IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Configure a basic ldap.conf for OpenLDAP in /etc/openldap/ldap.conf

Browse Source 
Set URI, BASE and TLS_CACERT

Also update the man page to include a list of files that the client
changes.

https://fedorahosted.org/freeipa/ticket/1810
This commit is contained in:
Rob Crittenden 2012-01-31 22:44:20 -05:00
parent 97e440bf4b
commit 14975cdcdd
2 changed files with 52 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
ipa-client/ipa-install/ipa-client-install
View File

@ -547,6 +547,22 @@ def configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server,
return (0, 'NSLCD', ', '.join(files)) return (0, 'NSLCD', ', '.join(files))
def configure_openldap_conf(fstore, cli_basedn, cli_server):
ldapconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer")
ldapconf.setOptionAssignment(" ")
opts = [{'name':'comment', 'type':'comment', 'value':'File modified by ipa-client-install'},
{'name':'empty', 'type':'empty'},
{'name':'URI', 'type':'option', 'value':'ldaps://'+ cli_server},
{'name':'BASE', 'type':'option', 'value':cli_basedn},
{'name':'TLS_CACERT', 'type':'option', 'value':'/etc/ipa/ca.crt'},
{'name':'empty', 'type':'empty'}]
target_fname = '/etc/openldap/ldap.conf'
fstore.backup_file(target_fname)
ldapconf.newConf(target_fname, opts)
os.chmod(target_fname, 0644)
def hardcode_ldap_server(cli_server): def hardcode_ldap_server(cli_server):
""" """
DNS Discovery didn't return a valid IPA server, hardcode a value into DNS Discovery didn't return a valid IPA server, hardcode a value into
@ -1451,6 +1467,9 @@ def install(options, env, fstore, statestore):
if conf: if conf:
print "%s configured using configuration file(s) %s" % (conf, filename) print "%s configured using configuration file(s) %s" % (conf, filename)
configure_openldap_conf(fstore, cli_basedn, cli_server)
print "Configured /etc/openldap/ldap.conf"
#Check that nss is working properly #Check that nss is working properly
if not options.on_master: if not options.on_master:
n = 0 n = 0

34
ipa-client/man/ipa-client-install.1
View File

@ -110,7 +110,7 @@ possible due to SSSDConfig reader encountering unsupported options,
\fBipa\-client\-install\fR will not run further and ask to fix SSSD config \fBipa\-client\-install\fR will not run further and ask to fix SSSD config
first. When this option is not specified, \fBipa\-client\-install\fR will back first. When this option is not specified, \fBipa\-client\-install\fR will back
up SSSD config and create new one. The back up version will be restored during up SSSD config and create new one. The back up version will be restored during
uninstall. uninstall.
.SS "UNINSTALL OPTIONS" .SS "UNINSTALL OPTIONS"
.TP .TP
@ -120,6 +120,38 @@ Remove the IPA client software and restore the configuration to the pre\-IPA sta
\fB\-U\fR, \fB\-\-unattended\fR \fB\-U\fR, \fB\-\-unattended\fR
Unattended uninstallation. The user will not be prompted. Unattended uninstallation. The user will not be prompted.
.SH "FILES"
.TP
Files that will be replaced if SSSD is configured (default):
/etc/sssd/sssd.conf\p
.TP
Files that will be replaced if they exist and SSSD is not configured (\-\-no\-sssd):
/etc/ldap.conf\p
/etc/nss_ldap.conf\p
/etc/libnss\-ldap.conf\p
/etc/pam_ldap.conf\p
/etc/nslcd.conf\p
.TP
Files replaced if NTP is enabled:
/etc/ntp.conf\p
/etc/sysconfig/ntpd\p
/etc/ntp/step\-tickers\p
.TP
Files always created (replacing existing content):
/etc/krb5.conf\p
/etc/ipa/ca.crt\p
/etc/ipa/default.conf\p
/etc/openldap/ldap.conf\p
.TP
Files updated, existing content is maintained:
/etc/pki/nssdb\p
/etc/krb5.keytab\p
/etc/sysconfig/network\p
.SH "EXIT STATUS" .SH "EXIT STATUS"
0 if the installation was successful 0 if the installation was successful