Configure nslcd and a host of possible systems that use LDAP.

We will update any/all of /etc/ldap.conf, /etc/nss_ldap.conf, /etc/libnss-ldap.conf and /etc/pam_ldap.conf. nslcd is the replacement for nss_ldap. ticket 50
2025-02-25 18:55:28 -06:00 · 2010-08-04 10:09:35 -04:00 · 2010-08-04 10:09:35 -04:00 · ea76d8c59a
commit ea76d8c59a
parent 49584d6efc
1 changed files with 53 additions and 9 deletions
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@ -31,7 +31,7 @@ try:
    import ipaclient.ipadiscovery
    import ipaclient.ipachangeconf
    import ipaclient.ntpconf
-    from ipapython.ipautil import run, user_input, CalledProcessError
+    from ipapython.ipautil import run, user_input, CalledProcessError, file_exists
    from ipapython import sysrestore
    from ipapython import version
    import SSSDConfig
@ -303,12 +303,51 @@ def configure_ldap_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, d
        opts.append({'name':'nss_srv_domain', 'type':'option', 'value':cli_domain})

    opts.append({'name':'empty', 'type':'empty'})
-    try:
-        fstore.backup_file("/etc/ldap.conf")
-        ldapconf.newConf("/etc/ldap.conf", opts)
-    except Exception, e:
-        print "Creation of /etc/ldap.conf: " + str(e)
-        return 1
+
+    # Depending on the release and distribution this may exist in any
+    # number of different file names, update what we find
+    for filename in ['/etc/ldap.conf', '/etc/nss_ldap.conf', '/etc/libnss-ldap.conf', '/etc/pam_ldap.conf']:
+        if file_exists(filename):
+            try:
+                fstore.backup_file(filename)
+                ldapconf.newConf(filename, opts)
+            except Exception, e:
+                print "Creation of %s: %s" % (filename, str(e))
+                return 1
+
+    return 0
+
+def configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options):
+    nslcdconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer")
+    nslcdconf.setOptionAssignment(" ")
+
+    opts = [{'name':'comment', 'type':'comment', 'value':'File modified by ipa-client-install'},
+            {'name':'empty', 'type':'empty'},
+            {'name':'ldap_version', 'type':'option', 'value':'3'},
+            {'name':'base', 'type':'option', 'value':cli_basedn},
+            {'name':'empty', 'type':'empty'},
+            {'name':'base passwd', 'type':'option', 'value':'cn=users,cn=accounts,'+cli_basedn},
+            {'name':'base group', 'type':'option', 'value':'cn=groups,cn=accounts,'+cli_basedn},
+            {'name':'map group', 'type':'option', 'value':'uniqueMember member'},
+            {'name':'timelimit', 'type':'option', 'value':'15'},
+            {'name':'empty', 'type':'empty'}]
+    if not dnsok or options.force or options.on_master:
+        if options.on_master:
+            opts.append({'name':'uri', 'type':'option', 'value':'ldap://localhost'})
+        else:
+            opts.append({'name':'uri', 'type':'option', 'value':'ldap://'+cli_server})
+    else:
+        opts.append({'name':'uri', 'type':'option', 'value':'DNS'})
+
+    opts.append({'name':'empty', 'type':'empty'})
+
+    if file_exists('/etc/nslcd.conf'):
+        try:
+            fstore.backup_file('/etc/nslcd.conf')
+            nslcdconf.newConf('/etc/nslcd.conf', opts)
+        except Exception, e:
+            print "Creation of %s: %s" % ('/etc/nslcd.conf', str(e))
+            return 1

    return 0

@ -317,6 +356,9 @@ def hardcode_ldap_server(cli_server):
    DNS Discovery didn't return a valid IPA server, hardcode a value into
    the file instead.
    """
+    if not file_exists('/etc/ldap.conf'):
+        return
+
    ldapconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer")
    ldapconf.setOptionAssignment(" ")

@ -537,7 +579,7 @@ def main():

    if not options.unattended:
        if options.principal is None and options.password is None and options.prompt_password is False:
-            options.principal = user_input("Principal", allow_empty=False)
+            options.principal = user_input("Enrollment principal", allow_empty=False)

    # Get the CA certificate
    try:
@ -628,7 +670,9 @@ def main():
    else:
        if configure_ldap_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options):
            return 1
-        print "Configured /etc/ldap.conf"
+        if configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options):
+            return 1
+        print "Configured LDAP"

    # Add the CA to the default NSS database and trust it
    run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", "/etc/ipa/ca.crt"])