mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-26 00:41:25 -06:00
922062eb55
* ipca-ca-install: Use a single ldap connection for the entire
script. Connecting with ccache in promote is not needed.
* ipa-cacert-manage: Always connect to ldap, since renew and install
are the only options and renew seems to need ldap connection even
for self signed certificates.
* ipa-compat-manage: Use one ldap connection for the entire script.
Replaced try-finally with proper disconnect, code block reindented.
* ipa-csreplica-manage: Properly establish and close the ldap connection.
* ipa-dns-install: Proper connect, disconnect to ldap.
* ipa-kra-install: Proper connect/disconnect for install and uninstall.
* ipa-ldap-update: Proper connect and disconnect to ldap.
* ipa-nis-manage: Proper connect/disconnect for ldap. Try-finally removed
and code block reindented.
* ipa-replica-manage: Proper connect/disconnect to ldap.
* ipa-replica-prepare: Connect added to validate_options(), where api is
initialized and disconnected added at the end of run. Reconnect in
ask_for_options() to validate directory manager password.
* ipa-server-certinstall: Use api.Backend.ldap2 for ldap connections.
* ipa-server-upgrade: Connect to and disconnect from api.Backend.ldap2.
https://fedorahosted.org/freeipa/ticket/6461
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
191 lines
6.4 KiB
Python
Executable File
191 lines
6.4 KiB
Python
Executable File
#!/usr/bin/python2
|
|
# Authors: Rob Crittenden <rcritten@redhat.com>
|
|
# Authors: Simo Sorce <ssorce@redhat.com>
|
|
#
|
|
# Copyright (C) 2008-2016 Red Hat, Inc.
|
|
# see file 'COPYING' for use and warranty information
|
|
#
|
|
# This program is free software; you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
#
|
|
|
|
from __future__ import print_function
|
|
|
|
import sys
|
|
from ipaplatform.paths import paths
|
|
try:
|
|
from optparse import OptionParser
|
|
from ipapython import ipautil, config
|
|
from ipaserver.install import installutils
|
|
from ipaserver.install.ldapupdate import LDAPUpdate
|
|
from ipalib import api, errors
|
|
from ipapython.ipa_log_manager import standard_logging_setup
|
|
from ipapython.dn import DN
|
|
except ImportError as e:
|
|
print("""\
|
|
There was a problem importing one of the required Python modules. The
|
|
error was:
|
|
|
|
%s
|
|
""" % e, file=sys.stderr)
|
|
sys.exit(1)
|
|
|
|
compat_dn = DN(('cn', 'Schema Compatibility'), ('cn', 'plugins'), ('cn', 'config'))
|
|
nis_config_dn = DN(('cn', 'NIS Server'), ('cn', 'plugins'), ('cn', 'config'))
|
|
|
|
def parse_options():
|
|
usage = "%prog [options] <enable|disable|status>\n"
|
|
usage += "%prog [options]\n"
|
|
parser = OptionParser(usage=usage, formatter=config.IPAFormatter())
|
|
|
|
parser.add_option("-d", "--debug", action="store_true", dest="debug",
|
|
help="Display debugging information about the update(s)")
|
|
parser.add_option("-y", dest="password",
|
|
help="File containing the Directory Manager password")
|
|
|
|
config.add_standard_options(parser)
|
|
options, args = parser.parse_args()
|
|
|
|
config.init_config(options)
|
|
|
|
return options, args
|
|
|
|
def get_dirman_password():
|
|
"""Prompt the user for the Directory Manager password and verify its
|
|
correctness.
|
|
"""
|
|
password = installutils.read_password("Directory Manager", confirm=False, validate=False)
|
|
|
|
return password
|
|
|
|
def get_entry(dn):
|
|
"""
|
|
Return the entry for the given DN. If the entry is not found return
|
|
None.
|
|
"""
|
|
entry = None
|
|
try:
|
|
entry = api.Backend.ldap2.get_entry(dn)
|
|
except errors.NotFound:
|
|
pass
|
|
return entry
|
|
|
|
def main():
|
|
retval = 0
|
|
files = [paths.SCHEMA_COMPAT_ULDIF]
|
|
|
|
options, args = parse_options()
|
|
|
|
if len(args) != 1:
|
|
sys.exit("You must specify one action: enable | disable | status")
|
|
elif args[0] != "enable" and args[0] != "disable" and args[0] != "status":
|
|
sys.exit("Unrecognized action [" + args[0] + "]")
|
|
|
|
standard_logging_setup(None, debug=options.debug)
|
|
|
|
dirman_password = ""
|
|
if options.password:
|
|
pw = ipautil.template_file(options.password, [])
|
|
dirman_password = pw.strip()
|
|
else:
|
|
dirman_password = get_dirman_password()
|
|
if dirman_password is None:
|
|
sys.exit("Directory Manager password required")
|
|
|
|
api.bootstrap(context='cli', in_server=True, debug=options.debug)
|
|
api.finalize()
|
|
api.Backend.ldap2.connect()
|
|
|
|
if args[0] == "status":
|
|
entry = None
|
|
try:
|
|
entry = get_entry(compat_dn)
|
|
if entry is not None and entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'on':
|
|
print("Plugin Enabled")
|
|
else:
|
|
print("Plugin Disabled")
|
|
except errors.LDAPError as lde:
|
|
print("An error occurred while talking to the server.")
|
|
print(lde)
|
|
|
|
if args[0] == "enable":
|
|
entry = None
|
|
try:
|
|
entry = get_entry(compat_dn)
|
|
if entry is not None and entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'on':
|
|
print("Plugin already Enabled")
|
|
retval = 2
|
|
else:
|
|
print("Enabling plugin")
|
|
|
|
if entry is None:
|
|
ld = LDAPUpdate(dm_password=dirman_password, sub_dict={})
|
|
if not ld.update(files):
|
|
print("Updating Directory Server failed.")
|
|
retval = 1
|
|
else:
|
|
entry['nsslapd-pluginenabled'] = ['on']
|
|
api.Backend.ldap2.update_entry(entry)
|
|
except errors.ExecutionError as lde:
|
|
print("An error occurred while talking to the server.")
|
|
print(lde)
|
|
retval = 1
|
|
|
|
elif args[0] == "disable":
|
|
entry = None
|
|
try:
|
|
entry = get_entry(nis_config_dn)
|
|
# We can't disable schema compat if the NIS plugin is enabled
|
|
if entry is not None and entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'on':
|
|
print("The NIS plugin is configured, cannot disable compatibility.", file=sys.stderr)
|
|
print("Run 'ipa-nis-manage disable' first.", file=sys.stderr)
|
|
retval = 2
|
|
except errors.ExecutionError as lde:
|
|
print("An error occurred while talking to the server.")
|
|
print(lde)
|
|
retval = 1
|
|
|
|
if retval == 0:
|
|
entry = None
|
|
try:
|
|
entry = get_entry(compat_dn)
|
|
if entry is None or entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'off':
|
|
print("Plugin is already disabled")
|
|
retval = 2
|
|
else:
|
|
print("Disabling plugin")
|
|
|
|
entry['nsslapd-pluginenabled'] = ['off']
|
|
api.Backend.ldap2.update_entry(entry)
|
|
except errors.DatabaseError as dbe:
|
|
print("An error occurred while talking to the server.")
|
|
print(dbe)
|
|
retval = 1
|
|
except errors.ExecutionError as lde:
|
|
print("An error occurred while talking to the server.")
|
|
print(lde)
|
|
retval = 1
|
|
|
|
else:
|
|
retval = 1
|
|
|
|
if retval == 0:
|
|
print("This setting will not take effect until you restart Directory Server.")
|
|
|
|
api.Backend.ldap2.disconnect()
|
|
|
|
return retval
|
|
|
|
if __name__ == '__main__':
|
|
installutils.run_script(main, operation_name='ipa-compat-manage')
|