Fall back to DM password if GSSAPI fails and make deleting more user-friendly

Try to be a bit more descriptive about why a deletion fails and generate a prettier error message.
2025-01-11 00:31:56 -06:00 · 2010-05-27 17:43:08 -04:00 · 2010-05-27 17:43:08 -04:00 · af49945ae4
commit af49945ae4
parent 8911c92c8d
1 changed files with 40 additions and 10 deletions
--- a/install/tools/ipa-replica-manage
+++ b/install/tools/ipa-replica-manage
@ -86,6 +86,22 @@ def get_host_name():

    return hostname

+def test_connection(host):
+    """
+    Make a GSSAPI connection to the remote LDAP server to test out credentials.
+
+    This is used so we can fall back to promping for the DM password.
+
+    returns True if connection successful, False otherwise
+    """
+    try:
+        replman = replication.ReplicationManager(host, None)
+        dns = replman.find_replication_dns(replman.conn)
+        del replman
+        return True
+    except ldap.LOCAL_ERROR:
+        return False
+
 def list_masters(replman, verbose):
    dns = replman.find_replication_dns(replman.conn)

@ -109,17 +125,29 @@ def del_master(replman, hostname, force=False):
        print "No replication agreement found for '%s'" % hostname
        return

+    # Delete the remote agreement first
    if t == replication.IPA_REPLICA:
+        failed = False
        try:
            other_replman = replication.ReplicationManager(hostname, dirman_passwd=None)
            other_replman.suffix = get_suffix()
            other_replman.delete_agreement(replman.conn.host)
+        except ldap.LDAPError, e:
+            desc = e.args[0]['desc'].strip()
+            info = e.args[0].get('info', '').strip()
+            print "Unable to remove agreement on %s: %s: %s" % (hostname, desc, info)
+            failed = True
        except Exception, e:
-            if force:
-                print "Unable to remove agreement on %s: %s" % (hostname, str(e))
-            else:
-                raise e
+            print "Unable to remove agreement on %s: %s" % (hostname, str(e))
+            failed = True

+        if failed:
+            if force:
+                print "Forcing removal on local server"
+            else:
+                return
+
+    # Delete the local agreement
    replman.delete_agreement(hostname)

 def add_master(replman, hostname, options):
@ -185,17 +213,17 @@ def main():
    
    dirman_passwd = None

-    if options.dirman_passwd:
-        dirman_passwd = options.dirman_passwd
-    else:
-        if args[0] in ["add", "init"]:
-            dirman_passwd = getpass.getpass("Directory Manager password: ")
-
    if options.host:
        host = options.host
    else:
        host = get_host_name()

+    if options.dirman_passwd:
+        dirman_passwd = options.dirman_passwd
+    else:
+        if (not test_connection(host)) or args[0] in ["add", "init"]:
+            dirman_passwd = getpass.getpass("Directory Manager password: ")
+
    r = replication.ReplicationManager(host, dirman_passwd)
    r.suffix = get_suffix()

@ -240,6 +268,8 @@ except ldap.INSUFFICIENT_ACCESS:
 except ldap.LOCAL_ERROR, e:
    print e.args[0]['info']
    sys.exit(1)
+except ldap.SERVER_DOWN, e:
+    print e.args[0]['desc']
 except Exception, e:
    print "unexpected error: %s" % str(e)
    sys.exit(1)