freeipa/ipaserver/plugins
Florence Blanc-Renaud 911992b8bf ipa-adtrust-install: run remote configuration for new agents
When ipa-adtrust-install is run, the tool detects masters that are
not enabled as trust agents and propose to configure them. With the
current code, the Schema Compat plugin is not enabled on these new
trust agents and a manual restart of LDAP server + SSSD is required.

With this commit, ipa-adtrust-install now calls remote code on the new
agents through JSON RPC api, in order to configure the missing parts.
On the remote agent, the command is using DBus and oddjob to launch
a new command,
/usr/libexec/ipa/oddjob/org.freeipa.server.trust-enable-agent [--enable-compat]
This command configures the Schema Compat plugin if --enable-compat is
provided, then restarts LDAP server and SSSD.

If the remote agent is an older version and does not support remote
enablement, or if the remote server is not responding, the tool
ipa-adtrust-install prints a WARNING explaining the steps that need
to be manually executed in order to complete the installation, and
exits successfully (keeping the current behavior).

Fixes: https://pagure.io/freeipa/issue/7600
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Sergey Orlov <sorlov@redhat.com>
2020-03-05 14:40:58 +01:00
..
__init__.py Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
aci.py Fix pylint 2.0 return-related violations 2018-07-11 10:11:38 +02:00
automember.py Fixes pylint errors introduced by version 2.4.0. 2019-09-27 09:38:32 +02:00
automount.py Reworked the renaming mechanism 2017-03-27 19:08:26 +02:00
baseldap.py Allow presence of LDAP attribute options 2019-11-21 11:13:12 -05:00
baseuser.py Extend the list of supported pre-auth mechanisms in IPA server API 2019-09-10 12:33:21 +03:00
batch.py CVE-2019-10195: Don't log passwords embedded in commands in calls using batch 2019-11-26 15:24:20 +02:00
ca.py Handle missing LWCA certificate or chain 2019-06-18 10:36:24 +10:00
caacl.py LGTM: raise handle_not_found() 2018-01-09 07:53:28 +01:00
cert.py Adapt cert-find performance workaround for users 2019-04-09 09:13:27 +02:00
certmap.py certmap rules: altSecurityIdentities should only be used for trusted domains 2019-07-17 17:50:07 +03:00
certprofile.py Sprinkle raw strings across the code base 2018-09-27 10:23:03 +02:00
config.py Fix errors found by Pylint-2.4.3 2019-10-21 18:01:32 +11:00
delegation.py Fix errors found by Pylint-2.4.3 2019-10-21 18:01:32 +11:00
dns.py dnsrecord: Treat empty list arguments correctly 2020-02-14 09:42:52 +02:00
dnsserver.py dnsserver.py: dnsserver-find no longer returns internal server error 2017-06-15 13:51:06 +02:00
dogtag.py CRL generation master: new utility to enable|disable 2019-03-14 09:39:55 +01:00
domainlevel.py Use api.env.container_masters 2019-03-28 00:21:00 +01:00
group.py Show group-add/remove-member-manager failures 2019-11-20 17:08:40 +01:00
hbac.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
hbacrule.py ipaserver/plugins/hbacrule: Add HBAC to memberservice_hbacsvc* labels 2020-02-24 15:02:24 +01:00
hbacsvc.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
hbacsvcgroup.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
hbactest.py Removes several pylint warnings. 2019-09-27 09:38:32 +02:00
host.py Removes several pylint warnings. 2019-09-27 09:38:32 +02:00
hostgroup.py Show group-add/remove-member-manager failures 2019-11-20 17:08:40 +01:00
idrange.py Fix typo in idrange.py docstring 2020-02-14 09:48:50 +02:00
idviews.py Resolve user/group names in idoverride*-find 2018-12-07 11:39:23 +01:00
internal.py Part2: Don't fully quality the FQDN in ssbrowser.html for Chrome 2020-02-24 15:06:04 +01:00
join.py Fix some untranslatable commands in Web UI API Browser 2018-06-21 18:42:05 +02:00
krbtpolicy.py Reset per-indicator Kerberos policy 2019-12-18 14:16:33 +01:00
ldap2.py Optimize user-add by caching ldap2.has_upg() 2019-12-05 15:07:57 +01:00
location.py Fix div-by-zero when svc weight is 0 for all masters in location 2020-02-26 13:42:10 -05:00
migration.py Allow insecure binds for migration 2019-08-13 18:43:58 +02:00
misc.py Make env and plugins commands local again 2016-12-02 13:00:06 +01:00
netgroup.py LGTM: raise handle_not_found() 2018-01-09 07:53:28 +01:00
otp.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
otpconfig.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
otptoken.py Py3: Replace six.moves imports 2018-10-05 12:06:19 +02:00
passwd.py logging: remove object-specific loggers 2017-07-14 15:55:59 +02:00
permission.py Removes several pylint warnings. 2019-09-27 09:38:32 +02:00
ping.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
pkinit.py Don't fail if config-show does not return servers 2019-03-28 17:57:58 +01:00
privilege.py Privilege: add a helper checking if a principal has a given privilege 2020-03-05 14:40:58 +01:00
pwpolicy.py Fix translation of commands description in API Browser 2018-06-12 08:38:56 +02:00
rabase.py CRL generation master: new utility to enable|disable 2019-03-14 09:39:55 +01:00
radiusproxy.py radiusproxy: add permission for reading radius proxy servers 2018-11-13 12:40:44 +01:00
realmdomains.py Fix pylint 2.0 return-related violations 2018-07-11 10:11:38 +02:00
role.py Fix Pylint 2.0 violations 2018-07-14 12:04:19 +02:00
schema.py Fix translation of commands description in API Browser 2018-06-12 08:38:56 +02:00
selfservice.py Fix errors found by Pylint-2.4.3 2019-10-21 18:01:32 +11:00
selinuxusermap.py Make use of single configuration point for SELinux 2019-07-01 14:44:57 +03:00
server.py Privilege: add a helper checking if a principal has a given privilege 2020-03-05 14:40:58 +01:00
serverrole.py Add hidden replica feature 2019-03-28 17:57:58 +01:00
serverroles.py Improve config-show to show hidden servers 2019-03-28 17:57:58 +01:00
service.py Extend the list of supported pre-auth mechanisms in IPA server API 2019-09-10 12:33:21 +03:00
servicedelegation.py Reworked the renaming mechanism 2017-03-27 19:08:26 +02:00
session.py Fix some untranslatable commands in Web UI API Browser 2018-06-21 18:42:05 +02:00
stageuser.py stageuser-find: fix search with non-posix user 2019-06-25 11:02:59 -04:00
sudo.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
sudocmd.py sudocmd: fix unsupported assignment 2017-09-08 15:42:07 +02:00
sudocmdgroup.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
sudorule.py Convert members into types in sudorule-*-option 2018-08-15 12:52:52 +02:00
topology.py domainlevel-get: fix various issues when running as non-admin 2019-03-25 09:48:31 +01:00
trust.py ipa-adtrust-install: run remote configuration for new agents 2020-03-05 14:40:58 +01:00
user.py ipa user_add: do not check group if UPG is disabled 2019-09-27 15:33:15 +02:00
vault.py Consolidate container_masters queries 2019-03-28 00:21:00 +01:00
virtual.py logging: remove object-specific loggers 2017-07-14 15:55:59 +02:00
whoami.py whoami.py: Type error when running tests 2017-07-07 14:44:42 +02:00
xmlserver.py Add endpoint for serving i18n requests 2018-07-17 15:32:28 -04:00