activate CLDAP

install/tools/ipa-adtrust-install

@@ -214,6 +214,7 @@ def main():
     print "\t\tUDP Ports:"
     print "\t\t  * 138: netbios-dgm"
     print "\t\t  * 139: netbios-ssn"
+    print "\t\t  * 389: (C)LDAP"
     print "\t\t  * 445: microsoft-ds"
     print ""
     print "\tAdditionally you have to make sure the FreeIPA LDAP server cannot reached"
@@ -221,8 +222,6 @@ def main():
     print "\tfollowing ports for these servers:"
     print "\t\tTCP Ports:"
     print "\t\t  * 389, 636: LDAP/LDAPS"
-    print "\t\tUDP Ports:"
-    print "\t\t  * 389: (C)LDAP"
     print "\tYou may want to choose to REJECT the network packets instead of DROPing them"
     print "\tto avoid timeouts on the AD domain controllers."
 

ipaserver/install/adtrustinstance.py

@@ -254,6 +254,9 @@ class ADTRUSTInstance(service.Service):
         conf_fd.write('config backend = registry\n')
         conf_fd.close()
 
+    def __add_cldap_module(self):
+        self._ldap_mod("ipa-cldap-conf.ldif", self.sub_dict)
+
     def __write_smb_registry(self):
         template = os.path.join(ipautil.SHARE_DIR, "smb.conf.template")
         conf = ipautil.template_file(template, self.sub_dict)
@@ -415,6 +418,7 @@ class ADTRUSTInstance(service.Service):
                   self.__set_smb_ldap_password)
         self.step("Adding cifs Kerberos principal", self.__setup_principal)
         self.step("Adding admin(group) SIDs", self.__add_admin_sids)
+        self.step("Activation CLDAP plugin", self.__add_cldap_module)
         self.step("configuring smbd to start on boot", self.__enable)
         if not self.no_msdcs:
             self.step("adding special DNS service records", \