mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-11 08:41:55 -06:00
Only initialize the API once in the installer
Make the ldap2 plugin schema loader ignore SERVER_DOWN errors 525303
This commit is contained in:
parent
38a27b1c2f
commit
e4877c946f
@ -32,7 +32,6 @@ from ipaserver.install import bindinstance, httpinstance, ntpinstance, certs
|
|||||||
from ipaserver import ipaldap
|
from ipaserver import ipaldap
|
||||||
from ipapython import version
|
from ipapython import version
|
||||||
from ipalib import api, util
|
from ipalib import api, util
|
||||||
from ipalib.constants import DEFAULT_CONFIG
|
|
||||||
|
|
||||||
CACERT="/usr/share/ipa/html/ca.crt"
|
CACERT="/usr/share/ipa/html/ca.crt"
|
||||||
|
|
||||||
@ -134,14 +133,6 @@ def install_ca(config):
|
|||||||
# FIXME, need to pass along the CA plugin to use
|
# FIXME, need to pass along the CA plugin to use
|
||||||
cafile = config.dir + "/ca.p12"
|
cafile = config.dir + "/ca.p12"
|
||||||
|
|
||||||
# Just initialize the environment. This is so the installer can have
|
|
||||||
# access to the plugin environment
|
|
||||||
api.env._bootstrap()
|
|
||||||
default_config = dict(DEFAULT_CONFIG)
|
|
||||||
if ipautil.file_exists(cafile):
|
|
||||||
default_config['ra_plugin'] = 'dogtag'
|
|
||||||
api.env._finalize_core(**default_config)
|
|
||||||
|
|
||||||
if not ipautil.file_exists(cafile):
|
if not ipautil.file_exists(cafile):
|
||||||
return None
|
return None
|
||||||
|
|
||||||
@ -320,6 +311,14 @@ def main():
|
|||||||
except ldap.INVALID_CREDENTIALS, e :
|
except ldap.INVALID_CREDENTIALS, e :
|
||||||
sys.exit("\nThe password provided is incorrect for LDAP server %s" % config.master_host_name)
|
sys.exit("\nThe password provided is incorrect for LDAP server %s" % config.master_host_name)
|
||||||
|
|
||||||
|
if ipautil.file_exists(config.dir + "/ca.p12"):
|
||||||
|
ca_type = 'dogtag'
|
||||||
|
else:
|
||||||
|
ca_type = 'selfsign'
|
||||||
|
|
||||||
|
api.bootstrap(in_server=True, ra_plugin=ca_type)
|
||||||
|
api.finalize()
|
||||||
|
|
||||||
# Install CA cert so that we can do SSL connections with ldap
|
# Install CA cert so that we can do SSL connections with ldap
|
||||||
install_ca_cert(config)
|
install_ca_cert(config)
|
||||||
|
|
||||||
@ -379,9 +378,6 @@ def main():
|
|||||||
service.restart("krb5kdc")
|
service.restart("krb5kdc")
|
||||||
|
|
||||||
if options.setup_dns:
|
if options.setup_dns:
|
||||||
# First bootstrap the plug-in framework
|
|
||||||
api.bootstrap(in_server=True)
|
|
||||||
api.finalize()
|
|
||||||
api.Backend.ldap2.connect(bind_dn="cn=Directory Manager",
|
api.Backend.ldap2.connect(bind_dn="cn=Directory Manager",
|
||||||
bind_pw=config.dirman_password)
|
bind_pw=config.dirman_password)
|
||||||
|
|
||||||
|
@ -52,7 +52,6 @@ from ipaserver.install.installutils import *
|
|||||||
from ipapython import sysrestore
|
from ipapython import sysrestore
|
||||||
from ipapython.ipautil import *
|
from ipapython.ipautil import *
|
||||||
from ipalib import api, util
|
from ipalib import api, util
|
||||||
from ipalib.constants import DEFAULT_CONFIG
|
|
||||||
|
|
||||||
pw_name = None
|
pw_name = None
|
||||||
|
|
||||||
@ -402,14 +401,6 @@ def main():
|
|||||||
signal.signal(signal.SIGTERM, signal_handler)
|
signal.signal(signal.SIGTERM, signal_handler)
|
||||||
signal.signal(signal.SIGINT, signal_handler)
|
signal.signal(signal.SIGINT, signal_handler)
|
||||||
|
|
||||||
# Just initialize the environment. This is so the installer can have
|
|
||||||
# access to the plugin environment
|
|
||||||
api.env._bootstrap()
|
|
||||||
default_config = dict(DEFAULT_CONFIG)
|
|
||||||
if options.ca:
|
|
||||||
default_config['ra_plugin'] = 'dogtag'
|
|
||||||
api.env._finalize_core(**default_config)
|
|
||||||
|
|
||||||
if options.uninstall:
|
if options.uninstall:
|
||||||
standard_logging_setup("/var/log/ipaserver-uninstall.log", options.debug)
|
standard_logging_setup("/var/log/ipaserver-uninstall.log", options.debug)
|
||||||
else:
|
else:
|
||||||
@ -419,6 +410,14 @@ def main():
|
|||||||
global fstore
|
global fstore
|
||||||
fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
|
fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
|
||||||
|
|
||||||
|
if options.ca:
|
||||||
|
ca_type = 'dogtag'
|
||||||
|
else:
|
||||||
|
ca_type = 'selfsign'
|
||||||
|
|
||||||
|
api.bootstrap(in_server=True, ra_plugin=ca_type)
|
||||||
|
api.finalize()
|
||||||
|
|
||||||
if options.uninstall:
|
if options.uninstall:
|
||||||
if not options.unattended:
|
if not options.unattended:
|
||||||
print "\nThis is a NON REVERSIBLE operation and will delete all data and configuration!\n"
|
print "\nThis is a NON REVERSIBLE operation and will delete all data and configuration!\n"
|
||||||
@ -712,9 +711,6 @@ def main():
|
|||||||
bind = bindinstance.BindInstance(fstore, dm_password)
|
bind = bindinstance.BindInstance(fstore, dm_password)
|
||||||
bind.setup(host_name, ip_address, realm_name, domain_name, dns_forwarders)
|
bind.setup(host_name, ip_address, realm_name, domain_name, dns_forwarders)
|
||||||
if options.setup_dns:
|
if options.setup_dns:
|
||||||
# First bootstrap the plug-in framework
|
|
||||||
api.bootstrap(in_server=True)
|
|
||||||
api.finalize()
|
|
||||||
api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=dm_password)
|
api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=dm_password)
|
||||||
|
|
||||||
bind.create_instance()
|
bind.create_instance()
|
||||||
|
@ -60,9 +60,12 @@ class ra(rabase.rabase):
|
|||||||
self.ipa_key_size = "2048"
|
self.ipa_key_size = "2048"
|
||||||
self.ipa_certificate_nickname = "ipaCert"
|
self.ipa_certificate_nickname = "ipaCert"
|
||||||
self.ca_certificate_nickname = "caCert"
|
self.ca_certificate_nickname = "caCert"
|
||||||
|
try:
|
||||||
f = open(self.pwd_file, "r")
|
f = open(self.pwd_file, "r")
|
||||||
self.password = f.readline().strip()
|
self.password = f.readline().strip()
|
||||||
f.close()
|
f.close()
|
||||||
|
except IOError:
|
||||||
|
self.password = ''
|
||||||
super(ra, self).__init__()
|
super(ra, self).__init__()
|
||||||
|
|
||||||
def _request(self, url, **kw):
|
def _request(self, url, **kw):
|
||||||
|
@ -121,12 +121,15 @@ def _get_url(host, port, using_cacert=False):
|
|||||||
|
|
||||||
# retrieves LDAP schema from server
|
# retrieves LDAP schema from server
|
||||||
def _load_schema(url):
|
def _load_schema(url):
|
||||||
|
global _schema
|
||||||
try:
|
try:
|
||||||
conn = _ldap.initialize(url)
|
conn = _ldap.initialize(url)
|
||||||
# assume anonymous access is enabled
|
# assume anonymous access is enabled
|
||||||
conn.simple_bind_s('', '')
|
conn.simple_bind_s('', '')
|
||||||
schema_entry = conn.search_s('cn=schema', _ldap.SCOPE_BASE)[0]
|
schema_entry = conn.search_s('cn=schema', _ldap.SCOPE_BASE)[0]
|
||||||
conn.unbind_s()
|
conn.unbind_s()
|
||||||
|
except _ldap.SERVER_DOWN:
|
||||||
|
return None
|
||||||
except _ldap.LDAPError, e:
|
except _ldap.LDAPError, e:
|
||||||
# TODO: raise a more appropriate exception
|
# TODO: raise a more appropriate exception
|
||||||
_handle_errors(e, **{})
|
_handle_errors(e, **{})
|
||||||
@ -142,8 +145,9 @@ def _load_schema(url):
|
|||||||
_schema = _load_schema(api.env.ldap_uri)
|
_schema = _load_schema(api.env.ldap_uri)
|
||||||
|
|
||||||
def _get_syntax(attr, value):
|
def _get_syntax(attr, value):
|
||||||
schema = api.Backend.ldap2._schema
|
global _schema
|
||||||
obj = schema.get_obj(_ldap.schema.AttributeType, attr)
|
|
||||||
|
obj = _schema.get_obj(_ldap.schema.AttributeType, attr)
|
||||||
if obj is not None:
|
if obj is not None:
|
||||||
return obj.syntax
|
return obj.syntax
|
||||||
else:
|
else:
|
||||||
@ -176,7 +180,6 @@ class ldap2(CrudBackend, Encoder):
|
|||||||
self.encoder_settings.decode_dict_vals_table_keygen = _get_syntax
|
self.encoder_settings.decode_dict_vals_table_keygen = _get_syntax
|
||||||
self.encoder_settings.decode_postprocessor = lambda x: string.lower(x)
|
self.encoder_settings.decode_postprocessor = lambda x: string.lower(x)
|
||||||
self._ldapuri = api.env.ldap_uri
|
self._ldapuri = api.env.ldap_uri
|
||||||
self._schema = _schema
|
|
||||||
CrudBackend.__init__(self)
|
CrudBackend.__init__(self)
|
||||||
|
|
||||||
def __del__(self):
|
def __del__(self):
|
||||||
@ -204,12 +207,13 @@ class ldap2(CrudBackend, Encoder):
|
|||||||
|
|
||||||
Extends backend.Connectible.create_connection.
|
Extends backend.Connectible.create_connection.
|
||||||
"""
|
"""
|
||||||
|
global _schema
|
||||||
if ldapuri is not None:
|
if ldapuri is not None:
|
||||||
self._ldapuri = ldapuri
|
self._ldapuri = ldapuri
|
||||||
|
|
||||||
# if we don't have this server's schema cached, do it now
|
# if we don't have this server's schema cached, do it now
|
||||||
if self._ldapuri != api.env.ldap_uri:
|
if self._ldapuri != api.env.ldap_uri or _schema is None:
|
||||||
self._schema = _load_schema(self._ldapuri)
|
_schema = _load_schema(self._ldapuri)
|
||||||
|
|
||||||
if tls_cacertfile is not None:
|
if tls_cacertfile is not None:
|
||||||
_ldap.set_option(_ldap.OPT_X_TLS_CACERTFILE, tls_cacertfile)
|
_ldap.set_option(_ldap.OPT_X_TLS_CACERTFILE, tls_cacertfile)
|
||||||
@ -304,9 +308,10 @@ class ldap2(CrudBackend, Encoder):
|
|||||||
preferred_names -- list of preferred synomyms or None for defaults
|
preferred_names -- list of preferred synomyms or None for defaults
|
||||||
(default None)
|
(default None)
|
||||||
"""
|
"""
|
||||||
|
global _schema
|
||||||
if preferred_names:
|
if preferred_names:
|
||||||
for n in preferred_names:
|
for n in preferred_names:
|
||||||
attr = self._schema.get_obj(_ldap.schema.AttributeType, n)
|
attr = _schema.get_obj(_ldap.schema.AttributeType, n)
|
||||||
synonyms = [v.lower() for v in attr.names]
|
synonyms = [v.lower() for v in attr.names]
|
||||||
synonyms.remove(n)
|
synonyms.remove(n)
|
||||||
for s in synonyms:
|
for s in synonyms:
|
||||||
@ -315,7 +320,7 @@ class ldap2(CrudBackend, Encoder):
|
|||||||
del entry_attrs[s]
|
del entry_attrs[s]
|
||||||
else:
|
else:
|
||||||
for (k, v) in entry_attrs.items():
|
for (k, v) in entry_attrs.items():
|
||||||
attr = self._schema.get_obj(_ldap.schema.AttributeType, k)
|
attr = _schema.get_obj(_ldap.schema.AttributeType, k)
|
||||||
synonyms = [v.lower() for v in attr.names]
|
synonyms = [v.lower() for v in attr.names]
|
||||||
preferred_name = synonyms[0]
|
preferred_name = synonyms[0]
|
||||||
if k in synonyms[1:]:
|
if k in synonyms[1:]:
|
||||||
@ -492,8 +497,9 @@ class ldap2(CrudBackend, Encoder):
|
|||||||
return self.find_entries(filter, None, 'cn=etc', self.SCOPE_ONELEVEL)[0][0]
|
return self.find_entries(filter, None, 'cn=etc', self.SCOPE_ONELEVEL)[0][0]
|
||||||
|
|
||||||
def get_schema(self):
|
def get_schema(self):
|
||||||
|
global _schema
|
||||||
"""Returns a copy of the current LDAP schema."""
|
"""Returns a copy of the current LDAP schema."""
|
||||||
return copy.deepcopy(self._schema)
|
return copy.deepcopy(_schema)
|
||||||
|
|
||||||
@encode_args(1, 2)
|
@encode_args(1, 2)
|
||||||
def get_effective_rights(self, dn, entry_attrs):
|
def get_effective_rights(self, dn, entry_attrs):
|
||||||
|
Loading…
Reference in New Issue
Block a user