IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Let 389-ds start up even if Kerboros is not configured yet.

Browse Source 
The situation is if during installation /etc/krb5.conf either doesn't
exist or configures no realms then 389-ds won't start up at all, causing
the installation to fail. This will let the server start up in a degraded
mode.

Also need to make the sub_dict in ldapupdate.py handle no realm otherwise
the installation will abort enabling the compat plugin.

ticket 606
This commit is contained in:
Rob Crittenden 2011-02-10 22:26:46 -05:00
parent b46faf9dfc
commit c9431749a0
4 changed files with 38 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c
View File

@ -101,6 +101,13 @@ ipaenrollement_secure(Slapi_PBlock *pb, char **errMesg)
goto done; goto done;
} }
if (NULL == realm) {
*errMesg = "Kerberos realm is not set.\n";
LOG_FATAL("%s", errMesg);
rc = LDAP_OPERATIONS_ERROR;
goto done;
}
if ((0 == is_ssl) && (sasl_ssf <= 1)) { if ((0 == is_ssl) && (sasl_ssf <= 1)) {
*errMesg = "Operation requires a secure connection.\n"; *errMesg = "Operation requires a secure connection.\n";
rc = LDAP_CONFIDENTIALITY_REQUIRED; rc = LDAP_CONFIDENTIALITY_REQUIRED;
@ -144,6 +151,13 @@ ipa_join(Slapi_PBlock *pb)
char *principal = NULL; char *principal = NULL;
struct berval retbval; struct berval retbval;
if (NULL == realm) {
errMesg = "Kerberos realm is not set.\n";
LOG_FATAL("%s", errMesg);
rc = LDAP_OPERATIONS_ERROR;
goto done;
}
/* Get Bind DN */ /* Get Bind DN */
slapi_pblock_get(pb, SLAPI_CONN_DN, &bindDN); slapi_pblock_get(pb, SLAPI_CONN_DN, &bindDN);
@ -363,18 +377,21 @@ ipaenrollment_start(Slapi_PBlock *pb)
krberr = krb5_init_context(&krbctx); krberr = krb5_init_context(&krbctx);
if (krberr) { if (krberr) {
LOG_FATAL("krb5_init_context failed\n"); LOG_FATAL("krb5_init_context failed\n");
return LDAP_OPERATIONS_ERROR; /* Yes, we failed, but it is because /etc/krb5.conf doesn't exist
* or is misconfigured. Start up in a degraded mode.
*/
goto done;
} }
ret = krb5_get_default_realm(krbctx, &realm); krberr = krb5_get_default_realm(krbctx, &realm);
if (ret) { if (krberr) {
realm = NULL;
LOG_FATAL("Failed to get default realm?!\n"); LOG_FATAL("Failed to get default realm?!\n");
ret = LDAP_OPERATIONS_ERROR; goto done;
} }
if (slapi_pblock_get(pb, SLAPI_TARGET_DN, &config_dn) != 0) { if (slapi_pblock_get(pb, SLAPI_TARGET_DN, &config_dn) != 0) {
LOG_FATAL("No config DN?\n"); LOG_FATAL("No config DN?\n");
ret = LDAP_OPERATIONS_ERROR;
goto done; goto done;
} }
sdn = slapi_sdn_new_dn_byref(config_dn); sdn = slapi_sdn_new_dn_byref(config_dn);

9
daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
View File

@ -1069,7 +1069,10 @@ static int ipapwd_start( Slapi_PBlock *pb )
krberr = krb5_init_context(&krbctx); krberr = krb5_init_context(&krbctx);
if (krberr) { if (krberr) {
LOG_FATAL("krb5_init_context failed\n"); LOG_FATAL("krb5_init_context failed\n");
return LDAP_OPERATIONS_ERROR; /* Yes, we failed, but it is because /etc/krb5.conf doesn't exist
* or is misconfigured. Start up in a degraded mode.
*/
return LDAP_SUCCESS;
} }
if (slapi_pblock_get(pb, SLAPI_TARGET_DN, &config_dn) != 0) { if (slapi_pblock_get(pb, SLAPI_TARGET_DN, &config_dn) != 0) {
@ -1079,8 +1082,8 @@ static int ipapwd_start( Slapi_PBlock *pb )
} }
if (ipapwd_getEntry(config_dn, &config_entry, NULL) != LDAP_SUCCESS) { if (ipapwd_getEntry(config_dn, &config_entry, NULL) != LDAP_SUCCESS) {
LOG_FATAL("No config Entry?\n"); LOG_FATAL("No config Entry extop?\n");
ret = LDAP_OPERATIONS_ERROR; ret = LDAP_SUCCESS;
goto done; goto done;
} }

1
daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
View File

@ -311,6 +311,7 @@ static struct ipapwd_krbcfg *ipapwd_getConfig(void)
ret = ipapwd_getEntry(ipa_etc_config_dn, &config_entry, NULL); ret = ipapwd_getEntry(ipa_etc_config_dn, &config_entry, NULL);
if (ret != LDAP_SUCCESS) { if (ret != LDAP_SUCCESS) {
LOG_FATAL("No config Entry?\n"); LOG_FATAL("No config Entry?\n");
goto free_and_error;
} else { } else {
tmparray = slapi_entry_attr_get_charray(config_entry, tmparray = slapi_entry_attr_get_charray(config_entry,
"ipaConfigString"); "ipaConfigString");

14
ipaserver/install/ldapupdate.py
View File

@ -68,6 +68,12 @@ class LDAPUpdate:
self.pw_name = pwd.getpwuid(os.geteuid()).pw_name self.pw_name = pwd.getpwuid(os.geteuid()).pw_name
krbctx = krbV.default_context() krbctx = krbV.default_context()
try:
self.realm = krbctx.default_realm
suffix = util.realm_to_suffix(self.realm)
except krbV.Krb5Error:
self.realm = None
suffix = None
fqdn = installutils.get_fqdn() fqdn = installutils.get_fqdn()
if fqdn is None: if fqdn is None:
@ -75,16 +81,14 @@ class LDAPUpdate:
domain = ipautil.get_domain_name() domain = ipautil.get_domain_name()
libarch = self.__identify_arch() libarch = self.__identify_arch()
suffix = util.realm_to_suffix(krbctx.default_realm)
self.realm = krbctx.default_realm
if not self.sub_dict.get("REALM"): if not self.sub_dict.get("REALM") and self.realm is not None:
self.sub_dict["REALM"] = krbctx.default_realm self.sub_dict["REALM"] = self.realm
if not self.sub_dict.get("FQDN"): if not self.sub_dict.get("FQDN"):
self.sub_dict["FQDN"] = fqdn self.sub_dict["FQDN"] = fqdn
if not self.sub_dict.get("DOMAIN"): if not self.sub_dict.get("DOMAIN"):
self.sub_dict["DOMAIN"] = domain self.sub_dict["DOMAIN"] = domain
if not self.sub_dict.get("SUFFIX"): if not self.sub_dict.get("SUFFIX") and suffix is not None:
self.sub_dict["SUFFIX"] = suffix self.sub_dict["SUFFIX"] = suffix
if not self.sub_dict.get("ESCAPED_SUFFIX"): if not self.sub_dict.get("ESCAPED_SUFFIX"):
self.sub_dict["ESCAPED_SUFFIX"] = escape_dn_chars(suffix) self.sub_dict["ESCAPED_SUFFIX"] = escape_dn_chars(suffix)