Fix traceback in ipa-nis-manage.

The root user cannot use ldapi because of the autobind configuration. Fall back to a standard GSSAPI sasl bind if the external bind fails. With --ldapi a regular user may be trying this as well, catch that and report a reasonable error message. This also gives priority to the DM password if it is passed in. Also require the user be root to run the ipa-nis-manage command. We enable/disable and start/stop services which need to be done as root. Add a new option to ipa-ldap-updater to prompt for the DM password. Remove restriction to be run as root except when doing an upgrade. Ticket 1157
2025-02-25 18:55:28 -06:00 · 2011-04-11 15:30:11 -04:00
parent 68ff18ed10
commit d42bf3f530
4 changed files with 42 additions and 31 deletions
--- a/install/tools/ipa-ldap-updater
+++ b/install/tools/ipa-ldap-updater
@@ -58,6 +58,9 @@ def parse_options():
                      default=False, help="Connect to the LDAP server using the ldapi socket")
    parser.add_option("-u", '--upgrade', action="store_true", dest="upgrade",
                      default=False, help="Upgrade an installed server in offline mode")
+    parser.add_option("-W", '--password', action="store_true",
+                      dest="ask_password",
+                      help="Prompt for the Directory Manager password")

    options, args = parser.parse_args()
    safe_options = parser.get_safe_opts(options)
@@ -92,7 +95,7 @@ def main():
        pw = ipautil.template_file(options.password, [])
        dirman_password = pw.strip()
    else:
-        if not options.ldapi and not options.upgrade:
+        if (options.ask_password or not options.ldapi) and not options.upgrade:
            dirman_password = get_dirman_password()

    files = []
@@ -112,8 +115,6 @@ def main():
        modified = upgrade.modified
        badsyntax = upgrade.badsyntax
    else:
-        if os.getegid() == 0 and options.ldapi:
-            sys.exit('ldapi cannot be used by root')
        # Clear all existing log handlers, this is need to log as root
        loggers = logging.getLogger()
        if loggers.handlers:
--- a/install/tools/ipa-nis-manage
+++ b/install/tools/ipa-nis-manage
@@ -83,6 +83,9 @@ def main():
    files = ['/usr/share/ipa/nis.uldif']
    servicemsg = ""

+    if os.getegid() != 0:
+        sys.exit('Must be root to use this tool.')
+
    options, args = parse_options()
    if options.debug:
        loglevel = logging.DEBUG
--- a/install/tools/man/ipa-ldap-updater.1
+++ b/install/tools/man/ipa-ldap-updater.1
@@ -79,6 +79,9 @@ Connect to the LDAP server using the ldapi socket
 .TP
 \fB\-u\fR, \fB\-\-\-upgrade\fR
 Upgrade an installed server in offline mode (implies \-\-ldapi)
+.TP
+\fB\-W\fR, \fB\-\-\-password\fR
+Prompt for the Directory Manager password
 .SH "EXIT STATUS"
 0 if the command was successful