Move sasl mappings creation to dsinstance

Sasl mappings can be created directly by the DS Instance, there is no reason to create them in the krbinstance as they do not depend on the kdc to be configured just to be created. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2025-01-27 16:46:42 -06:00 · 2015-07-05 07:18:25 -04:00 · 2015-07-05 07:18:25 -04:00 · 20dc3a4c3f
commit 20dc3a4c3f
parent 23b91dddd9
2 changed files with 51 additions and 48 deletions
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@ -354,6 +354,7 @@ class DsInstance(service.Service):
        self.__common_setup(True)

        self.step("setting up initial replication", self.__setup_replica)
+        self.step("adding sasl mappings to the directory", self.__configure_sasl_mappings)
        self.step("updating schema", self.__update_schema)
        # See LDIFs for automember configuration during replica install
        self.step("setting Auto Member configuration", self.__add_replica_automember_config)
@ -378,6 +379,56 @@ class DsInstance(service.Service):
                               r_bindpw=self.dm_password)
        self.run_init_memberof = repl.needs_memberof_fixup()

+
+    def __configure_sasl_mappings(self):
+        # we need to remove any existing SASL mappings in the directory as otherwise they
+        # they may conflict.
+
+        if not self.admin_conn:
+            self.ldap_connect()
+
+        try:
+            res = self.admin_conn.get_entries(
+                DN(('cn', 'mapping'), ('cn', 'sasl'), ('cn', 'config')),
+                self.admin_conn.SCOPE_ONELEVEL,
+                "(objectclass=nsSaslMapping)")
+            for r in res:
+                try:
+                    self.admin_conn.delete_entry(r)
+                except Exception, e:
+                    root_logger.critical(
+                        "Error during SASL mapping removal: %s", e)
+                    raise
+        except Exception, e:
+            root_logger.critical("Error while enumerating SASL mappings %s", e)
+            raise
+
+        entry = self.admin_conn.make_entry(
+            DN(
+                ('cn', 'Full Principal'), ('cn', 'mapping'), ('cn', 'sasl'),
+                ('cn', 'config')),
+            objectclass=["top", "nsSaslMapping"],
+            cn=["Full Principal"],
+            nsSaslMapRegexString=['\(.*\)@\(.*\)'],
+            nsSaslMapBaseDNTemplate=[self.suffix],
+            nsSaslMapFilterTemplate=['(krbPrincipalName=\\1@\\2)'],
+            nsSaslMapPriority=['10'],
+        )
+        self.admin_conn.add_entry(entry)
+
+        entry = self.admin_conn.make_entry(
+            DN(
+                ('cn', 'Name Only'), ('cn', 'mapping'), ('cn', 'sasl'),
+                ('cn', 'config')),
+            objectclass=["top", "nsSaslMapping"],
+            cn=["Name Only"],
+            nsSaslMapRegexString=['^[^:@]+$'],
+            nsSaslMapBaseDNTemplate=[self.suffix],
+            nsSaslMapFilterTemplate=['(krbPrincipalName=&@%s)' % self.realm],
+            nsSaslMapPriority=['10'],
+        )
+        self.admin_conn.add_entry(entry)
+
    def __update_schema(self):
        # FIXME: https://fedorahosted.org/389/ticket/47490
        self._ldap_mod("schema-update.ldif")
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@ -150,7 +150,6 @@ class KrbInstance(service.Service):

        self.__common_setup(realm_name, host_name, domain_name, admin_password)

-        self.step("adding sasl mappings to the directory", self.__configure_sasl_mappings)
        self.step("adding kerberos container to the directory", self.__add_krb_container)
        self.step("configuring KDC", self.__configure_instance)
        self.step("initialize kerberos container", self.__init_ipa_kdb)
@ -180,7 +179,6 @@ class KrbInstance(service.Service):

        self.__common_setup(realm_name, host_name, domain_name, admin_password)

-        self.step("adding sasl mappings to the directory", self.__configure_sasl_mappings)
        self.step("configuring KDC", self.__configure_instance)
        self.step("creating a keytab for the directory", self.__create_ds_keytab)
        self.step("creating a keytab for the machine", self.__create_host_keytab)
@ -245,52 +243,6 @@ class KrbInstance(service.Service):
            root_logger.debug("Persistent keyring CCACHE is not enabled")
            self.sub_dict['OTHER_LIBDEFAULTS'] = ''

-    def __configure_sasl_mappings(self):
-        # we need to remove any existing SASL mappings in the directory as otherwise they
-        # they may conflict.
-
-        try:
-            res = self.admin_conn.get_entries(
-                DN(('cn', 'mapping'), ('cn', 'sasl'), ('cn', 'config')),
-                self.admin_conn.SCOPE_ONELEVEL,
-                "(objectclass=nsSaslMapping)")
-            for r in res:
-                try:
-                    self.admin_conn.delete_entry(r)
-                except Exception as e:
-                    root_logger.critical(
-                        "Error during SASL mapping removal: %s", e)
-                    raise
-        except Exception as e:
-            root_logger.critical("Error while enumerating SASL mappings %s", e)
-            raise
-
-        entry = self.admin_conn.make_entry(
-            DN(
-                ('cn', 'Full Principal'), ('cn', 'mapping'), ('cn', 'sasl'),
-                ('cn', 'config')),
-            objectclass=["top", "nsSaslMapping"],
-            cn=["Full Principal"],
-            nsSaslMapRegexString=['\(.*\)@\(.*\)'],
-            nsSaslMapBaseDNTemplate=[self.suffix],
-            nsSaslMapFilterTemplate=['(krbPrincipalName=\\1@\\2)'],
-            nsSaslMapPriority=['10'],
-        )
-        self.admin_conn.add_entry(entry)
-
-        entry = self.admin_conn.make_entry(
-            DN(
-                ('cn', 'Name Only'), ('cn', 'mapping'), ('cn', 'sasl'),
-                ('cn', 'config')),
-            objectclass=["top", "nsSaslMapping"],
-            cn=["Name Only"],
-            nsSaslMapRegexString=['^[^:@]+$'],
-            nsSaslMapBaseDNTemplate=[self.suffix],
-            nsSaslMapFilterTemplate=['(krbPrincipalName=&@%s)' % self.realm],
-            nsSaslMapPriority=['10'],
-        )
-        self.admin_conn.add_entry(entry)
-
    def __add_krb_container(self):
        self._ldap_mod("kerberos.ldif", self.sub_dict)