Allow ipa-dns-install to install with just admin credentials

Do this by creating a common way to attach to the ldap server for each instance. Fixes: https://fedorahosted.org/freeipa/ticket/686
2025-02-25 18:55:28 -06:00 · 2011-01-05 07:46:30 -05:00
parent 56f000e9a9
commit 21bf175e0c
6 changed files with 81 additions and 89 deletions
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -217,7 +217,6 @@ class BindInstance(service.Service):
        service.Service.__init__(self, "named", dm_password=dm_password)
        self.dns_backup = DnsBackup(self)
        self.named_user = None
-        self.fqdn = None
        self.domain = None
        self.host = None
        self.ip_address = None
@@ -270,6 +269,9 @@ class BindInstance(service.Service):
        except:
            pass

+        # get a connection to the DS
+        self.ldap_connect()
+
        if not dns_container_exists(self.fqdn, self.suffix):
            self.step("adding DNS container", self.__setup_dns_container)
        if not dns_zone_exists(self.domain):
@@ -384,30 +386,19 @@ class BindInstance(service.Service):
        # it can host the memberof attribute, then also add it to the
        # dnsserver role group, this way the DNS is allowed to perform
        # DNS Updates
-        conn = None
-
-        try:
-            conn = ipaldap.IPAdmin("127.0.0.1")
-            conn.simple_bind_s("cn=directory manager", self.dm_password)
-        except Exception, e:
-            logging.critical("Could not connect to the Directory Server on %s" % self.fqdn)
-            raise e
-
        dns_group = "cn=dnsserver,cn=privileges,cn=pbac,%s" % self.suffix
        if isinstance(dns_principal, unicode):
            dns_principal = dns_principal.encode('utf-8')
        mod = [(ldap.MOD_ADD, 'member', dns_principal)]

        try:
-            conn.modify_s(dns_group, mod)
+            self.admin_conn.modify_s(dns_group, mod)
        except ldap.TYPE_OR_VALUE_EXISTS:
            pass
        except Exception, e:
            logging.critical("Could not modify principal's %s entry" % dns_principal)
            raise e

-        conn.unbind()
-
    def __setup_named_conf(self):
        self.fstore.backup_file('/etc/named.conf')
        named_txt = ipautil.template_file(ipautil.SHARE_DIR + "bind.named.conf.template", self.sub_dict)