Refuse PORT, HOST in /etc/openldap/ldap.conf

OpenLDAP has deprecated PORT and HOST stanzes in ldap.conf. The presence of either option causes FreeIPA installation to fail. Refuse installation when a deprecated and unsupported option is present. Fixes: https://pagure.io/freeipa/issue/7418 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2025-02-25 18:55:28 -06:00 · 2018-05-24 11:21:54 +02:00
parent 829998b19b
commit 172df673dd
4 changed files with 69 additions and 0 deletions
--- a/ipaclient/install/client.py
+++ b/ipaclient/install/client.py
@@ -20,6 +20,7 @@ import getpass
 import gssapi
 import netifaces
 import os
+import re
 import SSSDConfig
 import shutil
 import socket
@@ -201,6 +202,31 @@ def nssldap_exists():
    return (retval, files_found)


+def check_ldap_conf(conf=paths.OPENLDAP_LDAP_CONF,
+                    error_rval=CLIENT_INSTALL_ERROR):
+    if not os.path.isfile(conf):
+        return False
+
+    pat = re.compile(r"^\s*(PORT|HOST).*")
+    unsupported = set()
+
+    with open(conf) as f:
+        for line in f:
+            mo = pat.match(line)
+            if mo is not None:
+                unsupported.add(mo.group(1))
+
+    if unsupported:
+        raise ScriptError(
+            "'{}' contains deprecated and unsupported entries: {}".format(
+                conf, ", ".join(sorted(unsupported))
+            ),
+            rval=error_rval
+        )
+    else:
+        return True
+
+
 def delete_ipa_domain():
    """Helper function for uninstall.
    Deletes IPA domain from sssd.conf
@@ -2008,6 +2034,8 @@ def install_check(options):
            "using 'ipa-client-install --uninstall'.")
        raise ScriptError(rval=CLIENT_ALREADY_CONFIGURED)

+    check_ldap_conf()
+
    if options.conf_ntp:
        try:
            timeconf.check_timedate_services()