mirror of
				https://salsa.debian.org/freeipa-team/freeipa.git
				synced 2025-02-25 18:55:28 -06:00 
			
		
		
		
	Use ldap2 instead of legacy LDAP code from v1 in installer scripts.
This commit is contained in:
		
				
					committed by
					
						 Rob Crittenden
						Rob Crittenden
					
				
			
			
				
	
			
			
			
						parent
						
							cc336cf9c1
						
					
				
				
					commit
					3620135ec9
				
			| @@ -22,12 +22,11 @@ | ||||
| import sys | ||||
| try: | ||||
|     from optparse import OptionParser | ||||
|     from ipaserver import ipaldap | ||||
|     from ipapython import entity, ipautil, config | ||||
|     from ipaserver.install import installutils | ||||
|     from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax, UPDATES_DIR | ||||
|     from ipaserver.plugins.ldap2 import ldap2 | ||||
|     from ipalib import errors | ||||
|     import ldap | ||||
|     import logging | ||||
|     import re | ||||
|     import krbV | ||||
| @@ -95,26 +94,29 @@ def main(): | ||||
|     else: | ||||
|         dirman_password = get_dirman_password() | ||||
|  | ||||
|     conn = None | ||||
|     try: | ||||
|         ldapuri = 'ldap://%s' % installutils.get_fqdn() | ||||
|         try: | ||||
|             conn = ipaldap.IPAdmin(installutils.get_fqdn()) | ||||
|             conn.do_simple_bind(bindpw=dirman_password) | ||||
|         except ldap.LDAPError, e: | ||||
|             conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn='') | ||||
|             conn.connect( | ||||
|                 bind_dn='cn=directory manager', bind_pw=dirman_password | ||||
|             ) | ||||
|         except errors.LDAPError, e: | ||||
|             print "An error occurred while connecting to the server." | ||||
|             print "%s" % e[0]['desc'] | ||||
|             print e | ||||
|             return 1 | ||||
|  | ||||
|         if args[0] == "enable": | ||||
|             try: | ||||
|                 conn.getEntry("cn=Schema Compatibility,cn=plugins,cn=config", | ||||
|                               ldap.SCOPE_BASE, "(objectclass=*)") | ||||
|                 conn.get_entry('cn=Schema Compatibility,cn=plugins,cn=config') | ||||
|                 print "Plugin already Enabled" | ||||
|                 retval = 2 | ||||
|             except errors.NotFound: | ||||
|                 print "Enabling plugin" | ||||
|             except ldap.LDAPError, e: | ||||
|             except errors.LDAPError, e: | ||||
|                 print "An error occurred while talking to the server." | ||||
|                 print "%s" % e[0]['desc'] | ||||
|                 print e | ||||
|                 retval = 1 | ||||
|  | ||||
|             if retval == 0: | ||||
| @@ -127,17 +129,15 @@ def main(): | ||||
|             # Make a quick hack foir now, directly delete the entries by name, | ||||
|             # In future we should add delete capabilites to LDAPUpdate | ||||
|             try: | ||||
|                 conn.getEntry("cn=Schema Compatibility,cn=plugins,cn=config", | ||||
|                               ldap.SCOPE_BASE, "(objectclass=*)") | ||||
|                 conn.deleteEntry("cn=groups,cn=Schema Compatibility,cn=plugins,cn=config") | ||||
|                 conn.deleteEntry("cn=users,cn=Schema Compatibility,cn=plugins,cn=config") | ||||
|                 conn.deleteEntry("cn=Schema Compatibility,cn=plugins,cn=config") | ||||
|                 conn.delete_entry('cn=groups,cn=Schema Compatibility,cn=plugins,cn=config') | ||||
|                 conn.delete_entry('cn=users,cn=Schema Compatibility,cn=plugins,cn=config') | ||||
|                 conn.delete_entry('cn=Schema Compatibility,cn=plugins,cn=config') | ||||
|             except errors.NotFound: | ||||
|                 print "Plugin is already disabled" | ||||
|                 retval = 2 | ||||
|             except ldap.LDAPError, e: | ||||
|             except errors.LDAPError, e: | ||||
|                 print "An error occurred while talking to the server." | ||||
|                 print "%s" % e[0]['desc'] | ||||
|                 print e | ||||
|                 retval = 1 | ||||
|  | ||||
|         else: | ||||
| @@ -145,7 +145,7 @@ def main(): | ||||
|  | ||||
|     finally: | ||||
|         if conn: | ||||
|             conn.unbind() | ||||
|             conn.disconnect() | ||||
|  | ||||
|     return retval | ||||
|  | ||||
| @@ -167,6 +167,6 @@ except config.IPAConfigError, e: | ||||
|     print "An IPA server to update cannot be found. Has one been configured yet?" | ||||
|     print "The error was: %s" % e | ||||
|     sys.exit(1) | ||||
| except ldap.LDAPError, e: | ||||
| except errors.LDAPError, e: | ||||
|     print "An error occurred while performing operations: %s" % e | ||||
|     sys.exit(1) | ||||
|   | ||||
| @@ -22,13 +22,12 @@ | ||||
| from optparse import OptionParser | ||||
| import traceback | ||||
|  | ||||
| from ipaserver import ipaldap | ||||
| from ipaserver.plugins.ldap2 import ldap2 | ||||
| from ipaserver.install import bindinstance, ntpinstance | ||||
| from ipaserver.install.installutils import * | ||||
| from ipapython import version | ||||
| from ipapython import ipautil, sysrestore | ||||
| from ipalib import api, util | ||||
| import ldap | ||||
| from ipalib import api, errors, util | ||||
|  | ||||
| def parse_options(): | ||||
|     parser = OptionParser(version=version.VERSION) | ||||
| @@ -134,14 +133,15 @@ def main(): | ||||
|         dm_password = options.dm_password | ||||
|  | ||||
|     # Try out the password | ||||
|     ldapuri = 'ldap://%s' % api.env.host | ||||
|     try: | ||||
|         conn = ipaldap.IPAdmin(api.env.host) | ||||
|         conn.do_simple_bind(bindpw=dm_password) | ||||
|         conn.unbind() | ||||
|     except (ldap.CONNECT_ERROR, ldap.SERVER_DOWN), e: | ||||
|         sys.exit("\nUnable to connect to LDAP server %s" % api.env.host) | ||||
|     except ldap.INVALID_CREDENTIALS, e : | ||||
|         conn = ldap2(shared_instance=False, ldap_uri=ldapuri) | ||||
|         conn.connect(bind_dn='cn=directory manager', bind_pw=dm_password) | ||||
|         conn.disconnect() | ||||
|     except errors.ACIError: | ||||
|         sys.exit("\nThe password provided is incorrect for LDAP server %s" % api.env.host) | ||||
|     except errors.LDAPError: | ||||
|         sys.exit("\nUnable to connect to LDAP server %s" % api.env.host) | ||||
|  | ||||
|     conf_ntp = ntpinstance.NTPInstance(fstore).is_enabled() | ||||
|  | ||||
|   | ||||
| @@ -25,13 +25,10 @@ try: | ||||
|     import ipapython.ipautil | ||||
|  | ||||
|     import krbV | ||||
|     import ldap | ||||
|  | ||||
|     from ldap import LDAPError | ||||
|     from ldap import ldapobject | ||||
|  | ||||
|     from ipalib import errors | ||||
|     from ipaclient import ipachangeconf | ||||
|     from ipaserver import ipaldap | ||||
|     from ipaserver.plugins.ldap2 import ldap2 | ||||
|  | ||||
|     from pyasn1.type import univ, namedtype | ||||
|     import pyasn1.codec.ber.encoder | ||||
| @@ -70,22 +67,24 @@ def parse_options(): | ||||
|  | ||||
| def check_vuln(realm, suffix): | ||||
|  | ||||
|     ldapuri = 'ldap://127.0.0.1' | ||||
|     try: | ||||
|         conn = ldapobject.SimpleLDAPObject("ldap://127.0.0.1/") | ||||
|         conn.simple_bind() | ||||
|         msgid = conn.search("cn="+realm+",cn=kerberos,"+suffix, | ||||
|                             ldap.SCOPE_BASE, | ||||
|                             "(objectclass=krbRealmContainer)", | ||||
|                             ("krbmkey", "cn")) | ||||
|         res = conn.result(msgid) | ||||
|         conn.unbind() | ||||
|  | ||||
|         if len(res) != 2: | ||||
|         conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn=suffix) | ||||
|         conn.connect() | ||||
|         try: | ||||
|             (entries, truncated) = conn.find_entries( | ||||
|                 filter='(objectclass=krbRealmContainer)', | ||||
|                 attrs_list=('krbmkey', 'cn'), scope=ldap2.SCOPE_BASE, | ||||
|                 base_dn='cn=%s,cn=kerberos' % realm | ||||
|             ) | ||||
|         except errors.NotFound: | ||||
|             err = 'Realm Container not found, unable to proceed' | ||||
|             print err | ||||
|             raise Exception, err | ||||
|         finally: | ||||
|             conn.disconnect() | ||||
|  | ||||
|         if 'krbmkey' in res[1][0][1]: | ||||
|         if 'krbmkey' in entries[0][1]: | ||||
|             print 'System vulnerable' | ||||
|             return 1 | ||||
|         else: | ||||
| @@ -185,9 +184,10 @@ def change_mkey(password = None, quiet = False): | ||||
|         password = getpass.getpass("Directory Manager password: ") | ||||
|  | ||||
|     # get a connection to the DS | ||||
|     ldapuri = 'ldap://%s' % ipapython.config.config.default_server[0] | ||||
|     try: | ||||
|         conn = ipaldap.IPAdmin(ipapython.config.config.default_server[0]) | ||||
|         conn.do_simple_bind(bindpw=password) | ||||
|         conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn=suffix) | ||||
|         conn.connect(bind_dn='cn=directory manager', bind_pw=password) | ||||
|     except Exception, e: | ||||
|         print "ERROR: Could not connect to the Directory Server on "+ipapython.config.config.default_server[0]+" ("+str(e)+")" | ||||
|         return 1 | ||||
| @@ -298,8 +298,8 @@ def change_mkey(password = None, quiet = False): | ||||
|         asn1key = pyasn1.codec.ber.encoder.encode(krbMKey) | ||||
|  | ||||
|         dn = "cn="+realm+",cn=kerberos,"+suffix | ||||
|         mod = [(ldap.MOD_REPLACE, 'krbMKey', str(asn1key))] | ||||
|         conn.modify_s(dn, mod) | ||||
|         mod = {'krbmkey': str(asn1key)} | ||||
|         conn.update_entry(dn, mod) | ||||
|     except Exception, e: | ||||
|         print "ERROR: Failed to upload the Master Key from the Stash file: "+newstashfile+" ("+str(e)+")" | ||||
|         return 1 | ||||
| @@ -459,16 +459,25 @@ def fix_main(password, realm, suffix): | ||||
|     krbMKey.setComponentByPosition(1, MasterKey) | ||||
|     asn1key = pyasn1.codec.ber.encoder.encode(krbMKey) | ||||
|  | ||||
|     dn = "cn=%s,cn=kerberos,%s" % (realm, suffix) | ||||
|     dn = 'cn=%s,cn=kerberos' % realm | ||||
|     sub_dict = dict(REALM=realm, SUFFIX=suffix) | ||||
|     #protect the master key by adding an appropriate deny rule along with the key | ||||
|     mod = [(ldap.MOD_ADD, 'aci', ipapython.ipautil.template_str(KRBMKEY_DENY_ACI, sub_dict)), | ||||
|            (ldap.MOD_REPLACE, 'krbMKey', str(asn1key))] | ||||
|     conn = ldap2( | ||||
|         shared_instance=False, ldap_uri='ldap://127.0.0.1', | ||||
|         base_dn=suffix | ||||
|     ) | ||||
|     conn.connect(bind_dn='cn=directory manager', bind_pw=password) | ||||
|  | ||||
|     conn = ldapobject.SimpleLDAPObject("ldap://127.0.0.1/") | ||||
|     conn.simple_bind("cn=Directory Manager", password) | ||||
|     conn.modify_s(dn, mod) | ||||
|     conn.unbind() | ||||
|     (dn, entry_attrs) = conn.get_entry(dn, ['aci']) | ||||
|  | ||||
|     entry_attrs['krbmkey'] = str(asn1key) | ||||
|     entry_attrs.setdefault('aci', []).append( | ||||
|         ipapython.ipautil.template_str(KRBMKEY_DENY_ACI, sub_dict) | ||||
|     ) | ||||
|  | ||||
|     conn.update_entry(dn, entry_attrs) | ||||
|  | ||||
|     conn.disconnect() | ||||
|  | ||||
|     print "\n" | ||||
|     print "This server is now correctly configured and the master-key has been changed and secured." | ||||
|   | ||||
| @@ -26,11 +26,9 @@ | ||||
| import sys | ||||
| try: | ||||
|     from optparse import OptionParser | ||||
|     from ipaserver import ipaldap | ||||
|     from ipapython import entity, ipautil, config | ||||
|     from ipaserver.install import installutils | ||||
|     from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax, UPDATES_DIR | ||||
|     import ldap | ||||
|     import logging | ||||
|     import re | ||||
|     import krbV | ||||
|   | ||||
| @@ -22,12 +22,11 @@ | ||||
| import sys | ||||
| try: | ||||
|     from optparse import OptionParser | ||||
|     from ipaserver import ipaldap | ||||
|     from ipapython import entity, ipautil, config | ||||
|     from ipaserver.install import installutils | ||||
|     from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax, UPDATES_DIR | ||||
|     from ipaserver.plugins.ldap2 import ldap2 | ||||
|     from ipalib import errors | ||||
|     import ldap | ||||
|     import logging | ||||
| except ImportError: | ||||
|     print >> sys.stderr, """\ | ||||
| @@ -68,12 +67,9 @@ def get_dirman_password(): | ||||
| def get_nis_config(conn): | ||||
|     entry = None | ||||
|     try: | ||||
|         entry = conn.getEntry(nis_config_dn, ldap.SCOPE_BASE, "(objectclass=*)") | ||||
|         (dn, entry) = conn.get_entry(nis_config_dn) | ||||
|     except errors.NotFound: | ||||
|         pass | ||||
|     except ldap.LDAPError, e: | ||||
|         raise e | ||||
|  | ||||
|     return entry | ||||
|  | ||||
| def main(): | ||||
| @@ -103,22 +99,26 @@ def main(): | ||||
|     else: | ||||
|         dirman_password = get_dirman_password() | ||||
|  | ||||
|     conn = None | ||||
|     try: | ||||
|         ldapuri = 'ldap://%s' % installutils.get_fqdn() | ||||
|         try: | ||||
|             conn = ipaldap.IPAdmin(installutils.get_fqdn()) | ||||
|             conn.do_simple_bind(bindpw=dirman_password) | ||||
|         except ldap.LDAPError, e: | ||||
|             conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn='') | ||||
|             conn.connect( | ||||
|                 bind_dn='cn=directory manager', bind_pw=dirman_password | ||||
|             ) | ||||
|         except errors.LDAPError, e: | ||||
|             print "An error occurred while connecting to the server." | ||||
|             print "%s" % e[0]['desc'] | ||||
|             print e | ||||
|             return 1 | ||||
|  | ||||
|         if args[0] == "enable": | ||||
|             entry = None | ||||
|             try: | ||||
|                 entry = get_nis_config(conn) | ||||
|             except ldap.LDAPError, e: | ||||
|             except errors.LDAPError, e: | ||||
|                 print "An error occurred while talking to the server." | ||||
|                 print "%s" % e[0]['desc'] | ||||
|                 print e | ||||
|                 retval = 1 | ||||
|  | ||||
|             # Enable either the portmap or rpcbind service | ||||
| @@ -142,27 +142,25 @@ def main(): | ||||
|                     ld = LDAPUpdate(dm_password=dirman_password, sub_dict={}) | ||||
|                     retval = ld.update(files) | ||||
|             else: | ||||
|                 if entry.getValue('nsslapd-pluginenabled').lower() == "off": | ||||
|                 if entry.get('nsslapd-pluginenabled', '').lower() == 'off': | ||||
|                     # Already configured, just enable the plugin | ||||
|                     print "Enabling plugin" | ||||
|                     mod = [(ldap.MOD_REPLACE, "nsslapd-pluginenabled", "on")] | ||||
|  | ||||
|                     conn.modify_s(nis_config_dn, mod) | ||||
|                     mod = {'nsslapd-pluginenabled': 'on'} | ||||
|                     conn.update_entry(nis_config_dn, mod) | ||||
|                 else: | ||||
|                     print "Plugin already Enabled" | ||||
|                     retval = 2 | ||||
|  | ||||
|         elif args[0] == "disable": | ||||
|             try: | ||||
|                 mod = [(ldap.MOD_REPLACE, "nsslapd-pluginenabled", "off")] | ||||
|  | ||||
|                 conn.modify_s(nis_config_dn, mod) | ||||
|                 mod = {'nsslapd-pluginenabled': 'off'} | ||||
|                 conn.update_entry(nis_config_dn, mod) | ||||
|             except errors.NotFound: | ||||
|                 print "Plugin is already disabled" | ||||
|                 retval = 2 | ||||
|             except ldap.LDAPError, e: | ||||
|             except errors.LDAPError, e: | ||||
|                 print "An error occurred while talking to the server." | ||||
|                 print "%s" % e[0]['desc'] | ||||
|                 print e | ||||
|                 retval = 1 | ||||
|  | ||||
|         else: | ||||
| @@ -176,7 +174,7 @@ def main(): | ||||
|  | ||||
|     finally: | ||||
|         if conn: | ||||
|             conn.unbind() | ||||
|             conn.disconnect() | ||||
|  | ||||
|     return retval | ||||
|  | ||||
| @@ -198,6 +196,6 @@ except config.IPAConfigError, e: | ||||
|     print "An IPA server to update cannot be found. Has one been configured yet?" | ||||
|     print "The error was: %s" % e | ||||
|     sys.exit(1) | ||||
| except ldap.LDAPError, e: | ||||
| except errors.LDAPError, e: | ||||
|     print "An error occurred while performing operations: %s" % e | ||||
|     sys.exit(1) | ||||
|   | ||||
| @@ -23,15 +23,14 @@ import socket | ||||
|  | ||||
| import tempfile, os, pwd, traceback, logging, shutil | ||||
| from ConfigParser import SafeConfigParser | ||||
| import ldap | ||||
|  | ||||
| from ipapython import ipautil | ||||
|  | ||||
| from ipaserver.install import dsinstance, replication, installutils, krbinstance, service | ||||
| from ipaserver.install import bindinstance, httpinstance, ntpinstance, certs | ||||
| from ipaserver import ipaldap | ||||
| from ipaserver.plugins.ldap2 import ldap2 | ||||
| from ipapython import version | ||||
| from ipalib import api, util | ||||
| from ipalib import api, errors, util | ||||
|  | ||||
| CACERT="/usr/share/ipa/html/ca.crt" | ||||
|  | ||||
| @@ -300,16 +299,17 @@ def main(): | ||||
|     config.dir = dir | ||||
|  | ||||
|     # Try out the password | ||||
|     ldapuri = 'ldap://%s' % config.master_host_name | ||||
|     try: | ||||
|         conn = ipaldap.IPAdmin(config.master_host_name) | ||||
|         conn.do_simple_bind(bindpw=config.dirman_password) | ||||
|         conn.unbind() | ||||
|     except ldap.CONNECT_ERROR, e: | ||||
|         sys.exit("\nUnable to connect to LDAP server %s" % config.master_host_name) | ||||
|     except ldap.SERVER_DOWN, e: | ||||
|         sys.exit("\nUnable to connect to LDAP server %s" % config.master_host_name) | ||||
|     except ldap.INVALID_CREDENTIALS, e : | ||||
|         conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn='') | ||||
|         conn.connect( | ||||
|             bind_dn='cn=directory manager', bind_pw=config.dirman_password | ||||
|         ) | ||||
|         conn.disconnect() | ||||
|     except errors.ACIError: | ||||
|         sys.exit("\nThe password provided is incorrect for LDAP server %s" % config.master_host_name) | ||||
|     except errors.LDAPError: | ||||
|         sys.exit("\nUnable to connect to LDAP server %s" % config.master_host_name) | ||||
|  | ||||
|     # Create the management framework config file | ||||
|     # Note: We must do this before bootstraping and finalizing ipalib.api | ||||
|   | ||||
| @@ -24,10 +24,9 @@ import traceback, logging | ||||
|  | ||||
| from ipapython import ipautil | ||||
| from ipaserver.install import replication, dsinstance, installutils | ||||
| from ipaserver import ipaldap | ||||
| from ipaserver.plugins.ldap2 import ldap2 | ||||
| from ipapython import version | ||||
| from ipalib import util | ||||
| from ipalib import errors | ||||
| from ipalib import errors, util | ||||
|  | ||||
| def parse_options(): | ||||
|     from optparse import OptionParser | ||||
| @@ -73,7 +72,8 @@ def get_realm_name(): | ||||
|     return c.default_realm | ||||
|  | ||||
| def get_suffix(): | ||||
|     suffix = ipaldap.IPAdmin.normalizeDN(util.realm_to_suffix(get_realm_name())) | ||||
|     l = ldap2(shared_instance=False, base_dn='') | ||||
|     suffix = l.normalize_dn(util.realm_to_suffix(get_realm_name())) | ||||
|     return suffix | ||||
|  | ||||
| def get_host_name(): | ||||
|   | ||||
| @@ -29,11 +29,9 @@ from optparse import OptionParser | ||||
| from ipapython import ipautil | ||||
| from ipaserver.install import bindinstance, dsinstance, installutils, certs, httpinstance | ||||
| from ipaserver.install.bindinstance import add_zone, add_reverze_zone, add_rr, add_ptr_rr | ||||
| from ipaserver import ipaldap | ||||
| from ipaserver.plugins.ldap2 import ldap2 | ||||
| from ipapython import version | ||||
| from ipalib import api | ||||
| from ipalib import util | ||||
| import ldap | ||||
| from ipalib import api, errors, util | ||||
|  | ||||
| def parse_options(): | ||||
|     usage = "%prog [options] FQDN (e.g. replica.example.com)" | ||||
| @@ -75,14 +73,16 @@ def parse_options(): | ||||
|     return options, args | ||||
|  | ||||
| def get_subject_base(host_name, dm_password, suffix): | ||||
|     ldapuri = 'ldap://%s:389' % host_name | ||||
|     try: | ||||
|         conn = ipaldap.IPAdmin(host_name) | ||||
|         conn.do_simple_bind(bindpw=dm_password) | ||||
|     except Exception, e: | ||||
|         conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn=suffix) | ||||
|         conn.connect(bind_dn='cn=directory manager', bind_pw=dm_password) | ||||
|     except errors.ExecutionError, e: | ||||
|         logging.critical("Could not connect to the Directory Server on %s" % host_name) | ||||
|         raise e | ||||
|     entry = conn.getEntry("cn=ipaConfig, cn=etc, %s" % suffix, ldap.SCOPE_SUBTREE) | ||||
|     return entry.getValue('ipacertificatesubjectbase') | ||||
|     (dn, entry_attrs) = conn.get_ipa_config() | ||||
|     conn.disconnect() | ||||
|     return entry_attrs.get('ipacertificatesubjectbase', [None])[0] | ||||
|  | ||||
| def check_ipa_configuration(realm_name): | ||||
|     config_dir = dsinstance.config_dirname(dsinstance.realm_to_serverid(realm_name)) | ||||
| @@ -236,16 +236,15 @@ def main(): | ||||
|             sys.exit(0) | ||||
|  | ||||
|     # Try out the password | ||||
|     ldapuri = 'ldap://%s:389' % api.env.host | ||||
|     try: | ||||
|         conn = ipaldap.IPAdmin(api.env.host) | ||||
|         conn.do_simple_bind(bindpw=dirman_password) | ||||
|         conn.unbind() | ||||
|     except ldap.CONNECT_ERROR, e: | ||||
|         sys.exit("\nUnable to connect to LDAP server %s" % api.env.host) | ||||
|     except ldap.SERVER_DOWN, e: | ||||
|         sys.exit("\nUnable to connect to LDAP server %s" % api.env.host) | ||||
|     except ldap.INVALID_CREDENTIALS, e : | ||||
|         conn = ldap2(shared_instance=False, ldap_uri=ldapuri) | ||||
|         conn.connect(bind_dn='cn=directory manager', bind_pw=dirman_password) | ||||
|         conn.disconnect() | ||||
|     except errors.ACIError: | ||||
|         sys.exit("\nThe password provided is incorrect for LDAP server %s" % api.env.host) | ||||
|     except errors.LDAPError: | ||||
|         sys.exit("\nUnable to connect to LDAP server %s" % api.env.host) | ||||
|  | ||||
|     print "Preparing replica for %s from %s" % (replica_fqdn, api.env.host) | ||||
|  | ||||
|   | ||||
| @@ -25,13 +25,13 @@ import tempfile | ||||
|  | ||||
| import traceback | ||||
|  | ||||
| import krbV, ldap, getpass | ||||
| import krbV, getpass | ||||
|  | ||||
| from ipapython.ipautil import user_input | ||||
|  | ||||
| from ipaserver import ipaldap | ||||
| from ipaserver.install import certs, dsinstance, httpinstance, installutils | ||||
| from ipalib import api | ||||
| from ipaserver.plugins.ldap2 import ldap2 | ||||
|  | ||||
| def get_realm_name(): | ||||
|     c = krbV.default_context() | ||||
| @@ -64,14 +64,12 @@ def parse_options(): | ||||
|     return options, args[0] | ||||
|  | ||||
| def set_ds_cert_name(cert_name, dm_password): | ||||
|     conn = ipaldap.IPAdmin("127.0.0.1") | ||||
|     conn.simple_bind_s("cn=directory manager", dm_password) | ||||
|  | ||||
|     mod = [(ldap.MOD_REPLACE, "nsSSLPersonalitySSL", cert_name)] | ||||
|  | ||||
|     conn.modify_s("cn=RSA,cn=encryption,cn=config", mod) | ||||
|  | ||||
|     conn.unbind() | ||||
|     ldapuri = 'ldap://127.0.0.1' | ||||
|     conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn='') | ||||
|     conn.connect(bind_dn='cn=directory manager', bind_pw=dm_password) | ||||
|     mod = {'nssslpersonalityssl': cert_name} | ||||
|     conn.update_entry('cn=RSA,cn=encryption,cn=config', mod) | ||||
|     conn.disconnect() | ||||
|  | ||||
| def choose_server_cert(server_certs): | ||||
|     print "Please select the certificate to use:" | ||||
|   | ||||
| @@ -35,7 +35,6 @@ import signal | ||||
| import shutil | ||||
| import glob | ||||
| import traceback | ||||
| import ldap | ||||
| from optparse import OptionParser | ||||
| from ConfigParser import RawConfigParser | ||||
| import random | ||||
| @@ -51,11 +50,11 @@ from ipaserver.install import cainstance | ||||
| from ipaserver.install import service | ||||
| from ipapython import version | ||||
| from ipaserver.install.installutils import * | ||||
| from ipaserver import ipaldap | ||||
| from ipaserver.plugins.ldap2 import ldap2 | ||||
|  | ||||
| from ipapython import sysrestore | ||||
| from ipapython.ipautil import * | ||||
| from ipalib import api, util | ||||
| from ipalib import api, errors, util | ||||
|  | ||||
| import ipawebui | ||||
|  | ||||
| @@ -411,19 +410,18 @@ def render_assets(): | ||||
|     ui.render_assets() | ||||
|  | ||||
| def set_subject_in_config(host_name, dm_password, suffix, subject_base): | ||||
|         ldapuri = 'ldap://%s' % host_name | ||||
|         try: | ||||
|             conn = ipaldap.IPAdmin(host_name) | ||||
|             conn.do_simple_bind(bindpw=dm_password) | ||||
|         except Exception, e: | ||||
|             conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn=suffix) | ||||
|             conn.connect(bind_dn='cn=directory manager', bind_pw=dm_password) | ||||
|         except errors.ExecutionError, e: | ||||
|             logging.critical("Could not connect to the Directory Server on %s" % host_name) | ||||
|             raise e | ||||
|         entry = conn.getEntry("cn=ipaConfig, cn=etc, %s" % suffix, ldap.SCOPE_SUBTREE) | ||||
|         if entry.getValue('ipaCertificateSubjectBase') is None: | ||||
|             newentry = entry.toDict() | ||||
|             newentry['ipaCertificateSubjectBase'] = subject_base | ||||
|             conn.updateEntry(entry.dn, entry.toDict(), newentry) | ||||
|  | ||||
|         conn.unbind() | ||||
|         (dn, entry_attrs) = conn.get_ipa_config() | ||||
|         if 'ipacertificatesubjectbase' not in entry_attrs: | ||||
|             mod = {'ipacertificatesubjectbase': subject_base} | ||||
|             conn.update_entry(dn, mod) | ||||
|         conn.disconnect() | ||||
|  | ||||
| def main(): | ||||
|     global ds | ||||
|   | ||||
| @@ -219,19 +219,15 @@ class ldap2(CrudBackend, Encoder): | ||||
|         self.encoder_settings.decode_dict_vals_table = self._SYNTAX_MAPPING | ||||
|         self.encoder_settings.decode_dict_vals_table_keygen = get_syntax | ||||
|         self.encoder_settings.decode_postprocessor = lambda x: string.lower(x) | ||||
|         if ldap_uri is None: | ||||
|             self.ldap_uri = api.env.ldap_uri | ||||
|         else: | ||||
|             self.ldap_uri = ldap_uri | ||||
|         if base_dn is None: | ||||
|             self.base_dn = api.env.basedn | ||||
|         else: | ||||
|             self.base_dn = base_dn | ||||
|         if schema is None: | ||||
|             self.schema = _schema | ||||
|         else: | ||||
|             self.schema = schema | ||||
|  | ||||
|         try: | ||||
|             self.ldap_uri = ldap_uri or api.env.ldap_uri | ||||
|         except AttributeError: | ||||
|             self.ldap_uri = 'ldap://example.com' | ||||
|         try: | ||||
|             self.base_dn = base_dn or api.env.basedn | ||||
|         except AttributeError: | ||||
|             self.base_dn = '' | ||||
|         self.schema = schema or _schema | ||||
|  | ||||
|     def __del__(self): | ||||
|         if self.isconnected(): | ||||
|   | ||||
		Reference in New Issue
	
	Block a user