mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
Move realm_to_serverid/ldap_uri to ipaldap
The helper function realm_to_serverid() and realm_to_ldap_uri() are useful outside the server installation framework. They are now in ipapython.ipaldap along other helpers for LDAP handling in FreeIPA. Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
committed by
Rob Crittenden
parent
dc33be73f8
commit
d5d9233b7c
@@ -30,7 +30,7 @@ from ipaserver.install import service, installutils
|
|||||||
from ipaserver.install.dsinstance import config_dirname
|
from ipaserver.install.dsinstance import config_dirname
|
||||||
from ipaserver.install.installutils import is_ipa_configured, ScriptError
|
from ipaserver.install.installutils import is_ipa_configured, ScriptError
|
||||||
from ipalib import api, errors
|
from ipalib import api, errors
|
||||||
from ipapython.ipaldap import LDAPClient
|
from ipapython.ipaldap import LDAPClient, realm_to_serverid
|
||||||
from ipapython.ipautil import wait_for_open_ports, wait_for_open_socket
|
from ipapython.ipautil import wait_for_open_ports, wait_for_open_socket
|
||||||
from ipapython.ipautil import run
|
from ipapython.ipautil import run
|
||||||
from ipapython import config
|
from ipapython import config
|
||||||
@@ -75,7 +75,7 @@ def is_dirsrv_debugging_enabled():
|
|||||||
returns True or False
|
returns True or False
|
||||||
"""
|
"""
|
||||||
debugging = False
|
debugging = False
|
||||||
serverid = installutils.realm_to_serverid(api.env.realm)
|
serverid = realm_to_serverid(api.env.realm)
|
||||||
dselist = [config_dirname(serverid)]
|
dselist = [config_dirname(serverid)]
|
||||||
for dse in dselist:
|
for dse in dselist:
|
||||||
try:
|
try:
|
||||||
|
@@ -39,12 +39,14 @@ import ldap
|
|||||||
import ldap.sasl
|
import ldap.sasl
|
||||||
import ldap.filter
|
import ldap.filter
|
||||||
from ldap.controls import SimplePagedResultsControl, GetEffectiveRightsControl
|
from ldap.controls import SimplePagedResultsControl, GetEffectiveRightsControl
|
||||||
|
import ldapurl
|
||||||
import six
|
import six
|
||||||
|
|
||||||
# pylint: disable=ipa-forbidden-import
|
# pylint: disable=ipa-forbidden-import
|
||||||
from ipalib import errors, x509, _
|
from ipalib import errors, x509, _
|
||||||
from ipalib.constants import LDAP_GENERALIZED_TIME_FORMAT
|
from ipalib.constants import LDAP_GENERALIZED_TIME_FORMAT
|
||||||
# pylint: enable=ipa-forbidden-import
|
# pylint: enable=ipa-forbidden-import
|
||||||
|
from ipaplatform.paths import paths
|
||||||
from ipapython.ipautil import format_netloc, CIDict
|
from ipapython.ipautil import format_netloc, CIDict
|
||||||
from ipapython.dn import DN
|
from ipapython.dn import DN
|
||||||
from ipapython.dnsutil import DNSName
|
from ipapython.dnsutil import DNSName
|
||||||
@@ -90,6 +92,18 @@ if six.PY2 and hasattr(ldap, 'LDAPBytesWarning'):
|
|||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
def realm_to_serverid(realm_name):
|
||||||
|
"""Convert Kerberos realm name to 389-DS server id"""
|
||||||
|
return "-".join(realm_name.split("."))
|
||||||
|
|
||||||
|
|
||||||
|
def realm_to_ldapi_uri(realm_name):
|
||||||
|
"""Get ldapi:// URI to 389-DS's Unix socket"""
|
||||||
|
serverid = realm_to_serverid(realm_name)
|
||||||
|
socketname = paths.SLAPD_INSTANCE_SOCKET_TEMPLATE % (serverid,)
|
||||||
|
return 'ldapi://' + ldapurl.ldapUrlEscape(socketname)
|
||||||
|
|
||||||
|
|
||||||
def ldap_initialize(uri, cacertfile=None):
|
def ldap_initialize(uri, cacertfile=None):
|
||||||
"""Wrapper around ldap.initialize()
|
"""Wrapper around ldap.initialize()
|
||||||
|
|
||||||
|
@@ -40,6 +40,7 @@ from ipaserver.install.replication import wait_for_task
|
|||||||
from ipalib import errors, api
|
from ipalib import errors, api
|
||||||
from ipalib.util import normalize_zone
|
from ipalib.util import normalize_zone
|
||||||
from ipapython.dn import DN
|
from ipapython.dn import DN
|
||||||
|
from ipapython import ipaldap
|
||||||
from ipapython import ipautil
|
from ipapython import ipautil
|
||||||
import ipapython.errors
|
import ipapython.errors
|
||||||
|
|
||||||
@@ -178,7 +179,7 @@ class ADTRUSTInstance(service.Service):
|
|||||||
|
|
||||||
self.suffix = ipautil.realm_to_suffix(self.realm)
|
self.suffix = ipautil.realm_to_suffix(self.realm)
|
||||||
self.ldapi_socket = "%%2fvar%%2frun%%2fslapd-%s.socket" % \
|
self.ldapi_socket = "%%2fvar%%2frun%%2fslapd-%s.socket" % \
|
||||||
installutils.realm_to_serverid(self.realm)
|
ipaldap.realm_to_serverid(self.realm)
|
||||||
|
|
||||||
# DN definitions
|
# DN definitions
|
||||||
self.trust_dn = DN(api.env.container_trusts, self.suffix)
|
self.trust_dn = DN(api.env.container_trusts, self.suffix)
|
||||||
|
@@ -40,6 +40,7 @@ from ipaserver.dns_data_management import (
|
|||||||
from ipaserver.install import installutils
|
from ipaserver.install import installutils
|
||||||
from ipaserver.install import service
|
from ipaserver.install import service
|
||||||
from ipaserver.install import sysupgrade
|
from ipaserver.install import sysupgrade
|
||||||
|
from ipapython import ipaldap
|
||||||
from ipapython import ipautil
|
from ipapython import ipautil
|
||||||
from ipapython import dnsutil
|
from ipapython import dnsutil
|
||||||
from ipapython.dnsutil import DNSName
|
from ipapython.dnsutil import DNSName
|
||||||
@@ -803,7 +804,7 @@ class BindInstance(service.Service):
|
|||||||
|
|
||||||
self.sub_dict = dict(
|
self.sub_dict = dict(
|
||||||
FQDN=self.fqdn,
|
FQDN=self.fqdn,
|
||||||
SERVER_ID=installutils.realm_to_serverid(self.realm),
|
SERVER_ID=ipaldap.realm_to_serverid(self.realm),
|
||||||
SUFFIX=self.suffix,
|
SUFFIX=self.suffix,
|
||||||
BINDKEYS_FILE=paths.NAMED_BINDKEYS_FILE,
|
BINDKEYS_FILE=paths.NAMED_BINDKEYS_FILE,
|
||||||
MANAGED_KEYS_DIR=paths.NAMED_MANAGED_KEYS_DIR,
|
MANAGED_KEYS_DIR=paths.NAMED_MANAGED_KEYS_DIR,
|
||||||
|
@@ -22,6 +22,7 @@ from ipapython.install import typing
|
|||||||
from ipapython.install.core import group, knob, extend_knob
|
from ipapython.install.core import group, knob, extend_knob
|
||||||
from ipaserver.install import cainstance, bindinstance, dsinstance
|
from ipaserver.install import cainstance, bindinstance, dsinstance
|
||||||
from ipapython import ipautil, certdb
|
from ipapython import ipautil, certdb
|
||||||
|
from ipapython import ipaldap
|
||||||
from ipapython.admintool import ScriptError
|
from ipapython.admintool import ScriptError
|
||||||
from ipaplatform import services
|
from ipaplatform import services
|
||||||
from ipaplatform.paths import paths
|
from ipaplatform.paths import paths
|
||||||
@@ -209,7 +210,7 @@ def install_check(standalone, replica_config, options):
|
|||||||
|
|
||||||
if standalone:
|
if standalone:
|
||||||
dirname = dsinstance.config_dirname(
|
dirname = dsinstance.config_dirname(
|
||||||
installutils.realm_to_serverid(realm_name))
|
ipaldap.realm_to_serverid(realm_name))
|
||||||
cadb = certs.CertDB(realm_name, nssdir=paths.PKI_TOMCAT_ALIAS_DIR,
|
cadb = certs.CertDB(realm_name, nssdir=paths.PKI_TOMCAT_ALIAS_DIR,
|
||||||
subject_base=options._subject_base)
|
subject_base=options._subject_base)
|
||||||
dsdb = certs.CertDB(
|
dsdb = certs.CertDB(
|
||||||
@@ -343,7 +344,7 @@ def install_step_1(standalone, replica_config, options, custodia):
|
|||||||
#
|
#
|
||||||
ca.setup_lightweight_ca_key_retrieval()
|
ca.setup_lightweight_ca_key_retrieval()
|
||||||
|
|
||||||
serverid = installutils.realm_to_serverid(realm_name)
|
serverid = ipaldap.realm_to_serverid(realm_name)
|
||||||
|
|
||||||
if standalone and replica_config is None:
|
if standalone and replica_config is None:
|
||||||
dirname = dsinstance.config_dirname(serverid)
|
dirname = dsinstance.config_dirname(serverid)
|
||||||
|
@@ -12,6 +12,7 @@ from ipaplatform.paths import paths
|
|||||||
from ipaplatform.constants import constants
|
from ipaplatform.constants import constants
|
||||||
from ipaserver.install.service import SimpleServiceInstance
|
from ipaserver.install.service import SimpleServiceInstance
|
||||||
from ipapython import ipautil
|
from ipapython import ipautil
|
||||||
|
from ipapython import ipaldap
|
||||||
from ipapython.certdb import NSSDatabase
|
from ipapython.certdb import NSSDatabase
|
||||||
from ipaserver.install import installutils
|
from ipaserver.install import installutils
|
||||||
from ipaserver.install import ldapupdate
|
from ipaserver.install import ldapupdate
|
||||||
@@ -104,7 +105,7 @@ class CustodiaInstance(SimpleServiceInstance):
|
|||||||
@property
|
@property
|
||||||
def ldap_uri(self):
|
def ldap_uri(self):
|
||||||
if self.custodia_peer is None:
|
if self.custodia_peer is None:
|
||||||
return installutils.realm_to_ldapi_uri(self.realm)
|
return ipaldap.realm_to_ldapi_uri(self.realm)
|
||||||
else:
|
else:
|
||||||
return "ldap://{}".format(self.custodia_peer)
|
return "ldap://{}".format(self.custodia_peer)
|
||||||
|
|
||||||
@@ -117,7 +118,7 @@ class CustodiaInstance(SimpleServiceInstance):
|
|||||||
IPA_CUSTODIA_KEYS=paths.IPA_CUSTODIA_KEYS,
|
IPA_CUSTODIA_KEYS=paths.IPA_CUSTODIA_KEYS,
|
||||||
IPA_CUSTODIA_SOCKET=paths.IPA_CUSTODIA_SOCKET,
|
IPA_CUSTODIA_SOCKET=paths.IPA_CUSTODIA_SOCKET,
|
||||||
IPA_CUSTODIA_AUDIT_LOG=paths.IPA_CUSTODIA_AUDIT_LOG,
|
IPA_CUSTODIA_AUDIT_LOG=paths.IPA_CUSTODIA_AUDIT_LOG,
|
||||||
LDAP_URI=installutils.realm_to_ldapi_uri(self.realm),
|
LDAP_URI=ipaldap.realm_to_ldapi_uri(self.realm),
|
||||||
UID=httpd_info.pw_uid,
|
UID=httpd_info.pw_uid,
|
||||||
GID=httpd_info.pw_gid
|
GID=httpd_info.pw_gid
|
||||||
)
|
)
|
||||||
|
@@ -268,7 +268,7 @@ class DsInstance(service.Service):
|
|||||||
idstart, idmax, pkcs12_info, ca_file=None,
|
idstart, idmax, pkcs12_info, ca_file=None,
|
||||||
setup_pkinit=False):
|
setup_pkinit=False):
|
||||||
self.realm = realm_name.upper()
|
self.realm = realm_name.upper()
|
||||||
self.serverid = installutils.realm_to_serverid(self.realm)
|
self.serverid = ipaldap.realm_to_serverid(self.realm)
|
||||||
self.suffix = ipautil.realm_to_suffix(self.realm)
|
self.suffix = ipautil.realm_to_suffix(self.realm)
|
||||||
self.fqdn = fqdn
|
self.fqdn = fqdn
|
||||||
self.dm_password = dm_password
|
self.dm_password = dm_password
|
||||||
@@ -1191,7 +1191,8 @@ class DsInstance(service.Service):
|
|||||||
# shutdown the server
|
# shutdown the server
|
||||||
self.stop()
|
self.stop()
|
||||||
|
|
||||||
dirname = config_dirname(installutils.realm_to_serverid(self.realm))
|
dirname = config_dirname(
|
||||||
|
ipaldap.realm_to_serverid(self.realm))
|
||||||
certdb = certs.CertDB(
|
certdb = certs.CertDB(
|
||||||
self.realm,
|
self.realm,
|
||||||
nssdir=dirname,
|
nssdir=dirname,
|
||||||
@@ -1336,7 +1337,7 @@ class DsInstance(service.Service):
|
|||||||
|
|
||||||
def write_certmap_conf(realm, ca_subject):
|
def write_certmap_conf(realm, ca_subject):
|
||||||
"""(Re)write certmap.conf with given CA subject DN."""
|
"""(Re)write certmap.conf with given CA subject DN."""
|
||||||
serverid = installutils.realm_to_serverid(realm)
|
serverid = ipaldap.realm_to_serverid(realm)
|
||||||
ds_dirname = config_dirname(serverid)
|
ds_dirname = config_dirname(serverid)
|
||||||
certmap_filename = os.path.join(ds_dirname, "certmap.conf")
|
certmap_filename = os.path.join(ds_dirname, "certmap.conf")
|
||||||
shutil.copyfile(
|
shutil.copyfile(
|
||||||
|
@@ -34,6 +34,7 @@ import tempfile
|
|||||||
import shutil
|
import shutil
|
||||||
import traceback
|
import traceback
|
||||||
import textwrap
|
import textwrap
|
||||||
|
import warnings
|
||||||
from contextlib import contextmanager
|
from contextlib import contextmanager
|
||||||
from configparser import ConfigParser as SafeConfigParser
|
from configparser import ConfigParser as SafeConfigParser
|
||||||
from configparser import NoOptionError
|
from configparser import NoOptionError
|
||||||
@@ -41,16 +42,14 @@ from configparser import NoOptionError
|
|||||||
from dns import resolver, rdatatype
|
from dns import resolver, rdatatype
|
||||||
from dns.exception import DNSException
|
from dns.exception import DNSException
|
||||||
import ldap
|
import ldap
|
||||||
import ldapurl
|
|
||||||
import six
|
import six
|
||||||
|
|
||||||
from ipalib.install import sysrestore
|
from ipalib.install import sysrestore
|
||||||
from ipalib.install.kinit import kinit_password
|
from ipalib.install.kinit import kinit_password
|
||||||
import ipaplatform
|
import ipaplatform
|
||||||
from ipapython import ipautil, admintool, version
|
from ipapython import ipautil, admintool, version, ipaldap
|
||||||
from ipapython.admintool import ScriptError, SERVER_NOT_CONFIGURED # noqa: E402
|
from ipapython.admintool import ScriptError, SERVER_NOT_CONFIGURED # noqa: E402
|
||||||
from ipapython.certdb import EXTERNAL_CA_TRUST_FLAGS
|
from ipapython.certdb import EXTERNAL_CA_TRUST_FLAGS
|
||||||
from ipapython.ipaldap import DIRMAN_DN, LDAPClient
|
|
||||||
from ipalib.util import validate_hostname
|
from ipalib.util import validate_hostname
|
||||||
from ipalib import api, errors, x509
|
from ipalib import api, errors, x509
|
||||||
from ipapython.dn import DN
|
from ipapython.dn import DN
|
||||||
@@ -338,9 +337,9 @@ def validate_dm_password_ldap(password):
|
|||||||
Validate DM password by attempting to connect to LDAP. api.env has to
|
Validate DM password by attempting to connect to LDAP. api.env has to
|
||||||
contain valid ldap_uri.
|
contain valid ldap_uri.
|
||||||
"""
|
"""
|
||||||
client = LDAPClient(api.env.ldap_uri, cacert=paths.IPA_CA_CRT)
|
client = ipaldap.LDAPClient(api.env.ldap_uri, cacert=paths.IPA_CA_CRT)
|
||||||
try:
|
try:
|
||||||
client.simple_bind(DIRMAN_DN, password)
|
client.simple_bind(ipaldap.DIRMAN_DN, password)
|
||||||
except errors.ACIError:
|
except errors.ACIError:
|
||||||
raise ValueError("Invalid Directory Manager password")
|
raise ValueError("Invalid Directory Manager password")
|
||||||
else:
|
else:
|
||||||
@@ -1106,14 +1105,23 @@ def check_version():
|
|||||||
else:
|
else:
|
||||||
raise UpgradeMissingVersionError("no data_version stored")
|
raise UpgradeMissingVersionError("no data_version stored")
|
||||||
|
|
||||||
|
|
||||||
def realm_to_serverid(realm_name):
|
def realm_to_serverid(realm_name):
|
||||||
return "-".join(realm_name.split("."))
|
warnings.warn(
|
||||||
|
"Use 'ipapython.ipaldap.realm_to_serverid'",
|
||||||
|
DeprecationWarning,
|
||||||
|
stacklevel=2
|
||||||
|
)
|
||||||
|
return ipaldap.realm_to_serverid(realm_name)
|
||||||
|
|
||||||
|
|
||||||
def realm_to_ldapi_uri(realm_name):
|
def realm_to_ldapi_uri(realm_name):
|
||||||
serverid = realm_to_serverid(realm_name)
|
warnings.warn(
|
||||||
socketname = paths.SLAPD_INSTANCE_SOCKET_TEMPLATE % (serverid,)
|
"Use 'ipapython.ipaldap.realm_to_ldapi_uri'",
|
||||||
return 'ldapi://' + ldapurl.ldapUrlEscape(socketname)
|
DeprecationWarning,
|
||||||
|
stacklevel=2
|
||||||
|
)
|
||||||
|
return ipaldap.realm_to_ldapi_uri(realm_name)
|
||||||
|
|
||||||
|
|
||||||
def check_creds(options, realm_name):
|
def check_creds(options, realm_name):
|
||||||
|
@@ -320,7 +320,7 @@ class Backup(admintool.AdminTool):
|
|||||||
logger.info('Stopping IPA services')
|
logger.info('Stopping IPA services')
|
||||||
run([paths.IPACTL, 'stop'])
|
run([paths.IPACTL, 'stop'])
|
||||||
|
|
||||||
instance = installutils.realm_to_serverid(api.env.realm)
|
instance = ipaldap.realm_to_serverid(api.env.realm)
|
||||||
if os.path.exists(paths.VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE %
|
if os.path.exists(paths.VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE %
|
||||||
instance):
|
instance):
|
||||||
if os.path.exists(paths.SLAPD_INSTANCE_DB_DIR_TEMPLATE %
|
if os.path.exists(paths.SLAPD_INSTANCE_DB_DIR_TEMPLATE %
|
||||||
@@ -364,7 +364,7 @@ class Backup(admintool.AdminTool):
|
|||||||
|
|
||||||
NOTE: this adds some things that may not get backed up.
|
NOTE: this adds some things that may not get backed up.
|
||||||
'''
|
'''
|
||||||
serverid = installutils.realm_to_serverid(api.env.realm)
|
serverid = ipaldap.realm_to_serverid(api.env.realm)
|
||||||
|
|
||||||
for dir in [paths.ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE % serverid,
|
for dir in [paths.ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE % serverid,
|
||||||
paths.VAR_LIB_DIRSRV_INSTANCE_SCRIPTS_TEMPLATE % serverid,
|
paths.VAR_LIB_DIRSRV_INSTANCE_SCRIPTS_TEMPLATE % serverid,
|
||||||
|
@@ -465,7 +465,7 @@ class Restore(admintool.AdminTool):
|
|||||||
'''
|
'''
|
||||||
Create an ldapi connection and bind to it using autobind as root.
|
Create an ldapi connection and bind to it using autobind as root.
|
||||||
'''
|
'''
|
||||||
instance_name = installutils.realm_to_serverid(api.env.realm)
|
instance_name = ipaldap.realm_to_serverid(api.env.realm)
|
||||||
|
|
||||||
if not services.knownservices.dirsrv.is_running(instance_name):
|
if not services.knownservices.dirsrv.is_running(instance_name):
|
||||||
raise admintool.ScriptError(
|
raise admintool.ScriptError(
|
||||||
@@ -879,7 +879,7 @@ class Restore(admintool.AdminTool):
|
|||||||
httpinstance.HTTPInstance().stop_tracking_certificates()
|
httpinstance.HTTPInstance().stop_tracking_certificates()
|
||||||
try:
|
try:
|
||||||
dsinstance.DsInstance().stop_tracking_certificates(
|
dsinstance.DsInstance().stop_tracking_certificates(
|
||||||
installutils.realm_to_serverid(api.env.realm))
|
ipaldap.realm_to_serverid(api.env.realm))
|
||||||
except (OSError, IOError):
|
except (OSError, IOError):
|
||||||
# When IPA is not installed, DS NSS DB does not exist
|
# When IPA is not installed, DS NSS DB does not exist
|
||||||
pass
|
pass
|
||||||
@@ -910,13 +910,13 @@ class Restore(admintool.AdminTool):
|
|||||||
api.bootstrap(in_server=True, context='restore', **overrides)
|
api.bootstrap(in_server=True, context='restore', **overrides)
|
||||||
api.finalize()
|
api.finalize()
|
||||||
|
|
||||||
self.instances = [installutils.realm_to_serverid(api.env.realm)]
|
self.instances = [ipaldap.realm_to_serverid(api.env.realm)]
|
||||||
self.backends = ['userRoot', 'ipaca']
|
self.backends = ['userRoot', 'ipaca']
|
||||||
|
|
||||||
# no IPA config means we are reinstalling from nothing so
|
# no IPA config means we are reinstalling from nothing so
|
||||||
# there is nothing to test the DM password against.
|
# there is nothing to test the DM password against.
|
||||||
if os.path.exists(paths.IPA_DEFAULT_CONF):
|
if os.path.exists(paths.IPA_DEFAULT_CONF):
|
||||||
instance_name = installutils.realm_to_serverid(api.env.realm)
|
instance_name = ipapython.ipaldap.realm_to_serverid(api.env.realm)
|
||||||
if not services.knownservices.dirsrv.is_running(instance_name):
|
if not services.knownservices.dirsrv.is_running(instance_name):
|
||||||
raise admintool.ScriptError(
|
raise admintool.ScriptError(
|
||||||
"directory server instance is not running"
|
"directory server instance is not running"
|
||||||
|
@@ -30,6 +30,7 @@ from ipaplatform.paths import paths
|
|||||||
from ipapython import admintool
|
from ipapython import admintool
|
||||||
from ipapython.certdb import NSSDatabase, get_ca_nickname
|
from ipapython.certdb import NSSDatabase, get_ca_nickname
|
||||||
from ipapython.dn import DN
|
from ipapython.dn import DN
|
||||||
|
from ipapython import ipaldap
|
||||||
from ipalib import api, errors
|
from ipalib import api, errors
|
||||||
from ipaserver.install import certs, dsinstance, installutils, krbinstance
|
from ipaserver.install import certs, dsinstance, installutils, krbinstance
|
||||||
|
|
||||||
@@ -125,7 +126,7 @@ class ServerCertInstall(admintool.AdminTool):
|
|||||||
api.Backend.ldap2.disconnect()
|
api.Backend.ldap2.disconnect()
|
||||||
|
|
||||||
def install_dirsrv_cert(self):
|
def install_dirsrv_cert(self):
|
||||||
serverid = installutils.realm_to_serverid(api.env.realm)
|
serverid = ipaldap.realm_to_serverid(api.env.realm)
|
||||||
dirname = dsinstance.config_dirname(serverid)
|
dirname = dsinstance.config_dirname(serverid)
|
||||||
|
|
||||||
conn = api.Backend.ldap2
|
conn = api.Backend.ldap2
|
||||||
|
@@ -263,7 +263,7 @@ class KrbInstance(service.Service):
|
|||||||
SUFFIX=self.suffix,
|
SUFFIX=self.suffix,
|
||||||
DOMAIN=self.domain,
|
DOMAIN=self.domain,
|
||||||
HOST=self.host,
|
HOST=self.host,
|
||||||
SERVER_ID=installutils.realm_to_serverid(self.realm),
|
SERVER_ID=ipaldap.realm_to_serverid(self.realm),
|
||||||
REALM=self.realm,
|
REALM=self.realm,
|
||||||
KRB5KDC_KADM5_ACL=paths.KRB5KDC_KADM5_ACL,
|
KRB5KDC_KADM5_ACL=paths.KRB5KDC_KADM5_ACL,
|
||||||
DICT_WORDS=paths.DICT_WORDS,
|
DICT_WORDS=paths.DICT_WORDS,
|
||||||
|
@@ -279,7 +279,7 @@ class LDAPUpdate:
|
|||||||
self.realm = api.env.realm
|
self.realm = api.env.realm
|
||||||
suffix = ipautil.realm_to_suffix(self.realm) if self.realm else None
|
suffix = ipautil.realm_to_suffix(self.realm) if self.realm else None
|
||||||
|
|
||||||
self.ldapuri = installutils.realm_to_ldapi_uri(self.realm)
|
self.ldapuri = ipaldap.realm_to_ldapi_uri(self.realm)
|
||||||
if suffix is not None:
|
if suffix is not None:
|
||||||
assert isinstance(suffix, DN)
|
assert isinstance(suffix, DN)
|
||||||
|
|
||||||
|
@@ -21,7 +21,7 @@ import logging
|
|||||||
|
|
||||||
from ipalib.install import certstore
|
from ipalib.install import certstore
|
||||||
from ipaserver.install import certs, dsinstance
|
from ipaserver.install import certs, dsinstance
|
||||||
from ipaserver.install.installutils import realm_to_serverid
|
from ipapython.ipaldap import realm_to_serverid
|
||||||
from ipalib import Registry, errors
|
from ipalib import Registry, errors
|
||||||
from ipalib import Updater
|
from ipalib import Updater
|
||||||
from ipapython import certdb
|
from ipapython import certdb
|
||||||
|
@@ -22,6 +22,7 @@ from ipalib.install import certmonger, sysrestore
|
|||||||
from ipapython import ipautil, version
|
from ipapython import ipautil, version
|
||||||
from ipapython.ipautil import (
|
from ipapython.ipautil import (
|
||||||
ipa_generate_password, run, user_input)
|
ipa_generate_password, run, user_input)
|
||||||
|
from ipapython import ipaldap
|
||||||
from ipapython.admintool import ScriptError
|
from ipapython.admintool import ScriptError
|
||||||
from ipaplatform import services
|
from ipaplatform import services
|
||||||
from ipaplatform.paths import paths
|
from ipaplatform.paths import paths
|
||||||
@@ -591,8 +592,7 @@ def install_check(installer):
|
|||||||
|
|
||||||
xmlrpc_uri = 'https://{0}/ipa/xml'.format(
|
xmlrpc_uri = 'https://{0}/ipa/xml'.format(
|
||||||
ipautil.format_netloc(host_name))
|
ipautil.format_netloc(host_name))
|
||||||
ldapi_uri = 'ldapi://%2fvar%2frun%2fslapd-{0}.socket\n'.format(
|
ldapi_uri = ipaldap.realm_to_ldapi_uri(realm_name)
|
||||||
installutils.realm_to_serverid(realm_name))
|
|
||||||
|
|
||||||
# [global] section
|
# [global] section
|
||||||
gopts = [
|
gopts = [
|
||||||
@@ -1166,7 +1166,7 @@ def uninstall(installer):
|
|||||||
|
|
||||||
# Note that this name will be wrong after the first uninstall.
|
# Note that this name will be wrong after the first uninstall.
|
||||||
dirname = dsinstance.config_dirname(
|
dirname = dsinstance.config_dirname(
|
||||||
installutils.realm_to_serverid(api.env.realm))
|
ipaldap.realm_to_serverid(api.env.realm))
|
||||||
dirs = [dirname, paths.PKI_TOMCAT_ALIAS_DIR, paths.HTTPD_ALIAS_DIR]
|
dirs = [dirname, paths.PKI_TOMCAT_ALIAS_DIR, paths.HTTPD_ALIAS_DIR]
|
||||||
ids = certmonger.check_state(dirs)
|
ids = certmonger.check_state(dirs)
|
||||||
if ids:
|
if ids:
|
||||||
|
@@ -220,8 +220,7 @@ def create_ipa_conf(fstore, config, ca_enabled, master=None):
|
|||||||
else:
|
else:
|
||||||
xmlrpc_uri = 'https://{0}/ipa/xml'.format(
|
xmlrpc_uri = 'https://{0}/ipa/xml'.format(
|
||||||
ipautil.format_netloc(config.host_name))
|
ipautil.format_netloc(config.host_name))
|
||||||
ldapi_uri = 'ldapi://%2fvar%2frun%2fslapd-{0}.socket\n'.format(
|
ldapi_uri = ipaldap.realm_to_ldapi_uri(config.realm_name)
|
||||||
installutils.realm_to_serverid(config.realm_name))
|
|
||||||
|
|
||||||
# [global] section
|
# [global] section
|
||||||
gopts = [
|
gopts = [
|
||||||
@@ -802,7 +801,7 @@ def promote_check(installer):
|
|||||||
api.bootstrap(in_server=True,
|
api.bootstrap(in_server=True,
|
||||||
context='installer',
|
context='installer',
|
||||||
confdir=paths.ETC_IPA,
|
confdir=paths.ETC_IPA,
|
||||||
ldap_uri=installutils.realm_to_ldapi_uri(env.realm),
|
ldap_uri=ipaldap.realm_to_ldapi_uri(env.realm),
|
||||||
xmlrpc_uri=xmlrpc_uri)
|
xmlrpc_uri=xmlrpc_uri)
|
||||||
# pylint: enable=no-member
|
# pylint: enable=no-member
|
||||||
api.finalize()
|
api.finalize()
|
||||||
|
@@ -18,6 +18,7 @@ import tempfile
|
|||||||
from contextlib import contextmanager
|
from contextlib import contextmanager
|
||||||
from augeas import Augeas
|
from augeas import Augeas
|
||||||
import dns.exception
|
import dns.exception
|
||||||
|
|
||||||
from ipalib import api, x509
|
from ipalib import api, x509
|
||||||
from ipalib.install import certmonger, sysrestore
|
from ipalib.install import certmonger, sysrestore
|
||||||
import SSSDConfig
|
import SSSDConfig
|
||||||
@@ -28,6 +29,7 @@ from ipaclient.install.client import sssd_enable_ifp
|
|||||||
from ipaplatform import services
|
from ipaplatform import services
|
||||||
from ipaplatform.tasks import tasks
|
from ipaplatform.tasks import tasks
|
||||||
from ipapython import ipautil, version
|
from ipapython import ipautil, version
|
||||||
|
from ipapython import ipaldap
|
||||||
from ipapython import dnsutil, directivesetter
|
from ipapython import dnsutil, directivesetter
|
||||||
from ipapython.dn import DN
|
from ipapython.dn import DN
|
||||||
from ipaplatform.constants import constants
|
from ipaplatform.constants import constants
|
||||||
@@ -949,7 +951,7 @@ def certificate_renewal_update(ca, ds, http):
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
template = paths.CERTMONGER_COMMAND_TEMPLATE
|
template = paths.CERTMONGER_COMMAND_TEMPLATE
|
||||||
serverid = installutils.realm_to_serverid(api.env.realm)
|
serverid = ipaldap.realm_to_serverid(api.env.realm)
|
||||||
|
|
||||||
requests = [
|
requests = [
|
||||||
{
|
{
|
||||||
@@ -1367,7 +1369,7 @@ def fix_schema_file_syntax():
|
|||||||
logger.info('Syntax already fixed')
|
logger.info('Syntax already fixed')
|
||||||
return
|
return
|
||||||
|
|
||||||
serverid = installutils.realm_to_serverid(api.env.realm)
|
serverid = ipaldap.realm_to_serverid(api.env.realm)
|
||||||
ds_dir = dsinstance.config_dirname(serverid)
|
ds_dir = dsinstance.config_dirname(serverid)
|
||||||
|
|
||||||
# 1. 60ipadns.ldif: Add parenthesis to idnsRecord
|
# 1. 60ipadns.ldif: Add parenthesis to idnsRecord
|
||||||
@@ -1444,7 +1446,7 @@ def remove_ds_ra_cert(subject_base):
|
|||||||
return
|
return
|
||||||
|
|
||||||
dbdir = dsinstance.config_dirname(
|
dbdir = dsinstance.config_dirname(
|
||||||
installutils.realm_to_serverid(api.env.realm))
|
ipaldap.realm_to_serverid(api.env.realm))
|
||||||
dsdb = certs.CertDB(api.env.realm, nssdir=dbdir, subject_base=subject_base)
|
dsdb = certs.CertDB(api.env.realm, nssdir=dbdir, subject_base=subject_base)
|
||||||
|
|
||||||
nickname = 'CN=IPA RA,%s' % subject_base
|
nickname = 'CN=IPA RA,%s' % subject_base
|
||||||
@@ -1810,7 +1812,7 @@ def upgrade_configuration():
|
|||||||
fqdn = api.env.host
|
fqdn = api.env.host
|
||||||
|
|
||||||
# Ok, we are an IPA server, do the additional tests
|
# Ok, we are an IPA server, do the additional tests
|
||||||
ds_serverid = installutils.realm_to_serverid(api.env.realm)
|
ds_serverid = ipaldap.realm_to_serverid(api.env.realm)
|
||||||
ds = dsinstance.DsInstance()
|
ds = dsinstance.DsInstance()
|
||||||
|
|
||||||
# start DS, CA will not start without running DS, and cause error
|
# start DS, CA will not start without running DS, and cause error
|
||||||
@@ -2098,7 +2100,7 @@ def upgrade_configuration():
|
|||||||
SUFFIX=krb.suffix,
|
SUFFIX=krb.suffix,
|
||||||
DOMAIN=api.env.domain,
|
DOMAIN=api.env.domain,
|
||||||
HOST=api.env.host,
|
HOST=api.env.host,
|
||||||
SERVER_ID=installutils.realm_to_serverid(krb.realm),
|
SERVER_ID=ipaldap.realm_to_serverid(krb.realm),
|
||||||
REALM=krb.realm,
|
REALM=krb.realm,
|
||||||
KRB5KDC_KADM5_ACL=paths.KRB5KDC_KADM5_ACL,
|
KRB5KDC_KADM5_ACL=paths.KRB5KDC_KADM5_ACL,
|
||||||
DICT_WORDS=paths.DICT_WORDS,
|
DICT_WORDS=paths.DICT_WORDS,
|
||||||
|
@@ -25,9 +25,11 @@ import ldif
|
|||||||
import shutil
|
import shutil
|
||||||
import random
|
import random
|
||||||
import traceback
|
import traceback
|
||||||
|
|
||||||
from ipalib import api
|
from ipalib import api
|
||||||
from ipaplatform.paths import paths
|
from ipaplatform.paths import paths
|
||||||
from ipaplatform import services
|
from ipaplatform import services
|
||||||
|
from ipapython import ipaldap
|
||||||
|
|
||||||
from ipaserver.install import installutils
|
from ipaserver.install import installutils
|
||||||
from ipaserver.install import schemaupdate
|
from ipaserver.install import schemaupdate
|
||||||
@@ -88,7 +90,7 @@ class IPAUpgrade(service.Service):
|
|||||||
h = "%02x" % rand.randint(0,255)
|
h = "%02x" % rand.randint(0,255)
|
||||||
ext += h
|
ext += h
|
||||||
super(IPAUpgrade, self).__init__("dirsrv", realm_name=realm_name)
|
super(IPAUpgrade, self).__init__("dirsrv", realm_name=realm_name)
|
||||||
serverid = installutils.realm_to_serverid(realm_name)
|
serverid = ipaldap.realm_to_serverid(realm_name)
|
||||||
self.filename = '%s/%s' % (paths.ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE % serverid, DSE)
|
self.filename = '%s/%s' % (paths.ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE % serverid, DSE)
|
||||||
self.savefilename = '%s/%s.ipa.%s' % (paths.ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE % serverid, DSE, ext)
|
self.savefilename = '%s/%s.ipa.%s' % (paths.ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE % serverid, DSE, ext)
|
||||||
self.files = files
|
self.files = files
|
||||||
|
@@ -18,7 +18,7 @@ from ipatests.test_integration.base import IntegrationTest
|
|||||||
from ipatests.pytest_ipa.integration import tasks
|
from ipatests.pytest_ipa.integration import tasks
|
||||||
from ipaplatform.paths import paths
|
from ipaplatform.paths import paths
|
||||||
from ipaserver.install import dsinstance
|
from ipaserver.install import dsinstance
|
||||||
from ipaserver.install.installutils import realm_to_serverid
|
from ipapython.ipaldap import realm_to_serverid
|
||||||
|
|
||||||
|
|
||||||
class TestUninstallBase(IntegrationTest):
|
class TestUninstallBase(IntegrationTest):
|
||||||
|
Reference in New Issue
Block a user