mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 15:40:01 -06:00
Only initialize the API once in the installer
Make the ldap2 plugin schema loader ignore SERVER_DOWN errors 525303
This commit is contained in:
parent
38a27b1c2f
commit
e4877c946f
@ -32,7 +32,6 @@ from ipaserver.install import bindinstance, httpinstance, ntpinstance, certs
|
||||
from ipaserver import ipaldap
|
||||
from ipapython import version
|
||||
from ipalib import api, util
|
||||
from ipalib.constants import DEFAULT_CONFIG
|
||||
|
||||
CACERT="/usr/share/ipa/html/ca.crt"
|
||||
|
||||
@ -134,14 +133,6 @@ def install_ca(config):
|
||||
# FIXME, need to pass along the CA plugin to use
|
||||
cafile = config.dir + "/ca.p12"
|
||||
|
||||
# Just initialize the environment. This is so the installer can have
|
||||
# access to the plugin environment
|
||||
api.env._bootstrap()
|
||||
default_config = dict(DEFAULT_CONFIG)
|
||||
if ipautil.file_exists(cafile):
|
||||
default_config['ra_plugin'] = 'dogtag'
|
||||
api.env._finalize_core(**default_config)
|
||||
|
||||
if not ipautil.file_exists(cafile):
|
||||
return None
|
||||
|
||||
@ -320,6 +311,14 @@ def main():
|
||||
except ldap.INVALID_CREDENTIALS, e :
|
||||
sys.exit("\nThe password provided is incorrect for LDAP server %s" % config.master_host_name)
|
||||
|
||||
if ipautil.file_exists(config.dir + "/ca.p12"):
|
||||
ca_type = 'dogtag'
|
||||
else:
|
||||
ca_type = 'selfsign'
|
||||
|
||||
api.bootstrap(in_server=True, ra_plugin=ca_type)
|
||||
api.finalize()
|
||||
|
||||
# Install CA cert so that we can do SSL connections with ldap
|
||||
install_ca_cert(config)
|
||||
|
||||
@ -379,9 +378,6 @@ def main():
|
||||
service.restart("krb5kdc")
|
||||
|
||||
if options.setup_dns:
|
||||
# First bootstrap the plug-in framework
|
||||
api.bootstrap(in_server=True)
|
||||
api.finalize()
|
||||
api.Backend.ldap2.connect(bind_dn="cn=Directory Manager",
|
||||
bind_pw=config.dirman_password)
|
||||
|
||||
|
@ -52,7 +52,6 @@ from ipaserver.install.installutils import *
|
||||
from ipapython import sysrestore
|
||||
from ipapython.ipautil import *
|
||||
from ipalib import api, util
|
||||
from ipalib.constants import DEFAULT_CONFIG
|
||||
|
||||
pw_name = None
|
||||
|
||||
@ -402,14 +401,6 @@ def main():
|
||||
signal.signal(signal.SIGTERM, signal_handler)
|
||||
signal.signal(signal.SIGINT, signal_handler)
|
||||
|
||||
# Just initialize the environment. This is so the installer can have
|
||||
# access to the plugin environment
|
||||
api.env._bootstrap()
|
||||
default_config = dict(DEFAULT_CONFIG)
|
||||
if options.ca:
|
||||
default_config['ra_plugin'] = 'dogtag'
|
||||
api.env._finalize_core(**default_config)
|
||||
|
||||
if options.uninstall:
|
||||
standard_logging_setup("/var/log/ipaserver-uninstall.log", options.debug)
|
||||
else:
|
||||
@ -419,6 +410,14 @@ def main():
|
||||
global fstore
|
||||
fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
|
||||
|
||||
if options.ca:
|
||||
ca_type = 'dogtag'
|
||||
else:
|
||||
ca_type = 'selfsign'
|
||||
|
||||
api.bootstrap(in_server=True, ra_plugin=ca_type)
|
||||
api.finalize()
|
||||
|
||||
if options.uninstall:
|
||||
if not options.unattended:
|
||||
print "\nThis is a NON REVERSIBLE operation and will delete all data and configuration!\n"
|
||||
@ -712,9 +711,6 @@ def main():
|
||||
bind = bindinstance.BindInstance(fstore, dm_password)
|
||||
bind.setup(host_name, ip_address, realm_name, domain_name, dns_forwarders)
|
||||
if options.setup_dns:
|
||||
# First bootstrap the plug-in framework
|
||||
api.bootstrap(in_server=True)
|
||||
api.finalize()
|
||||
api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=dm_password)
|
||||
|
||||
bind.create_instance()
|
||||
|
@ -60,9 +60,12 @@ class ra(rabase.rabase):
|
||||
self.ipa_key_size = "2048"
|
||||
self.ipa_certificate_nickname = "ipaCert"
|
||||
self.ca_certificate_nickname = "caCert"
|
||||
try:
|
||||
f = open(self.pwd_file, "r")
|
||||
self.password = f.readline().strip()
|
||||
f.close()
|
||||
except IOError:
|
||||
self.password = ''
|
||||
super(ra, self).__init__()
|
||||
|
||||
def _request(self, url, **kw):
|
||||
|
@ -121,12 +121,15 @@ def _get_url(host, port, using_cacert=False):
|
||||
|
||||
# retrieves LDAP schema from server
|
||||
def _load_schema(url):
|
||||
global _schema
|
||||
try:
|
||||
conn = _ldap.initialize(url)
|
||||
# assume anonymous access is enabled
|
||||
conn.simple_bind_s('', '')
|
||||
schema_entry = conn.search_s('cn=schema', _ldap.SCOPE_BASE)[0]
|
||||
conn.unbind_s()
|
||||
except _ldap.SERVER_DOWN:
|
||||
return None
|
||||
except _ldap.LDAPError, e:
|
||||
# TODO: raise a more appropriate exception
|
||||
_handle_errors(e, **{})
|
||||
@ -142,8 +145,9 @@ def _load_schema(url):
|
||||
_schema = _load_schema(api.env.ldap_uri)
|
||||
|
||||
def _get_syntax(attr, value):
|
||||
schema = api.Backend.ldap2._schema
|
||||
obj = schema.get_obj(_ldap.schema.AttributeType, attr)
|
||||
global _schema
|
||||
|
||||
obj = _schema.get_obj(_ldap.schema.AttributeType, attr)
|
||||
if obj is not None:
|
||||
return obj.syntax
|
||||
else:
|
||||
@ -176,7 +180,6 @@ class ldap2(CrudBackend, Encoder):
|
||||
self.encoder_settings.decode_dict_vals_table_keygen = _get_syntax
|
||||
self.encoder_settings.decode_postprocessor = lambda x: string.lower(x)
|
||||
self._ldapuri = api.env.ldap_uri
|
||||
self._schema = _schema
|
||||
CrudBackend.__init__(self)
|
||||
|
||||
def __del__(self):
|
||||
@ -204,12 +207,13 @@ class ldap2(CrudBackend, Encoder):
|
||||
|
||||
Extends backend.Connectible.create_connection.
|
||||
"""
|
||||
global _schema
|
||||
if ldapuri is not None:
|
||||
self._ldapuri = ldapuri
|
||||
|
||||
# if we don't have this server's schema cached, do it now
|
||||
if self._ldapuri != api.env.ldap_uri:
|
||||
self._schema = _load_schema(self._ldapuri)
|
||||
if self._ldapuri != api.env.ldap_uri or _schema is None:
|
||||
_schema = _load_schema(self._ldapuri)
|
||||
|
||||
if tls_cacertfile is not None:
|
||||
_ldap.set_option(_ldap.OPT_X_TLS_CACERTFILE, tls_cacertfile)
|
||||
@ -304,9 +308,10 @@ class ldap2(CrudBackend, Encoder):
|
||||
preferred_names -- list of preferred synomyms or None for defaults
|
||||
(default None)
|
||||
"""
|
||||
global _schema
|
||||
if preferred_names:
|
||||
for n in preferred_names:
|
||||
attr = self._schema.get_obj(_ldap.schema.AttributeType, n)
|
||||
attr = _schema.get_obj(_ldap.schema.AttributeType, n)
|
||||
synonyms = [v.lower() for v in attr.names]
|
||||
synonyms.remove(n)
|
||||
for s in synonyms:
|
||||
@ -315,7 +320,7 @@ class ldap2(CrudBackend, Encoder):
|
||||
del entry_attrs[s]
|
||||
else:
|
||||
for (k, v) in entry_attrs.items():
|
||||
attr = self._schema.get_obj(_ldap.schema.AttributeType, k)
|
||||
attr = _schema.get_obj(_ldap.schema.AttributeType, k)
|
||||
synonyms = [v.lower() for v in attr.names]
|
||||
preferred_name = synonyms[0]
|
||||
if k in synonyms[1:]:
|
||||
@ -492,8 +497,9 @@ class ldap2(CrudBackend, Encoder):
|
||||
return self.find_entries(filter, None, 'cn=etc', self.SCOPE_ONELEVEL)[0][0]
|
||||
|
||||
def get_schema(self):
|
||||
global _schema
|
||||
"""Returns a copy of the current LDAP schema."""
|
||||
return copy.deepcopy(self._schema)
|
||||
return copy.deepcopy(_schema)
|
||||
|
||||
@encode_args(1, 2)
|
||||
def get_effective_rights(self, dn, entry_attrs):
|
||||
|
Loading…
Reference in New Issue
Block a user