mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-29 10:21:18 -06:00
1d56665fd2
Former upgrade file always created the NIS Server container, that caused the ipa-nis-manage did not set all required NIS maps. Default creation of container has been removed. Updating of NIS Server configuration and NIS maps is done only if the NIS Server container exists. https://fedorahosted.org/freeipa/ticket/5507 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
87 lines
3.1 KiB
Python
87 lines
3.1 KiB
Python
#
|
|
# Copyright (C) 2015 FreeIPA Contributors see COPYING for license
|
|
#
|
|
|
|
from ipalib.plugable import Registry
|
|
from ipalib import errors
|
|
from ipalib import Updater
|
|
from ipaplatform.paths import paths
|
|
from ipapython.dn import DN
|
|
from ipaserver.install import sysupgrade
|
|
from ipaserver.install.ldapupdate import LDAPUpdate
|
|
|
|
register = Registry()
|
|
|
|
|
|
@register()
|
|
class update_nis_configuration(Updater):
|
|
"""Update NIS configuration
|
|
|
|
NIS configuration can be updated only if NIS Server was configured via
|
|
ipa-nis-manage command.
|
|
"""
|
|
|
|
def __recover_from_missing_maps(self, ldap):
|
|
# https://fedorahosted.org/freeipa/ticket/5507
|
|
# if all following DNs are missing, but 'NIS Server' container exists
|
|
# we are experiencig bug and maps should be fixed
|
|
|
|
if sysupgrade.get_upgrade_state('nis',
|
|
'done_recover_from_missing_maps'):
|
|
# this recover must be done only once, a user may deleted some
|
|
# maps, we do not want to restore them again
|
|
return
|
|
|
|
self.log.debug("Recovering from missing NIS maps bug")
|
|
|
|
suffix = "cn=NIS Server,cn=plugins,cn=config"
|
|
domain = self.api.env.domain
|
|
missing_dn_list = [
|
|
DN(nis_map.format(domain=domain, suffix=suffix)) for nis_map in [
|
|
"nis-domain={domain}+nis-map=passwd.byname,{suffix}",
|
|
"nis-domain={domain}+nis-map=passwd.byuid,{suffix}",
|
|
"nis-domain={domain}+nis-map=group.byname,{suffix}",
|
|
"nis-domain={domain}+nis-map=group.bygid,{suffix}",
|
|
"nis-domain={domain}+nis-map=netid.byname,{suffix}",
|
|
"nis-domain={domain}+nis-map=netgroup,{suffix}",
|
|
]
|
|
]
|
|
|
|
for dn in missing_dn_list:
|
|
try:
|
|
ldap.get_entry(dn, attrs_list=['cn'])
|
|
except errors.NotFound:
|
|
pass
|
|
else:
|
|
# bug is not effective, at least one of 'possible missing'
|
|
# maps was detected
|
|
return
|
|
|
|
sysupgrade.set_upgrade_state('nis', 'done_recover_from_missing_maps',
|
|
True)
|
|
|
|
# bug is effective run update to recreate missing maps
|
|
ld = LDAPUpdate(sub_dict={}, ldapi=True)
|
|
ld.update([paths.NIS_ULDIF])
|
|
|
|
def execute(self, **options):
|
|
ldap = self.api.Backend.ldap2
|
|
dn = DN(('cn', 'NIS Server'), ('cn', 'plugins'), ('cn', 'config'))
|
|
try:
|
|
ldap.get_entry(dn, attrs_list=['cn'])
|
|
except errors.NotFound:
|
|
# NIS is not configured on system, do not execute update
|
|
self.log.debug("Skipping NIS update, NIS Server is not configured")
|
|
|
|
# container does not exist, bug #5507 is not effective
|
|
sysupgrade.set_upgrade_state(
|
|
'nis', 'done_recover_from_missing_maps', True)
|
|
else:
|
|
self.__recover_from_missing_maps(ldap)
|
|
|
|
self.log.debug("Executing NIS Server update")
|
|
ld = LDAPUpdate(sub_dict={}, ldapi=True)
|
|
ld.update([paths.NIS_UPDATE_ULDIF])
|
|
|
|
return False, ()
|