Make proper LDAP configuration reporting for ipa-client-install

Ticket https://fedorahosted.org/freeipa/ticket/1369
2025-02-25 18:55:28 -06:00 · 2011-07-29 13:05:07 +03:00
parent bb45e51809
commit d6875b9adc
1 changed files with 29 additions and 18 deletions
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -147,7 +147,7 @@ def uninstall(options, env):
    server_fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
    if server_fstore.has_files() and not options.on_master:
        print "IPA client is configured as a part of IPA server on this system."
-        print "Please refer to ipa-server-install for uninstallation."
+        print "Refer to ipa-server-install for uninstallation."
        return 2

    sssdconfig = SSSDConfig.SSSDConfig()
@@ -345,6 +345,7 @@ def configure_ldap_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, d

    opts.append({'name':'empty', 'type':'empty'})

+    ret = (0, None, None)
    # Depending on the release and distribution this may exist in any
    # number of different file names, update what we find
    for filename in ['/etc/ldap.conf', '/etc/nss_ldap.conf', '/etc/libnss-ldap.conf', '/etc/pam_ldap.conf']:
@@ -352,11 +353,12 @@ def configure_ldap_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, d
            try:
                fstore.backup_file(filename)
                ldapconf.newConf(filename, opts)
+                return (0, 'LDAP', filename)
            except Exception, e:
                print "Creation of %s: %s" % (filename, str(e))
-                return 1
+                return (1, 'LDAP', filename)

-    return 0
+    return ret

 def configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options):
    nslcdconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer")
@@ -388,7 +390,7 @@ def configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server,
            nslcdconf.newConf('/etc/nslcd.conf', opts)
        except Exception, e:
            print "Creation of %s: %s" % ('/etc/nslcd.conf', str(e))
-            return 1
+            return (1, None, None)

    if ipautil.service_is_installed('nslcd'):
        try:
@@ -403,8 +405,9 @@ def configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server,
            logging.error("Failed to enable automatic startup of the NSLCD daemon: %s" % str(e))
    else:
        logging.debug("NSLCD daemon is not installed, skip configuration")
+        return (0, None, None)

-    return 0
+    return (0, 'NSLCD', '/etc/nslcd.conf')

 def hardcode_ldap_server(cli_server):
    """
@@ -422,6 +425,7 @@ def hardcode_ldap_server(cli_server):

    # Errors raised by this should be caught by the caller
    ldapconf.changeConf("/etc/ldap.conf", opts)
+    print "Changed configuration of /etc/ldap.conf to use hardcoded server name: " +cli_server

    return

@@ -737,7 +741,7 @@ def main():

    if fstore.has_files():
        sys.exit("IPA client is already configured on this system.\n"
-                + "If you want to reinstall the IPA client please uninstall it first.")
+                + "If you want to reinstall the IPA client, uninstall it first.")

    cli_domain = None
    cli_server = None
@@ -766,7 +770,7 @@ def main():

    if ret == ipadiscovery.BAD_HOST_CONFIG:
        print >>sys.stderr, "Can't get the fully qualified name of this host"
-        print >>sys.stderr, "Please check that the client is properly configured"
+        print >>sys.stderr, "Check that the client is properly configured"
        return ret
    if ret == ipadiscovery.NOT_FQDN:
        print >>sys.stderr, "%s is not a fully-qualified hostname" % hostname
@@ -780,7 +784,7 @@ def main():
            return ret
        else:
            print "DNS discovery failed to determine your DNS domain"
-            cli_domain = user_input("Please provide the domain name of your IPA server (ex: example.com)", allow_empty = False)
+            cli_domain = user_input("Provide the domain name of your IPA server (ex: example.com)", allow_empty = False)
            logging.debug("will use domain: %s\n", cli_domain)
        ret = ds.search(domain=cli_domain, server=options.server, hostname=hostname)

@@ -798,7 +802,7 @@ def main():
            return ret
        else:
            print "DNS discovery failed to find the IPA Server"
-            cli_server = user_input("Please provide your IPA server name (ex: ipa.example.com)", allow_empty = False)
+            cli_server = user_input("Provide your IPA server name (ex: ipa.example.com)", allow_empty = False)
            logging.debug("will use server: %s\n", cli_server)
        ret = ds.search(domain=cli_domain, server=cli_server, hostname=hostname)
    else:
@@ -998,16 +1002,19 @@ def main():
                print >>sys.stderr, "Failed to configure automatic startup of the NSCD daemon"
                print >>sys.stderr, "Caching of users/groups will not be available after reboot"
            else:
-                print >>sys.stderr, "Failed to disable NSCD daemon. Please disable it manually."
+                print >>sys.stderr, "Failed to disable NSCD daemon. Disable it manually."

    else:
        # this is optional service, just log
-        logging.info("NSCD daemon is not installed, skip configuration")
+        if not options.sssd:
+            logging.info("NSCD daemon is not installed, skip configuration")

+    retcode, conf, filename = (0, None, None)
    # Modify nsswitch/pam stack
    if options.sssd:
        cmd = ["/usr/sbin/authconfig", "--enablesssd", "--enablesssdauth", "--update"]
        message = "SSSD enabled"
+        conf = 'SSSD'
    else:
        cmd = ["/usr/sbin/authconfig", "--enableldap", "--enableforcelegacy", "--update"]
        message = "LDAP enabled"
@@ -1024,11 +1031,12 @@ def main():
    # Update non-SSSD LDAP configuration after authconfig calls as it would
    # change its configuration otherways
    if not options.sssd:
-        if configure_ldap_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options):
-            return 1
-        if configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options):
-            return 1
-        print "LDAP configured"
+        for configurer in [configure_ldap_conf, configure_nslcd_conf]:
+            (retcode, conf, filename) = configurer(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options)
+            if retcode:
+                return 1
+            if conf:
+                print "%s configured using configuration file %s" % (conf, filename)

    #Check that nss is working properly
    if not options.on_master:
@@ -1046,8 +1054,11 @@ def main():
                n = n + 1

        if not found:
-            print "nss_ldap is not able to use DNS discovery!"
-            print "Changing configuration to use hardcoded server name: " +cli_server
+            print "Unable to find 'admin' user with 'getent passwd admin'!"
+            if conf:
+                print "Recognized configuration: %s" % (conf)
+            else:
+                print "Unable to reliably detect configuration. Check NSS setup manually."

            try:
                hardcode_ldap_server(cli_server)