IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix winsync agreements creation

Browse Source 
Due to recent addition of ID range support to DsInstance, the class
could no longer be instantiated when realm_name was passed but
ID range parameters were not. This condition broke winsync agreements
creation in ipa-replica-manage.

Make sure that ID range computation in DsInstance does not crash in
this cases so that winsync replica can be created. Also convert --binddn
option of ipa-replica-manage script to IPA native DN type so that
setup_agreement does not crash.

https://fedorahosted.org/freeipa/ticket/2987
This commit is contained in:
Martin Kosek 2012-08-13 09:38:24 +02:00 committed by Rob Crittenden
parent 94d457e83c
commit 6341eff078
4 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
install/tools/ipa-replica-manage
View File

@ -31,6 +31,7 @@ from ipapython import version
from ipalib import api, errors, util from ipalib import api, errors, util
from ipapython.ipa_log_manager import * from ipapython.ipa_log_manager import *
from ipapython.dn import DN from ipapython.dn import DN
from ipapython.config import IPAOptionParser
CACERT = "/etc/ipa/ca.crt" CACERT = "/etc/ipa/ca.crt"
@ -48,16 +49,14 @@ commands = {
} }
def parse_options(): def parse_options():
from optparse import OptionParser parser = IPAOptionParser(version=version.VERSION)
parser = OptionParser(version=version.VERSION)
parser.add_option("-H", "--host", dest="host", help="starting host") parser.add_option("-H", "--host", dest="host", help="starting host")
parser.add_option("-p", "--password", dest="dirman_passwd", help="Directory Manager password") parser.add_option("-p", "--password", dest="dirman_passwd", help="Directory Manager password")
parser.add_option("-v", "--verbose", dest="verbose", action="store_true", default=False, parser.add_option("-v", "--verbose", dest="verbose", action="store_true", default=False,
help="provide additional information") help="provide additional information")
parser.add_option("-f", "--force", dest="force", action="store_true", default=False, parser.add_option("-f", "--force", dest="force", action="store_true", default=False,
help="ignore some types of errors") help="ignore some types of errors")
parser.add_option("--binddn", dest="binddn", default=None, parser.add_option("--binddn", dest="binddn", default=None, type="dn",
help="Bind DN to use with remote server") help="Bind DN to use with remote server")
parser.add_option("--bindpw", dest="bindpw", default=None, parser.add_option("--bindpw", dest="bindpw", default=None,
help="Password for Bind DN to use with remote server") help="Password for Bind DN to use with remote server")

10
ipapython/config.py
View File

@ -22,6 +22,7 @@ from optparse import Option, Values, OptionParser, IndentedHelpFormatter, Option
from copy import copy from copy import copy
from dns import resolver, rdatatype from dns import resolver, rdatatype
from dns.exception import DNSException from dns.exception import DNSException
from ipapython.dn import DN
import dns.name import dns.name
import socket import socket
@ -59,15 +60,22 @@ def check_ip_option(option, opt, value):
except Exception as e: except Exception as e:
raise OptionValueError("option %s: invalid IP address %s: %s" % (opt, value, e)) raise OptionValueError("option %s: invalid IP address %s: %s" % (opt, value, e))
def check_dn_option(option, opt, value):
try:
return DN(value)
except Exception, e:
raise OptionValueError("option %s: invalid DN: %s" % (opt, e))
class IPAOption(Option): class IPAOption(Option):
""" """
optparse.Option subclass with support of options labeled as optparse.Option subclass with support of options labeled as
security-sensitive such as passwords. security-sensitive such as passwords.
""" """
ATTRS = Option.ATTRS + ["sensitive", "ip_local", "ip_netmask"] ATTRS = Option.ATTRS + ["sensitive", "ip_local", "ip_netmask"]
TYPES = Option.TYPES + ("ip",) TYPES = Option.TYPES + ("ip", "dn")
TYPE_CHECKER = copy(Option.TYPE_CHECKER) TYPE_CHECKER = copy(Option.TYPE_CHECKER)
TYPE_CHECKER["ip"] = check_ip_option TYPE_CHECKER["ip"] = check_ip_option
TYPE_CHECKER["dn"] = check_dn_option
class IPAOptionParser(OptionParser): class IPAOptionParser(OptionParser):
""" """

6
ipaserver/install/dsinstance.py
View File

@ -313,6 +313,10 @@ class DsInstance(service.Service):
def __setup_sub_dict(self): def __setup_sub_dict(self):
server_root = find_server_root() server_root = find_server_root()
try:
idrange_size = self.idmax - self.idstart + 1
except TypeError:
idrange_size = None
self.sub_dict = dict(FQDN=self.fqdn, SERVERID=self.serverid, self.sub_dict = dict(FQDN=self.fqdn, SERVERID=self.serverid,
PASSWORD=self.dm_password, PASSWORD=self.dm_password,
RANDOM_PASSWORD=self.generate_random(), RANDOM_PASSWORD=self.generate_random(),
@ -323,7 +327,7 @@ class DsInstance(service.Service):
IDMAX=self.idmax, HOST=self.fqdn, IDMAX=self.idmax, HOST=self.fqdn,
ESCAPED_SUFFIX=str(self.suffix), ESCAPED_SUFFIX=str(self.suffix),
GROUP=DS_GROUP, GROUP=DS_GROUP,
IDRANGE_SIZE=self.idmax-self.idstart+1 IDRANGE_SIZE=idrange_size
) )
def __create_ds_user(self): def __create_ds_user(self):

2
ipaserver/install/replication.py
View File

@ -818,7 +818,7 @@ class ReplicationManager(object):
ad_conn.set_option(ldap.OPT_X_TLS_CACERTFILE, cacert) ad_conn.set_option(ldap.OPT_X_TLS_CACERTFILE, cacert)
ad_conn.set_option(ldap.OPT_X_TLS_NEWCTX, 0) ad_conn.set_option(ldap.OPT_X_TLS_NEWCTX, 0)
ad_conn.start_tls_s() ad_conn.start_tls_s()
ad_conn.simple_bind_s(ad_binddn, ad_pwd) ad_conn.simple_bind_s(str(ad_binddn), ad_pwd)
res = ad_conn.search_s("", ldap.SCOPE_BASE, '(objectClass=*)', res = ad_conn.search_s("", ldap.SCOPE_BASE, '(objectClass=*)',
['defaultNamingContext']) ['defaultNamingContext'])
for dn,entry in res: for dn,entry in res: