IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix ipa-compat-manage not working after recent ipa-nis-manage change.

Browse Source 
ticket 1147
This commit is contained in:
Jan Cholasta
2011-07-21 16:00:27 +02:00
committed by Martin Kosek
parent abb5ee22d2
commit df7ee2ccf5
2 changed files with 72 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

86
install/tools/ipa-compat-manage
View File

@@ -37,7 +37,8 @@ error was:
""" % sys.exc_value """ % sys.exc_value
sys.exit(1) sys.exit(1)
netgroup_compat_dn = "cn=ng,cn=Schema Compatibility,cn=plugins,cn=config" compat_dn = "cn=Schema Compatibility,cn=plugins,cn=config"
nis_config_dn = "cn=NIS Server,cn=plugins,cn=config"
def parse_options(): def parse_options():
usage = "%prog [options] <enable|disable>\n" usage = "%prog [options] <enable|disable>\n"
@@ -64,6 +65,18 @@ def get_dirman_password():
return password return password
def get_entry(dn, conn):
"""
Return the entry for the given DN. If the entry is not found return
None.
"""
entry = None
try:
(dn, entry) = conn.get_entry(dn, normalize=False)
except errors.NotFound:
pass
return entry
def main(): def main():
retval = 0 retval = 0
loglevel = logging.ERROR loglevel = logging.ERROR
@@ -104,56 +117,66 @@ def main():
sys.exit("Authentication failed: %s" % e.info) sys.exit("Authentication failed: %s" % e.info)
if args[0] == "status": if args[0] == "status":
entry = None
try: try:
conn.get_entry('cn=Schema Compatibility,cn=plugins,cn=config', normalize=False) entry = get_entry(compat_dn, conn)
if entry is not None and entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'on':
print "Plugin Enabled" print "Plugin Enabled"
except errors.NotFound: else:
print "Plugin Disabled" print "Plugin Disabled"
except errors.LDAPError, lde: except errors.LDAPError, lde:
print "An error occurred while talking to the server." print "An error occurred while talking to the server."
print lde print lde
return 0
if args[0] == "enable": if args[0] == "enable":
entry = None
try: try:
conn.get_entry('cn=Schema Compatibility,cn=plugins,cn=config', normalize=False) entry = get_entry(compat_dn, conn)
if entry is not None and entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'on':
print "Plugin already Enabled" print "Plugin already Enabled"
retval = 2 retval = 2
except errors.NotFound: else:
print "Enabling plugin" print "Enabling plugin"
if entry is None:
ld = LDAPUpdate(dm_password=dirman_password, sub_dict={})
if not ld.update(files):
print "Updating Directory Server failed."
retval = 1
else:
mod = {'nsslapd-pluginenabled': 'on'}
conn.update_entry(compat_dn, mod, normalize=False)
except errors.ExecutionError, lde:
print "An error occurred while talking to the server."
print lde
retval = 1
elif args[0] == "disable":
entry = None
try:
entry = get_entry(nis_config_dn, conn)
# We can't disable schema compat if the NIS plugin is enabled
if entry is not None and entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'on':
print >>sys.stderr, "The NIS plugin is configured, cannot disable compatibility."
print >>sys.stderr, "Run 'ipa-nis-manage disable' first."
retval = 2
except errors.ExecutionError, lde: except errors.ExecutionError, lde:
print "An error occurred while talking to the server." print "An error occurred while talking to the server."
print lde print lde
retval = 1 retval = 1
if retval == 0: if retval == 0:
ld = LDAPUpdate(dm_password=dirman_password, sub_dict={}) entry = None
rv = ld.update(files)
if rv:
print "This setting will not take effect until you restart Directory Server."
else:
print "Updating Directory Server failed."
retval = 1
elif args[0] == "disable":
# We can't disable schema compat if the NIS plugin is enabled
try: try:
conn.get_entry(netgroup_compat_dn, normalize=False) entry = get_entry(compat_dn, conn)
print >>sys.stderr, "The NIS plugin is configured, cannot disable compatibility." if entry is None or entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'off':
print >>sys.stderr, "Run 'ipa-nis-manage disable' first."
sys.exit(2)
except errors.NotFound:
pass
# Make a quick hack for now, directly delete the entries by name,
# In future we should add delete capabilites to LDAPUpdate
try:
conn.delete_entry('cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config', normalize=False)
conn.delete_entry('cn=groups,cn=Schema Compatibility,cn=plugins,cn=config', normalize=False)
conn.delete_entry('cn=users,cn=Schema Compatibility,cn=plugins,cn=config', normalize=False)
conn.delete_entry('cn=Schema Compatibility,cn=plugins,cn=config', normalize=False)
except errors.NotFound:
print "Plugin is already disabled" print "Plugin is already disabled"
retval = 2 retval = 2
else:
print "Disabling plugin"
mod = {'nsslapd-pluginenabled': 'off'}
conn.update_entry(compat_dn, mod, normalize=False)
except errors.DatabaseError, dbe: except errors.DatabaseError, dbe:
print "An error occurred while talking to the server." print "An error occurred while talking to the server."
print dbe print dbe
@@ -166,6 +189,9 @@ def main():
else: else:
retval = 1 retval = 1
if retval == 0:
print "This setting will not take effect until you restart Directory Server."
finally: finally:
if conn and conn.isconnected(): if conn and conn.isconnected():
conn.disconnect() conn.disconnect()

2
install/tools/ipa-nis-manage
View File

@@ -131,7 +131,7 @@ def main():
if args[0] == "enable": if args[0] == "enable":
compat = get_entry(compat_dn, conn) compat = get_entry(compat_dn, conn)
if compat is None: if compat is None or compat.get('nsslapd-pluginenabled', [''])[0].lower() == 'off':
sys.exit("The compat plugin needs to be enabled: ipa-compat-manage enable") sys.exit("The compat plugin needs to be enabled: ipa-compat-manage enable")
entry = None entry = None
try: try: