Verify current domain with user during installation

Use that domain when creating replicas

Resolves 432066

ipa-server/ipa-install/ipa-replica-install

@@ -70,6 +70,7 @@ def read_info(dir, rconfig):
     rconfig.realm_name = config.get("realm", "realm_name")
     rconfig.master_host_name = config.get("realm", "master_host_name")
     rconfig.ds_user = config.get("realm", "ds_user")
+    rconfig.domain_name = config.get("realm", "domain_name")
 
 def get_host_name():
     hostname = installutils.get_fqdn()
@@ -98,13 +99,13 @@ def install_ds(config):
                        config.dir + "/pwdfile.txt")
 
     ds = dsinstance.DsInstance()
-    ds.create_instance(config.ds_user, config.realm_name, config.host_name, config.dirman_password, pkcs12_info)
+    ds.create_instance(config.ds_user, config.realm_name, config.host_name, config.domain_name, config.dirman_password, pkcs12_info)
 
 def install_krb(config):
     krb = krbinstance.KrbInstance()
     ldappwd_filename = config.dir + "/ldappwd"
     krb.create_replica(config.ds_user, config.realm_name, config.host_name,
-                       config.dirman_password, ldappwd_filename)
+                       config.domain_name, config.dirman_password, ldappwd_filename)
 
 def install_http(config):
     # if we have a pkcs12 file, create the cert db from
@@ -116,7 +117,7 @@ def install_http(config):
                        config.dir + "/pwdfile.txt")
 
     http = httpinstance.HTTPInstance()
-    http.create_instance(config.realm_name, config.host_name, False, pkcs12_info)
+    http.create_instance(config.realm_name, config.host_name, config.domain_name, False, pkcs12_info)
 
     # Now copy the autoconfiguration files
     try:

ipa-server/ipa-install/ipa-replica-prepare

@@ -28,7 +28,8 @@ from optparse import OptionParser
 
 import ipa.config
 from ipa import ipautil
-from ipaserver import dsinstance, installutils, certs
+from ipaserver import dsinstance, installutils, certs, ipaldap
+import ldap
 
 def usage():
     print "ipa-replica-prepate FQDN (e.g. replica.example.com)"
@@ -56,8 +57,27 @@ def get_host_name():
     return hostname
 
 def get_realm_name():
-    c = krbV.default_context()
-    return c.default_realm
+    try:
+        c = krbV.default_context()
+        return c.default_realm
+    except Exception, e:
+        return None
+
+def get_domain_name():
+    try:
+        conn = ipaldap.IPAdmin("127.0.0.1")
+        conn.simple_bind_s("", "")
+
+        context = conn.getEntry("", ldap.SCOPE_BASE, '(objectclass=*)', [ 'namingContexts' ])
+        conn.unbind()
+    except Exception, e:
+        return None
+
+    domain_name = context.getValue('namingContexts')
+    domain_name = domain_name.replace('dc=','')
+    domain_name = domain_name.replace(',','.')
+
+    return domain_name
 
 def check_ipa_configuration(realm_name):
     config_dir = dsinstance.config_dirname(dsinstance.realm_to_serverid(realm_name))
@@ -96,6 +116,9 @@ def export_certdb(realm_name, ds_dir, dir, fname, subject):
     os.unlink(dir + "/cert8.db")
     os.unlink(dir + "/key3.db")
     os.unlink(dir + "/secmod.db")
+    os.unlink(dir + "/noise.txt")
+    if ipautil.file_exists(passwd_fname + ".orig"):
+        os.unlink(passwd_fname + ".orig")
 
 def get_ds_user(ds_dir):
     uid = os.stat(ds_dir).st_uid
@@ -103,12 +126,13 @@ def get_ds_user(ds_dir):
 
     return user
 
-def save_config(dir, realm_name, host_name, ds_user):
+def save_config(dir, realm_name, host_name, ds_user, domain_name):
     config = SafeConfigParser()
     config.add_section("realm")
     config.set("realm", "realm_name", realm_name)
     config.set("realm", "master_host_name", host_name)
     config.set("realm", "ds_user", ds_user)
+    config.set("realm", "domain_name", domain_name)
     fd = open(dir + "/realm_info", "w")
     config.write(fd)
 
@@ -128,9 +152,20 @@ def main():
 
     replica_fqdn = args[1]
 
+    print "Determining current realm name"
     realm_name = get_realm_name()
+    if realm_name is None:
+        print "Unable to determine default realm"
+        sys.exit(1)
+
     check_ipa_configuration(realm_name)
 
+    print "Getting domain name from LDAP"
+    domain_name = get_domain_name()
+    if domain_name is None:
+        print "Unable to determine LDAP default domain"
+        sys.exit(1)
+
     host_name = get_host_name()
     ds_dir = dsinstance.config_dirname(dsinstance.realm_to_serverid(realm_name))
     ds_user = get_ds_user(ds_dir)
@@ -148,7 +183,7 @@ def main():
     print "Copying additional files"
     copy_files(realm_name, dir)
     print "Finalizing configuration"
-    save_config(dir, realm_name, host_name, ds_user)
+    save_config(dir, realm_name, host_name, ds_user, domain_name)
 
     print "Packaging the replica into %s" % "replica-info-" + replica_fqdn
     ipautil.run(["/bin/tar", "cfz", "replica-info-" + replica_fqdn, "-C", top_dir, "realm_info"])
@@ -159,7 +194,7 @@ try:
     if not os.geteuid()==0:
         sys.exit("\nYou must be root to run this script.\n")
     if not ipautil.file_exists("/usr/share/ipa/serial"):
-        sys.exist("The replica must be created on the primary IPA server.")
+        sys.exit("The replica must be created on the primary IPA server.")
 
     main()
 except SystemExit, e:

ipa-server/ipa-install/ipa-server-install

@@ -57,6 +57,8 @@ def parse_options():
                       help="ds user")
     parser.add_option("-r", "--realm", dest="realm_name",
                       help="realm name")
+    parser.add_option("-n", "--domain", dest="domain_name",
+                      help="domain name")
     parser.add_option("-p", "--ds-password", dest="dm_password",
                       help="admin password")
     parser.add_option("-P", "--master-password", dest="master_password",
@@ -206,6 +208,15 @@ def read_ds_user():
 
     return ds_user
 
+def read_domain_name(domain_name):
+    print "The domain name has been calculated based on the host name."
+    print ""
+    dn = raw_input("Please confirm the domain name ["+domain_name+"]: ")
+    print ""
+    if dn != "":
+        domain_name = dn
+    return domain_name
+
 def read_realm_name(domain_name):
     print "The kerberos protocol requires a Realm name to be defined."
     print "This is typically the domain name converted to uppercase."
@@ -357,8 +368,12 @@ def main():
         host_name = host_default
     else:
         host_name = read_host_name(host_default)
-    
-    domain_name = host_name[host_name.find(".")+1:]
+
+    if not options.domain_name:
+        domain_name = host_name[host_name.find(".")+1:]
+        domain_name = read_domain_name(domain_name)
+    else:
+        realm_name = options.realm_name
 
     # Check we have a public IP that is associated with the hostname
     ip = resolve_host(host_name)
@@ -432,21 +447,21 @@ def main():
 
     # Create a directory server instance
     ds = ipaserver.dsinstance.DsInstance()
-    ds.create_instance(ds_user, realm_name, host_name, dm_password)
+    ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password)
 
     # Create a kerberos instance
     krb = ipaserver.krbinstance.KrbInstance()
-    krb.create_instance(ds_user, realm_name, host_name, dm_password, master_password)
+    krb.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, master_password)
 
     # Create a HTTP instance
     http = ipaserver.httpinstance.HTTPInstance()
-    http.create_instance(realm_name, host_name)
+    http.create_instance(realm_name, host_name, domain_name)
 
     # Create a Web Gui instance
     webgui = ipaserver.httpinstance.WebGuiInstance()
     webgui.create_instance()
 
-    bind.setup(host_name, ip_address, realm_name)
+    bind.setup(host_name, ip_address, realm_name, domain_name)
     if options.setup_bind:
         skipbind = False
         if not options.unattended:

ipa-server/ipaserver/bindinstance.py

@@ -37,12 +37,12 @@ class BindInstance(service.Service):
         self.realm = None
         self.sub_dict = None
 
-    def setup(self, fqdn, ip_address, realm_name):
+    def setup(self, fqdn, ip_address, realm_name, domain_name):
         self.fqdn = fqdn
         self.ip_address = ip_address
         self.realm = realm_name
-        self.domain = fqdn[fqdn.find(".")+1:]
-        self.host = fqdn[:fqdn.find(".")]
+        self.domain = domain_name
+        self.host = domain_name[:domain_name.find(".")]
 
         self.__setup_sub_dict()
 

ipa-server/ipaserver/dsinstance.py

@@ -109,14 +109,14 @@ class DsInstance(service.Service):
         self.domain = None
         self.pkcs12_info = None
 
-    def create_instance(self, ds_user, realm_name, host_name, dm_password, pkcs12_info=None):
+    def create_instance(self, ds_user, realm_name, host_name, domain_name, dm_password, pkcs12_info=None):
         self.ds_user = ds_user
         self.realm_name = realm_name.upper()
         self.serverid = realm_to_serverid(self.realm_name)
         self.suffix = realm_to_suffix(self.realm_name)
         self.host_name = host_name
         self.dm_password = dm_password
-        self.domain = host_name[host_name.find(".")+1:]
+        self.domain = domain_name
         self.pkcs12_info = pkcs12_info
         self.__setup_sub_dict()
         

ipa-server/ipaserver/httpinstance.py

@@ -55,10 +55,10 @@ class HTTPInstance(service.Service):
     def __init__(self):
         service.Service.__init__(self, "httpd")
 
-    def create_instance(self, realm, fqdn, autoconfig=True, pkcs12_info=None):
+    def create_instance(self, realm, fqdn, domain_name, autoconfig=True, pkcs12_info=None):
         self.fqdn = fqdn
         self.realm = realm
-        self.domain = fqdn[fqdn.find(".")+1:]
+        self.domain = domain_name
         self.pkcs12_info = pkcs12_info
         self.sub_dict = { "REALM" : realm, "FQDN": fqdn, "DOMAIN" : self.domain }
         

ipa-server/ipaserver/krbinstance.py

@@ -48,10 +48,6 @@ import pyasn1.codec.ber.decoder
 import struct
 import base64
 
-def host_to_domain(fqdn):
-    s = fqdn.split(".")
-    return ".".join(s[1:])
-
 def update_key_val_in_file(filename, key, val):
     if os.path.exists(filename):
         pattern = "^[\s#]*%s\s*=\s*%s\s*" % (re.escape(key), re.escape(val))
@@ -92,13 +88,13 @@ class KrbInstance(service.Service):
 
         self.kpasswd = KpasswdInstance()
 
-    def __common_setup(self, ds_user, realm_name, host_name, admin_password):
+    def __common_setup(self, ds_user, realm_name, host_name, domain_name, admin_password):
         self.ds_user = ds_user
         self.fqdn = host_name        
         self.realm = realm_name.upper()
         self.host = host_name.split(".")[0]
         self.ip = socket.gethostbyname(host_name)
-        self.domain = host_to_domain(host_name)        
+        self.domain = domain_name
         self.suffix = ipautil.realm_to_suffix(self.realm)
         self.kdc_password = ipautil.ipa_generate_password()
         self.admin_password = admin_password
@@ -124,10 +120,10 @@ class KrbInstance(service.Service):
         self.step("starting the KDC", self.__start_instance)
         self.step("configuring KDC to start on boot", self.__enable)
 
-    def create_instance(self, ds_user, realm_name, host_name, admin_password, master_password):
+    def create_instance(self, ds_user, realm_name, host_name, domain_name, admin_password, master_password):
         self.master_password = master_password
 
-        self.__common_setup(ds_user, realm_name, host_name, admin_password)
+        self.__common_setup(ds_user, realm_name, host_name, domain_name, admin_password)
 
         self.step("setting KDC account password", self.__configure_kdc_account_password)
         self.step("adding sasl mappings to the directory", self.__configure_sasl_mappings)
@@ -146,10 +142,10 @@ class KrbInstance(service.Service):
 
         self.kpasswd.create_instance()
 
-    def create_replica(self, ds_user, realm_name, host_name, admin_password, ldap_passwd_filename):
+    def create_replica(self, ds_user, realm_name, host_name, domain_name, admin_password, ldap_passwd_filename):
         self.__copy_ldap_passwd(ldap_passwd_filename)
 
-        self.__common_setup(ds_user, realm_name, host_name, admin_password)
+        self.__common_setup(ds_user, realm_name, host_name, domain_name, admin_password)
 
         self.step("adding sasl mappings to the directory", self.__configure_sasl_mappings)
         self.step("writing stash file from DS", self.__write_stash_from_ds)