Refactor dsinstance ldap modify code

Just a patch to refactor lots of similar code in
dsinstance and krbinstance using a simple helper
method.

Note, there are some differences:
  - Some code used to call ldapmodify without -h 127.0.0.1
  - Some of the code used to just print an error rather than
    using logging.critical()
  - Some code used to log some extra debug

Signed-off-by: Mark McLoughlin <markmc@redhat.com>
This commit is contained in:
Mark McLoughlin 2007-12-13 09:31:28 +00:00
parent 7ba901d777
commit 065827d6e1
3 changed files with 61 additions and 117 deletions

View File

@ -44,10 +44,6 @@ from ipaserver.funcs import DefaultUserContainer, DefaultGroupContainer
#-------------------------------------------------------------------------------
def ldap_mod(fd, dn, pwd):
args = ["/usr/bin/ldapmodify", "-h", "127.0.0.1", "-xv", "-D", dn, "-w", pwd, "-f", fd.name]
ipautil.run(args)
def get_radius_version():
version = None
try:
@ -157,17 +153,26 @@ class RadiusInstance(service.Service):
except Exception, e:
logging.error("could not chown on %s to %s: %s", radius_util.RADIUS_IPA_KEYTAB_FILEPATH, radius_util.RADIUS_USER, e)
def __ldap_mod(self, step, ldif):
self.step(step)
txt = iputil.template_file(ipautil.SHARE_DIR + ldif, self.sub_dict)
fd = ipautil.write_tmp_file(txt)
args = ["/usr/bin/ldapmodify", "-h", "127.0.0.1", "-xv",
"-D", "cn=Directory Manager", "-w", self.dm_password, "-f", fd.name]
try:
ipautil.run(args)
except ipautil.CalledProcessError, e:
logging.critical("Failed to load %s: %s" % (ldif, str(e)))
fd.close()
#FIXME, should use IPAdmin method
def __set_ldap_encrypted_attributes(self):
ldif_file = 'encrypted_attribute.ldif'
self.step("setting ldap encrypted attributes")
ldif_txt = ipautil.template_file(ipautil.SHARE_DIR + ldif_file, {'ENCRYPTED_ATTRIBUTE':'radiusClientSecret'})
ldif_fd = ipautil.write_tmp_file(ldif_txt)
try:
ldap_mod(ldif_fd, "cn=Directory Manager", self.dm_password)
except ipautil.CalledProcessError, e:
logging.critical("Failed to load %s: %s" % (ldif_file, str(e)))
ldif_fd.close()
self.__ldap_mod("setting ldap encrypted attributes",
"encrypted_attribute.ldif", {"ENCRYPTED_ATTRIBUTE" : "radiusClientSecret"})
#-------------------------------------------------------------------------------

View File

@ -35,10 +35,6 @@ import ipaldap, ldap
SERVER_ROOT_64 = "/usr/lib64/dirsrv"
SERVER_ROOT_32 = "/usr/lib/dirsrv"
def ldap_mod(fd, dn, pwd):
args = ["/usr/bin/ldapmodify", "-h", "127.0.0.1", "-xv", "-D", dn, "-w", pwd, "-f", fd.name]
ipautil.run(args)
def realm_to_suffix(realm_name):
s = realm_name.split(".")
terms = ["dc=" + x.lower() for x in s]
@ -229,65 +225,39 @@ class DsInstance(service.Service):
shutil.copyfile(ipautil.SHARE_DIR + "60ipaconfig.ldif",
schema_dirname(self.realm_name) + "60ipaconfig.ldif")
def __add_memberof_module(self):
self.step("enabling memboerof plugin")
memberof_txt = ipautil.template_file(ipautil.SHARE_DIR + "memberof-conf.ldif", self.sub_dict)
memberof_fd = ipautil.write_tmp_file(memberof_txt)
def __ldap_mod(self, step, ldif):
self.step(step)
txt = ipautil.template_file(ipautil.SHARE_DIR + ldif, self.sub_dict)
fd = ipautil.write_tmp_file(txt)
args = ["/usr/bin/ldapmodify", "-h", "127.0.0.1", "-xv",
"-D", "cn=Directory Manager", "-w", self.dm_password, "-f", fd.name]
try:
ldap_mod(memberof_fd, "cn=Directory Manager", self.dm_password)
ipautil.run(args)
except ipautil.CalledProcessError, e:
logging.critical("Failed to load memberof-conf.ldif: %s" % str(e))
memberof_fd.close()
logging.critical("Failed to load %s: %s" % (ldif, str(e)))
fd.close()
def __add_memberof_module(self):
self.__ldap_mod("enabling memberof plugin", "memberof-conf.ldif")
def __init_memberof(self):
self.step("initializing group membership")
memberof_txt = ipautil.template_file(ipautil.SHARE_DIR + "memberof-task.ldif", self.sub_dict)
memberof_fd = ipautil.write_tmp_file(memberof_txt)
try:
ldap_mod(memberof_fd, "cn=Directory Manager", self.dm_password)
except ipautil.CalledProcessError, e:
logging.critical("Failed to load memberof-conf.ldif: %s" % str(e))
memberof_fd.close()
self.__ldap_mod("initializing group membership", "memberof-task.ldif")
def __add_referint_module(self):
self.step("enabling referential integrity plugin")
referint_txt = ipautil.template_file(ipautil.SHARE_DIR + "referint-conf.ldif", self.sub_dict)
referint_fd = ipautil.write_tmp_file(referint_txt)
try:
ldap_mod(referint_fd, "cn=Directory Manager", self.dm_password)
except ipautil.CalledProcessError, e:
print "Failed to load referint-conf.ldif", e
referint_fd.close()
self.__ldap_mod("enabling referential integrity plugin", "referint-conf.ldif")
def __add_dna_module(self):
self.step("enabling distributed numeric assignment plugin")
dna_txt = ipautil.template_file(ipautil.SHARE_DIR + "dna-conf.ldif", self.sub_dict)
dna_fd = ipautil.write_tmp_file(dna_txt)
try:
ldap_mod(dna_fd, "cn=Directory Manager", self.dm_password)
except ipautil.CalledProcessError, e:
print "Failed to load dna-conf.ldif", e
dna_fd.close()
self.__ldap_mod("enabling distributed numeric assignment plugin", "dna-conf.ldif")
def __config_uidgid_gen_first_master(self):
self.step("configuring Posix uid/gid generation as first master")
dna_txt = ipautil.template_file(ipautil.SHARE_DIR + "dna-posix.ldif", self.sub_dict)
dna_fd = ipautil.write_tmp_file(dna_txt)
try:
ldap_mod(dna_fd, "cn=Directory Manager", self.dm_password)
except ipautil.CalledProcessError, e:
print "Failed to configure Posix uid/gid generation with dna-posix.ldif", e
dna_fd.close()
self.__ldap_mod("configuring Posix uid/gid generation as first master", "dna-posix.ldif")
def __add_master_entry_first_master(self):
self.step("adding master entry as first master")
master_txt = ipautil.template_file(ipautil.SHARE_DIR + "master-entry.ldif", self.sub_dict)
master_fd = ipautil.write_tmp_file(master_txt)
try:
ldap_mod(master_fd, "cn=Directory Manager", self.dm_password)
except ipautil.CalledProcessError, e:
print "Failed to add master-entry.ldif", e
master_fd.close()
self.__ldap_mod("adding master entry as first master", "master-entry.ldif")
def __enable_ssl(self):
self.step("configuring ssl for ds instance")
@ -324,31 +294,10 @@ class DsInstance(service.Service):
conn.unbind()
def __add_default_layout(self):
self.step("adding default layout")
txt = ipautil.template_file(ipautil.SHARE_DIR + "bootstrap-template.ldif", self.sub_dict)
inf_fd = ipautil.write_tmp_file(txt)
logging.debug("adding default dfrom ipa.ipautil import *s layout")
args = ["/usr/bin/ldapmodify", "-xv", "-D", "cn=Directory Manager",
"-w", self.dm_password, "-f", inf_fd.name]
try:
ipautil.run(args)
logging.debug("done adding default ds layout")
except ipautil.CalledProcessError, e:
print "Failed to add default ds layout", e
logging.critical("Failed to add default ds layout %s" % e)
self.__ldap_mod("adding default layout", "bootstrap-template.ldif")
def __create_indeces(self):
self.step("creating indeces")
txt = ipautil.template_file(ipautil.SHARE_DIR + "indeces.ldif", self.sub_dict)
inf_fd = ipautil.write_tmp_file(txt)
logging.debug("adding/updating indeces")
args = ["/usr/bin/ldapmodify", "-xv", "-D", "cn=Directory Manager",
"-w", self.dm_password, "-f", inf_fd.name]
try:
ipautil.run(args)
logging.debug("done adding/updating indeces")
except ipautil.CalledProcessError, e:
logging.critical("Failed to add/update indeces %s" % str(e))
self.__ldap_mod("creating indeces", "indeces.ldif")
def __certmap_conf(self):
self.step("configuring certmap.conf")

View File

@ -52,10 +52,6 @@ def host_to_domain(fqdn):
s = fqdn.split(".")
return ".".join(s[1:])
def ldap_mod(fd, dn, pwd):
args = ["/usr/bin/ldapmodify", "-h", "127.0.0.1", "-xv", "-D", dn, "-w", pwd, "-f", fd.name]
ipautil.run(args)
def update_key_val_in_file(filename, key, val):
if os.path.exists(filename):
pattern = "^[\s#]*%s\s*=\s*%s\s*" % (re.escape(key), re.escape(val))
@ -139,7 +135,7 @@ class KrbInstance(service.Service):
self.__common_setup(ds_user, realm_name, host_name, admin_password)
self.start_creation(11, "Configuring Kerberos KDC")
self.start_creation(12, "Configuring Kerberos KDC")
self.__configure_kdc_account_password()
self.__configure_sasl_mappings()
@ -195,6 +191,22 @@ class KrbInstance(service.Service):
HOST=self.host,
REALM=self.realm)
def __ldap_mod(self, step, ldif):
self.step(step)
txt = ipautil.template_file(ipautil.SHARE_DIR + ldif, self.sub_dict)
fd = ipautil.write_tmp_file(txt)
args = ["/usr/bin/ldapmodify", "-h", "127.0.0.1", "-xv",
"-D", "cn=Directory Manager", "-w", self.admin_password, "-f", fd.name]
try:
ipautil.run(args)
except ipautil.CalledProcessError, e:
logging.critical("Failed to load %s: %s" % (ldif, str(e)))
fd.close()
def __configure_sasl_mappings(self):
self.step("adding sasl mappings to the directory")
# we need to remove any existing SASL mappings in the directory as otherwise they
@ -246,25 +258,10 @@ class KrbInstance(service.Service):
raise e
def __add_krb_entries(self):
self.step("adding kerberos entries to the DS")
#TODO: test that the ldif is ok with any random charcter we may use in the password
kerberos_txt = ipautil.template_file(ipautil.SHARE_DIR + "kerberos.ldif", self.sub_dict)
kerberos_fd = ipautil.write_tmp_file(kerberos_txt)
try:
ldap_mod(kerberos_fd, "cn=Directory Manager", self.admin_password)
except ipautil.CalledProcessError, e:
logging.critical("Failed to load kerberos.ldif: %s" % str(e))
kerberos_fd.close()
self.__ldap_mod("adding kerberos entries to the DS", "kerberos.ldif")
#Change the default ACL to avoid anonimous access to kerberos keys and othe hashes
aci_txt = ipautil.template_file(ipautil.SHARE_DIR + "default-aci.ldif", self.sub_dict)
aci_fd = ipautil.write_tmp_file(aci_txt)
try:
ldap_mod(aci_fd, "cn=Directory Manager", self.admin_password)
except ipautil.CalledProcessError, e:
logging.critical("Failed to load default-aci.ldif: %s" % str(e))
aci_fd.close()
self.__ldap_mod("adding defalt ACIs", "default-aci.ldif")
def __create_instance(self, replica=False):
self.step("configuring KDC")
@ -325,14 +322,7 @@ class KrbInstance(service.Service):
#add the password extop module
def __add_pwd_extop_module(self):
self.step("adding the password extenstion to the directory")
extop_txt = ipautil.template_file(ipautil.SHARE_DIR + "pwd-extop-conf.ldif", self.sub_dict)
extop_fd = ipautil.write_tmp_file(extop_txt)
try:
ldap_mod(extop_fd, "cn=Directory Manager", self.admin_password)
except ipautil.CalledProcessError, e:
logging.critical("Failed to load pwd-extop-conf.ldif: %s" % str(e))
extop_fd.close()
self.__ldap_mod("adding the password extenstion to the directory", "pwd-extop-conf.ldif")
#get the Master Key from the stash file
try: