_sasl_mappings()
@ -195,6 +191,22 @@ class KrbInstance(service.Service):
                             HOST=self.host,
                             REALM=self.realm)

+    def __ldap_mod(self, step, ldif):
+        self.step(step)
+
+        txt = ipautil.template_file(ipautil.SHARE_DIR + ldif, self.sub_dict)
+        fd = ipautil.write_tmp_file(txt)
+
+        args = ["/usr/bin/ldapmodify", "-h", "127.0.0.1", "-xv",
+                "-D", "cn=Directory Manager", "-w", self.admin_password, "-f", fd.name]
+
+        try:
+            ipautil.run(args)
+        except ipautil.CalledProcessError, e:
+            logging.critical("Failed to load %s: %s" % (ldif, str(e)))
+
+        fd.close()
+
    def __configure_sasl_mappings(self):
        self.step("adding sasl mappings to the directory")
        # we need to remove any existing SASL mappings in the directory as otherwise they
@ -246,25 +258,10 @@ class KrbInstance(service.Service):
            raise e

    def __add_krb_entries(self):
-        self.step("adding kerberos entries to the DS")
-
-        #TODO: test that the ldif is ok with any random charcter we may use in the password
-        kerberos_txt = ipautil.template_file(ipautil.SHARE_DIR + "kerberos.ldif", self.sub_dict)
-        kerberos_fd = ipautil.write_tmp_file(kerberos_txt)
-        try:
-            ldap_mod(kerberos_fd, "cn=Directory Manager", self.admin_password)
-        except ipautil.CalledProcessError, e:
-            logging.critical("Failed to load kerberos.ldif: %s" % str(e))
-        kerberos_fd.close()
+        self.__ldap_mod("adding kerberos entries to the DS", "kerberos.ldif")

 	#Change the default ACL to avoid anonimous access to kerberos keys and othe hashes
-        aci_txt = ipautil.template_file(ipautil.SHARE_DIR + "default-aci.ldif", self.sub_dict)
-        aci_fd = ipautil.write_tmp_file(aci_txt) 
-        try:
-            ldap_mod(aci_fd, "cn=Directory Manager", self.admin_password)
-        except ipautil.CalledProcessError, e:
-            logging.critical("Failed to load default-aci.ldif: %s" % str(e))
-        aci_fd.close()
+        self.__ldap_mod("adding defalt ACIs", "default-aci.ldif")

    def __create_instance(self, replica=False):
        self.step("configuring KDC")
@ -325,14 +322,7 @@ class KrbInstance(service.Service):

    #add the password extop module
    def __add_pwd_extop_module(self):
-        self.step("adding the password extenstion to the directory")
-        extop_txt = ipautil.template_file(ipautil.SHARE_DIR + "pwd-extop-conf.ldif", self.sub_dict)
-        extop_fd = ipautil.write_tmp_file(extop_txt)
-        try:
-            ldap_mod(extop_fd, "cn=Directory Manager", self.admin_password)
-        except ipautil.CalledProcessError, e:
-            logging.critical("Failed to load pwd-extop-conf.ldif: %s" % str(e))
-        extop_fd.close()
+        self.__ldap_mod("adding the password extenstion to the directory", "pwd-extop-conf.ldif")

        #get the Master Key from the stash file
        try: