checkpoint radius client work

2025-02-25 18:55:28 -06:00 · 2007-11-13 13:06:18 -05:00
parent f36872383c 24d5777bd6
commit 152f8e3392
16 changed files with 424 additions and 14 deletions
--- a/ipa-server/ipaserver/dsinstance.py
+++ b/ipa-server/ipaserver/dsinstance.py
@@ -84,6 +84,7 @@ class DsInstance(service.Service):
        self.__add_default_schemas()
        self.__add_memberof_module()
        self.__add_referint_module()
+        self.__add_dna_module()
        self.__create_indeces()
        self.__enable_ssl()
        self.__certmap_conf()
@@ -93,7 +94,10 @@ class DsInstance(service.Service):
        except:
            # TODO: roll back here?
            logging.critical("Failed to restart the ds instance")
+	self.__config_uidgid_gen_first_master()
        self.__add_default_layout()
+	self.__add_master_entry_first_master()
+

        self.step("configuring directoy to start on boot")
        self.chkconfig_on()
@@ -183,6 +187,36 @@ class DsInstance(service.Service):
            print "Failed to load referint-conf.ldif", e
        referint_fd.close()

+    def __add_dna_module(self):
+        self.step("enabling distributed numeric assignment plugin")
+        dna_txt = template_file(SHARE_DIR + "dna-conf.ldif", self.sub_dict)
+        dna_fd = write_tmp_file(dna_txt)
+        try:
+            ldap_mod(dna_fd, "cn=Directory Manager", self.dm_password)
+        except subprocess.CalledProcessError, e:
+            print "Failed to load dna-conf.ldif", e
+        dna_fd.close()
+
+    def __config_uidgid_gen_first_master(self):
+        self.step("configuring Posix uid/gid generation as first master")
+        dna_txt = template_file(SHARE_DIR + "dna-posix.ldif", self.sub_dict)
+        dna_fd = write_tmp_file(dna_txt)
+        try:
+            ldap_mod(dna_fd, "cn=Directory Manager", self.dm_password)
+        except subprocess.CalledProcessError, e:
+            print "Failed to configure Posix uid/gid generation with dna-posix.ldif", e
+        dna_fd.close()
+
+    def __add_master_entry_first_master(self):
+        self.step("adding master entry as first master")
+        master_txt = template_file(SHARE_DIR + "master-entry.ldif", self.sub_dict)
+        master_fd = write_tmp_file(master_txt)
+        try:
+            ldap_mod(master_fd, "cn=Directory Manager", self.dm_password)
+        except subprocess.CalledProcessError, e:
+            print "Failed to add master-entry.ldif", e
+        master_fd.close()
+
    def __enable_ssl(self):
        self.step("configuring ssl for ds instance")
        dirname = self.config_dirname()
--- a/ipa-server/ipaserver/radiusinstance.py
+++ b/ipa-server/ipaserver/radiusinstance.py
@@ -51,6 +51,10 @@ from ipaserver.funcs import DefaultUserContainer, DefaultGroupContainer

 #-------------------------------------------------------------------------------

+def ldap_mod(fd, dn, pwd):
+    args = ["/usr/bin/ldapmodify", "-h", "127.0.0.1", "-xv", "-D", dn, "-w", pwd, "-f", fd.name]
+    run(args)
+
 def get_radius_version():
    version = None
    try:
@@ -160,6 +164,17 @@ class RadiusInstance(service.Service):
        except Exception, e:
            logging.error("could not chown on %s to %s: %s", IPA_KEYTAB_FILEPATH, RADIUS_USER, e)

+    def __set_ldap_encrypted_attributes(self):
+        ldif_file = 'encrypted_attribute.ldif'
+        self.step("setting ldap encrypted attributes")
+        ldif_txt = template_file(SHARE_DIR + ldif_file, {'ENCRYPTED_ATTRIBUTE':'radiusClientSecret')
+        ldif_fd = write_tmp_file(ldif_txt)
+        try:
+            ldap_mod(ldif_fd, "cn=Directory Manager", self.dm_password)
+        except subprocess.CalledProcessError, e:
+            logging.critical("Failed to load %s: %s" % (ldif_file, str(e)))
+        ldif_fd.close()
+
 #-------------------------------------------------------------------------------

 # FIXME: this should be in a common area so it can be shared