Run the LDAP updater at the end of the installation process.

Running at the end ensures that /etc/ipa/ipa.conf is created and generally makes it more likely to succeed. Added a new argument to ipa-server-installl, -y <password_file>, so we don't have to pass it on the command-line.
2025-02-25 18:55:28 -06:00 · 2008-09-15 18:15:12 -04:00 · 2008-09-15 18:15:12 -04:00 · f736253b93
commit f736253b93
parent aa8c4a53bf
4 changed files with 36 additions and 1 deletions
--- a/ipa-server/ipa-install/ipa-server-install
+++ b/ipa-server/ipa-install/ipa-server-install
@ -540,6 +540,11 @@ def main():
    else:
        bind.create_sample_bind_zone()

+    # Apply any LDAP updates. Needs to be done after the configuration file
+    # is created
+    service.print_msg("Applying LDAP updates")
+    ds.apply_updates()
+
    # Restart ds and krb after configurations have been changed
    service.print_msg("restarting the directory server")
    ds.restart()
--- a/ipa-server/ipa-ldap-updater
+++ b/ipa-server/ipa-ldap-updater
@ -69,6 +69,8 @@ def parse_options():
                      help="Display debugging information about the update(s)")
    parser.add_option("-t", "--test", action="store_true", dest="test",
                      help="Run through the update without changing anything")
+    parser.add_option("-y", dest="password",
+                      help="File containing the Directory Manager password")

    config.add_standard_options(parser)
    options, args = parser.parse_args()
@ -565,6 +567,11 @@ def main():
                 "DOMAIN" : domain, "SUFFIX" : suffix,
                 "LIBARCH" : libarch, "TIME" : int(time.time()) }

+    dirman_password = ""
+    if options.password:
+        pw = read_file(options.password)
+        dirman_password = pw[0].strip()
+    else:
        dirman_password = get_dirman_password(fqdn)

    files=[]
--- a/ipa-server/ipaserver/dsinstance.py
+++ b/ipa-server/ipaserver/dsinstance.py
@ -304,6 +304,26 @@ class DsInstance(service.Service):
    def init_memberof(self):
        self.__ldap_mod("memberof-task.ldif", self.sub_dict)

+    def apply_updates(self):
+        """Run the ipa-ldap-updater tool. Needs to be run after the
+           configuration file /etc/ipa/ipa.conf has been created.
+        """
+        [pw_fd, pw_name] = tempfile.mkstemp()
+        os.write(pw_fd, self.dm_password)
+        os.close(pw_fd)
+
+        try:
+            args = ["/usr/sbin/ipa-ldap-updater",
+                    "-y", pw_name]
+            try:
+                ipautil.run(args)
+                logging.debug("Updates applied")
+            except ipautil.CalledProcessError, e:
+                print "Unable to apply updates", e
+                logging.debug("Unable to apply updates%s" % e)
+        finally:
+            os.remove(pw_name)
+
    def __add_referint_module(self):
        self.__ldap_mod("referint-conf.ldif")

--- a/ipa-server/man/ipa-ldap-updater.1
+++ b/ipa-server/man/ipa-ldap-updater.1
@ -67,6 +67,9 @@ Enable debug logging when more verbose output is needed
 .TP 
 \fB\-t\fR, \fB\-\-test\fR
 Run through the update without changing anything
+.TP 
+\fB\-y\fR
+File containing the Directory Manager password
 .SH "EXIT STATUS"
 0 if the command was successful