Configure a basic ldap.conf for OpenLDAP in /etc/openldap/ldap.conf

Set URI, BASE and TLS_CACERT Also update the man page to include a list of files that the client changes. https://fedorahosted.org/freeipa/ticket/1810
2025-02-25 18:55:28 -06:00 · 2012-01-31 22:44:20 -05:00 · 2012-01-31 22:44:20 -05:00 · 14975cdcdd
commit 14975cdcdd
parent 97e440bf4b
2 changed files with 52 additions and 1 deletions
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@ -547,6 +547,22 @@ def configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server,

    return (0, 'NSLCD', ', '.join(files))

+def configure_openldap_conf(fstore, cli_basedn, cli_server):
+    ldapconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer")
+    ldapconf.setOptionAssignment(" ")
+
+    opts = [{'name':'comment', 'type':'comment', 'value':'File modified by ipa-client-install'},
+            {'name':'empty', 'type':'empty'},
+            {'name':'URI', 'type':'option', 'value':'ldaps://'+  cli_server},
+            {'name':'BASE', 'type':'option', 'value':cli_basedn},
+            {'name':'TLS_CACERT', 'type':'option', 'value':'/etc/ipa/ca.crt'},
+            {'name':'empty', 'type':'empty'}]
+
+    target_fname = '/etc/openldap/ldap.conf'
+    fstore.backup_file(target_fname)
+    ldapconf.newConf(target_fname, opts)
+    os.chmod(target_fname, 0644)
+
 def hardcode_ldap_server(cli_server):
    """
    DNS Discovery didn't return a valid IPA server, hardcode a value into
@ -1451,6 +1467,9 @@ def install(options, env, fstore, statestore):
                if conf:
                    print "%s configured using configuration file(s) %s" % (conf, filename)

+        configure_openldap_conf(fstore, cli_basedn, cli_server)
+        print "Configured /etc/openldap/ldap.conf"
+
        #Check that nss is working properly
        if not options.on_master:
            n = 0
--- a/ipa-client/man/ipa-client-install.1
+++ b/ipa-client/man/ipa-client-install.1
@ -110,7 +110,7 @@ possible due to SSSDConfig reader encountering unsupported options,
 \fBipa\-client\-install\fR will not run further and ask to fix SSSD config
 first. When this option is not specified, \fBipa\-client\-install\fR will back
 up SSSD config and create new one. The back up version will be restored during
-uninstall. 
+uninstall.

 .SS "UNINSTALL OPTIONS"
 .TP
@ -120,6 +120,38 @@ Remove the IPA client software and restore the configuration to the pre\-IPA sta
 \fB\-U\fR, \fB\-\-unattended\fR
 Unattended uninstallation. The user will not be prompted.

+.SH "FILES"
+.TP
+Files that will be replaced if SSSD is configured (default):
+
+/etc/sssd/sssd.conf\p
+.TP
+Files that will be replaced if they exist and SSSD is not configured (\-\-no\-sssd):
+
+/etc/ldap.conf\p
+/etc/nss_ldap.conf\p
+/etc/libnss\-ldap.conf\p
+/etc/pam_ldap.conf\p
+/etc/nslcd.conf\p
+.TP
+Files replaced if NTP is enabled:
+
+/etc/ntp.conf\p
+/etc/sysconfig/ntpd\p
+/etc/ntp/step\-tickers\p
+.TP
+Files always created (replacing existing content):
+
+/etc/krb5.conf\p
+/etc/ipa/ca.crt\p
+/etc/ipa/default.conf\p
+/etc/openldap/ldap.conf\p
+.TP
+Files updated, existing content is maintained:
+
+/etc/pki/nssdb\p
+/etc/krb5.keytab\p
+/etc/sysconfig/network\p
 .SH "EXIT STATUS"
 0 if the installation was successful