freeipa/install/oddjob/org.freeipa.server.config-enable-sid.in
Florence Blanc-Renaud ed001c97ee ipa config: add --enable-sid option
Add new options to ipa config-mod, allowing to enable
SID generation on upgraded servers:
ipa config-mod --enable-sid --add-sids --netbios-name NAME

The new option uses Dbus to launch an oddjob command,
org.freeipa.server.config-enable-sid
that runs the installation steps related to SID generation.

--add-sids is optional and triggers the sid generation task that
populates SID for existing users / groups.
--netbios-name is optional and allows to specify the NetBIOS Name.
When not provided, the NetBIOS name is generated based on the leading
component of the DNS domain name.

This command can be run multiple times.

Fixes: https://pagure.io/freeipa/issue/8995
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-11-02 10:11:28 +01:00

77 lines
2.3 KiB
Python

#!/usr/bin/python3
#
# Copyright (C) 2021 FreeIPA Contributors see COPYING for license
#
import logging
from ipalib import api
from ipalib.install import sysrestore
from ipaplatform.paths import paths
from ipapython import ipaldap
from ipapython.admintool import AdminTool
from ipaserver.install import adtrust, adtrustinstance
logger = logging.getLogger(__name__)
class IPAConfigEnableSid(AdminTool):
command_name = "ipa-enable-sid"
log_file_name = paths.IPASERVER_ENABLESID_LOG
usage = "%prog"
description = "Enable SID generation"
@classmethod
def add_options(cls, parser):
super(IPAConfigEnableSid, cls).add_options(parser)
parser.add_option(
"--add-sids",
dest="add_sids", default=False, action="store_true",
help="Add SIDs for existing users and groups as the final step"
)
parser.add_option(
"--netbios-name",
dest="netbios_name", default=None,
help="NetBIOS name of the IPA domain"
)
parser.add_option(
"--reset-netbios-name",
dest="reset_netbios_name", default=False, action="store_true",
help="Force reset of the existing NetBIOS name"
)
def validate_options(self):
super(IPAConfigEnableSid, self).validate_options(needs_root=True)
def run(self):
api.bootstrap(in_server=True, confdir=paths.ETC_IPA)
api.finalize()
try:
api.Backend.ldap2.connect()
fstore = sysrestore.FileStore(paths.SYSRESTORE)
smb = adtrustinstance.ADTRUSTInstance(fstore, False)
smb.realm = api.env.realm
smb.autobind = ipaldap.AUTOBIND_ENABLED
smb.setup(api.env.host, api.env.realm,
self.options.netbios_name,
self.options.reset_netbios_name,
adtrust.DEFAULT_PRIMARY_RID_BASE,
adtrust.DEFAULT_SECONDARY_RID_BASE,
self.options.add_sids,
enable_compat=False)
smb.find_local_id_range()
smb.create_instance()
finally:
if api.Backend.ldap2.isconnected():
api.Backend.ldap2.disconnect()
return 0
IPAConfigEnableSid.run_cli()