Add some error handling for LDAP connection issues

Verify the DM password earlier in the process

433368

ipa-server/ipa-install/ipa-replica-install

@@ -22,11 +22,12 @@ import sys
 
 import tempfile, os, pwd, traceback, logging, shutil
 from ConfigParser import SafeConfigParser
+import ldap
 
 from ipa import ipautil
 
 from ipaserver import dsinstance, replication, installutils, krbinstance, service
-from ipaserver import httpinstance, ntpinstance, certs
+from ipaserver import httpinstance, ntpinstance, certs, ipaldap
 
 class ReplicaConfig:
     def __init__(self):
@@ -141,14 +142,33 @@ def main():
     config.dir = dir
 
     # get the directory manager password
-    config.dirman_password = get_dirman_password()
+    try:
+        config.dirman_password = get_dirman_password()
+    except KeyboardInterrupt:
+        sys.exit(0)
+
+    # Try out the password
+    try:
+        conn = ipaldap.IPAdmin(config.master_host_name)
+        conn.do_simple_bind(bindpw=config.dirman_password)
+        conn.unbind()
+    except ldap.CONNECT_ERROR, e:
+        sys.exit("\nUnable to connect to LDAP server %s" % config.master_host_name)
+    except ldap.SERVER_DOWN, e:
+        sys.exit("\nUnable to connect to LDAP server %s" % config.master_host_name)
+    except ldap.INVALID_CREDENTIALS, e :
+        sys.exit("\nThe password provided is incorrect for LDAP server %s" % config.master_host_name)
 
     install_ds(config)
     
     repl = replication.ReplicationManager(config.host_name, config.dirman_password)
+    if repl is None:
+        raise RuntimeError("Unable to connect to LDAP server %s." % config.host_name)
     ret = repl.setup_replication(config.master_host_name, config.realm_name)
+    if ret is None:
+        raise RuntimeError("Unable to connect to LDAP server %s." % config.master_host_name)
     if ret != 0:
-        raise RuntimeError("failed to start replication")
+        raise RuntimeError("Failed to start replication")
 
     install_krb(config)
     install_http(config)

ipa-server/ipaserver/replication.py

@@ -31,8 +31,13 @@ class ReplicationManager:
     def __init__(self, hostname, dirman_passwd):
         self.hostname = hostname
         self.dirman_passwd = dirman_passwd
-        self.conn = ipaldap.IPAdmin(hostname)
-        self.conn.do_simple_bind(bindpw=dirman_passwd)
+        try:
+            self.conn = ipaldap.IPAdmin(hostname)
+            self.conn.do_simple_bind(bindpw=dirman_passwd)
+        except ldap.CONNECT_ERROR, e:
+            return None
+        except ldap.SERVER_DOWN, e:
+            return None
 
         self.repl_man_passwd = dirman_passwd
 
@@ -270,7 +275,6 @@ class ReplicationManager:
 
         return done, hasError
 
-
     def wait_for_repl_init(self, conn, agmtdn):
         done = False
         haserror = 0
@@ -288,7 +292,6 @@ class ReplicationManager:
 
         return self.wait_for_repl_init(other_conn, dn)
         
-
     def basic_replication_setup(self, conn, replica_id):
         self.add_replication_manager(conn)
         self.local_replica_config(conn, replica_id)
@@ -300,8 +303,14 @@ class ReplicationManager:
            - the directory manager password needs to be the same on
              both directories.
         """
-        other_conn = ipaldap.IPAdmin(other_hostname)
-        other_conn.do_simple_bind(bindpw=self.dirman_passwd)
+        try:
+            other_conn = ipaldap.IPAdmin(other_hostname)
+            other_conn.do_simple_bind(bindpw=self.dirman_passwd)
+        except ldap.CONNECT_ERROR, e:
+            return None
+        except ldap.SERVER_DOWN, e:
+            return None
+
         self.suffix = ipaldap.IPAdmin.normalizeDN(dsinstance.realm_to_suffix(realm_name))
 
         self.basic_replication_setup(self.conn, 1)
@@ -311,6 +320,3 @@ class ReplicationManager:
         self.setup_agreement(self.conn, other_conn)
         
         return self.start_replication(other_conn)
-        
-        
-