IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add SIDs for existing users and groups at the end of ipa-adtrust-install

Browse Source 
Fixes https://fedorahosted.org/freeipa/ticket/3104
This commit is contained in:
Sumit Bose
2012-10-02 22:11:17 +02:00
committed by Rob Crittenden
parent f5e839ef21
commit 58a99dd5ac
6 changed files with 43 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
daemons/ipa-slapi-plugins/ipa-sidgen/Makefile.am
View File

@@ -49,6 +49,7 @@ appdir = $(IPA_DATA_DIR)
app_DATA = \ app_DATA = \
ipa-sidgen-conf.ldif \ ipa-sidgen-conf.ldif \
ipa-sidgen-task-conf.ldif \ ipa-sidgen-task-conf.ldif \
ipa-sidgen-task-run.ldif \
$(NULL) $(NULL)
EXTRA_DIST = \ EXTRA_DIST = \

10
daemons/ipa-slapi-plugins/ipa-sidgen/ipa-sidgen-task-example.ldif
View File

@@ -1,10 +0,0 @@
dn: cn=sidgen,cn=ipa-sidgen-task,cn=plugins,cn=config
changetype: add
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
cn: ipa-sidgen-task
nsslapd-pluginPath: libipa_sidgen_task
nsslapd-pluginInitfunc: sidgen_task_init
nsslapd-basedn: $SUFFIX
delay: 0

10
daemons/ipa-slapi-plugins/ipa-sidgen/ipa-sidgen-task-run.ldif Normal file
View File

@@ -0,0 +1,10 @@
dn: cn=sidgen,cn=ipa-sidgen-task,cn=tasks,cn=config
changetype: add
objectClass: top
objectClass: extensibleObject
cn: sidgen
# $SUFFIX must be replaced with the base DN of the IPA directory tree
nsslapd-basedn: $SUFFIX
# delay specifies the time the task should sleep between the generation of SIDs
# in nanoseconds
delay: 0

5
install/tools/ipa-adtrust-install
View File

@@ -61,6 +61,9 @@ def parse_options():
parser.add_option("-A", "--admin-name", parser.add_option("-A", "--admin-name",
sensitive=True, dest="admin_name", default='admin', sensitive=True, dest="admin_name", default='admin',
help="admin user principal") help="admin user principal")
parser.add_option("--add-sids", dest="add_sids", action="store_true",
default=False, help="Add SIDs for existing users and" \
"groups as the final step")
options, args = parser.parse_args() options, args = parser.parse_args()
safe_options = parser.get_safe_opts(options) safe_options = parser.get_safe_opts(options)
@@ -250,7 +253,7 @@ def main():
smb.autobind = service.ENABLED smb.autobind = service.ENABLED
smb.setup(api.env.host, ip_address, api.env.realm, api.env.domain, smb.setup(api.env.host, ip_address, api.env.realm, api.env.domain,
netbios_name, options.rid_base, options.secondary_rid_base, netbios_name, options.rid_base, options.secondary_rid_base,
options.no_msdcs) options.no_msdcs, options.add_sids)
smb.find_local_id_range() smb.find_local_id_range()
smb.create_instance() smb.create_instance()

10
install/tools/man/ipa-adtrust-install.1
View File

@@ -71,6 +71,16 @@ are needed for the IPA domain which should point to all IPA servers:
.IP .IP
\(bu _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs \(bu _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs
.TP .TP
\fB\-\-add\-sids\fR
Add SIDs to existing users and groups as a final step of the
ipa\-adtrust\-install run. If there a many existing users and groups and a
couple of replicas in the environment this operation might lead to a high
replication traffic and a performance degradation of all IPA servers in the
environment. To avoid this the SID generation can be run after
ipa\-adtrust\-install is run and scheduled independently. To start this task
you have to load an edited version of ipa-sidgen-task-run.ldif with the
ldapmodify command info the directory server.
.TP
\fB\-U\fR, \fB\-\-unattended\fR \fB\-U\fR, \fB\-\-unattended\fR
An unattended installation that will never prompt for user input An unattended installation that will never prompt for user input
.TP .TP

19
ipaserver/install/adtrustinstance.py
View File

@@ -110,6 +110,7 @@ class ADTRUSTInstance(service.Service):
self.domain_name = None self.domain_name = None
self.netbios_name = None self.netbios_name = None
self.no_msdcs = None self.no_msdcs = None
self.add_sids = None
self.smbd_user = None self.smbd_user = None
self.suffix = DN() self.suffix = DN()
self.ldapi_socket = None self.ldapi_socket = None
@@ -360,6 +361,16 @@ class ADTRUSTInstance(service.Service):
try: try:
self._ldap_mod("ipa-sidgen-conf.ldif", self.sub_dict) self._ldap_mod("ipa-sidgen-conf.ldif", self.sub_dict)
self._ldap_mod("ipa-sidgen-task-conf.ldif", self.sub_dict) self._ldap_mod("ipa-sidgen-task-conf.ldif", self.sub_dict)
except Exception:
pass
def __add_sids(self):
"""
Add SIDs for existing users and groups
"""
try:
self._ldap_mod("ipa-sidgen-task-run.ldif", self.sub_dict)
except: except:
pass pass
@@ -602,7 +613,8 @@ class ADTRUSTInstance(service.Service):
FQDN = self.fqdn) FQDN = self.fqdn)
def setup(self, fqdn, ip_address, realm_name, domain_name, netbios_name, def setup(self, fqdn, ip_address, realm_name, domain_name, netbios_name,
rid_base, secondary_rid_base, no_msdcs=False, smbd_user="samba"): rid_base, secondary_rid_base, no_msdcs=False, add_sids=False,
smbd_user="samba"):
self.fqdn = fqdn self.fqdn = fqdn
self.ip_address = ip_address self.ip_address = ip_address
self.realm = realm_name self.realm = realm_name
@@ -611,6 +623,7 @@ class ADTRUSTInstance(service.Service):
self.rid_base = rid_base self.rid_base = rid_base
self.secondary_rid_base = secondary_rid_base self.secondary_rid_base = secondary_rid_base
self.no_msdcs = no_msdcs self.no_msdcs = no_msdcs
self.add_sids = add_sids
self.smbd_user = smbd_user self.smbd_user = smbd_user
self.suffix = ipautil.realm_to_suffix(self.realm) self.suffix = ipautil.realm_to_suffix(self.realm)
self.ldapi_socket = "%%2fvar%%2frun%%2fslapd-%s.socket" % \ self.ldapi_socket = "%%2fvar%%2frun%%2fslapd-%s.socket" % \
@@ -700,6 +713,10 @@ class ADTRUSTInstance(service.Service):
self.__configure_selinux_for_smbd) self.__configure_selinux_for_smbd)
self.step("starting CIFS services", self.__start) self.step("starting CIFS services", self.__start)
if self.add_sids:
self.step("adding SIDs to existing users and groups",
self.__add_sids)
self.start_creation("Configuring CIFS:") self.start_creation("Configuring CIFS:")
def uninstall(self): def uninstall(self):