mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 23:50:03 -06:00
Upgrade: add gidnumber to trusted domain entry
The trusted domain entries created in earlier versions are missing gidnumber. During upgrade, a new plugin will read the gidnumber of the fallback group cn=Default SMB Group and add this value to trusted domain entries which do not have a gidNumber. https://pagure.io/freeipa/issue/6827 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
parent
e052c2dce0
commit
5405de5bc1
@ -10,6 +10,7 @@ plugin: update_sigden_extdom_broken_config
|
||||
plugin: update_sids
|
||||
plugin: update_default_range
|
||||
plugin: update_default_trust_view
|
||||
plugin: update_tdo_gidnumber
|
||||
plugin: update_ca_renewal_master
|
||||
plugin: update_idrange_type
|
||||
plugin: update_pacs
|
||||
|
@ -22,6 +22,7 @@ from ipalib import Updater
|
||||
from ipapython.dn import DN
|
||||
from ipapython.ipa_log_manager import root_logger
|
||||
from ipaserver.install import sysupgrade
|
||||
from ipaserver.install.adtrustinstance import ADTRUSTInstance
|
||||
|
||||
register = Registry()
|
||||
|
||||
@ -316,3 +317,58 @@ class update_sids(Updater):
|
||||
|
||||
sysupgrade.set_upgrade_state('sidgen', 'update_sids', False)
|
||||
return False, ()
|
||||
|
||||
|
||||
@register()
|
||||
class update_tdo_gidnumber(Updater):
|
||||
"""
|
||||
Create a gidNumber attribute for Trusted Domain Objects.
|
||||
|
||||
The value is taken from the fallback group defined in cn=Default SMB Group.
|
||||
"""
|
||||
def execute(self, **options):
|
||||
ldap = self.api.Backend.ldap2
|
||||
|
||||
# Read the gidnumber of the fallback group
|
||||
dn = DN(('cn', ADTRUSTInstance.FALLBACK_GROUP_NAME),
|
||||
self.api.env.container_group,
|
||||
self.api.env.basedn)
|
||||
|
||||
try:
|
||||
entry = ldap.get_entry(dn, ['gidnumber'])
|
||||
gidNumber = entry.get('gidnumber')
|
||||
except errors.NotFound:
|
||||
self.log.error("{0} not found".format(
|
||||
ADTRUSTInstance.FALLBACK_GROUP_NAME))
|
||||
return False, ()
|
||||
|
||||
if not gidNumber:
|
||||
self.log.error("{0} does not have a gidnumber".format(
|
||||
ADTRUSTInstance.FALLBACK_GROUP_NAME))
|
||||
return False, ()
|
||||
|
||||
# For each trusted domain object, add gidNumber
|
||||
try:
|
||||
tdos = ldap.get_entries(
|
||||
DN(self.api.env.container_adtrusts, self.api.env.basedn),
|
||||
scope=ldap.SCOPE_ONELEVEL,
|
||||
filter="(objectclass=ipaNTTrustedDomain)",
|
||||
attrs_list=['gidnumber'])
|
||||
for tdo in tdos:
|
||||
# if the trusted domain object does not contain gidnumber,
|
||||
# add the default fallback group gidnumber
|
||||
if not tdo.get('gidnumber'):
|
||||
try:
|
||||
tdo['gidnumber'] = gidNumber
|
||||
ldap.update_entry(tdo)
|
||||
self.log.debug("Added gidnumber {0} to {1}".format(
|
||||
gidNumber, tdo.dn))
|
||||
except Exception:
|
||||
self.log.warning(
|
||||
"Failed to add gidnumber to {0}".format(tdo.dn))
|
||||
|
||||
except errors.NotFound:
|
||||
self.log.debug("No trusted domain object to update")
|
||||
return False, ()
|
||||
|
||||
return False, ()
|
||||
|
Loading…
Reference in New Issue
Block a user