freeipa/install/tools/ipa-nis-manage
2015-07-01 13:05:30 +00:00

205 lines
7.0 KiB
Python
Executable File

#!/usr/bin/python2
# Authors: Rob Crittenden <rcritten@redhat.com>
# Authors: Simo Sorce <ssorce@redhat.com>
#
# Copyright (C) 2009 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
import sys
import os
from ipaplatform.paths import paths
try:
from optparse import OptionParser
from ipapython import ipautil, config
from ipaserver.install import installutils
from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax
from ipaserver.plugins.ldap2 import ldap2
from ipalib import api, errors
from ipapython.ipa_log_manager import *
from ipapython.dn import DN
from ipaplatform import services
except ImportError:
print >> sys.stderr, """\
There was a problem importing one of the required Python modules. The
error was:
%s
""" % sys.exc_value
sys.exit(1)
nis_config_dn = DN(('cn', 'NIS Server'), ('cn', 'plugins'), ('cn', 'config'))
compat_dn = DN(('cn', 'Schema Compatibility'), ('cn', 'plugins'), ('cn', 'config'))
def parse_options():
usage = "%prog [options] <enable|disable>\n"
usage += "%prog [options]\n"
parser = OptionParser(usage=usage, formatter=config.IPAFormatter())
parser.add_option("-d", "--debug", action="store_true", dest="debug",
help="Display debugging information about the update(s)")
parser.add_option("-y", dest="password",
help="File containing the Directory Manager password")
config.add_standard_options(parser)
options, args = parser.parse_args()
config.init_config(options)
return options, args
def get_dirman_password():
"""Prompt the user for the Directory Manager password and verify its
correctness.
"""
password = installutils.read_password("Directory Manager", confirm=False, validate=False, retry=False)
return password
def get_entry(dn, conn):
"""
Return the entry for the given DN. If the entry is not found return
None.
"""
entry = None
try:
entry = conn.get_entry(dn)
except errors.NotFound:
pass
return entry
def main():
retval = 0
files = [paths.NIS_ULDIF]
servicemsg = ""
if os.getegid() != 0:
sys.exit('Must be root to use this tool.')
installutils.check_server_configuration()
options, args = parse_options()
if len(args) != 1:
sys.exit("You must specify one action, either enable or disable")
elif args[0] != "enable" and args[0] != "disable":
sys.exit("Unrecognized action [" + args[0] + "]")
standard_logging_setup(None, debug=options.debug)
dirman_password = ""
if options.password:
try:
pw = ipautil.template_file(options.password, [])
except IOError:
sys.exit("File \"%s\" not found or not readable" % options.password)
dirman_password = pw.strip()
else:
dirman_password = get_dirman_password()
if dirman_password is None:
sys.exit("Directory Manager password required")
if not dirman_password:
sys.exit("No password supplied")
api.bootstrap(context='cli', debug=options.debug)
api.finalize()
conn = None
try:
try:
conn = ldap2(api)
conn.connect(
bind_dn=DN(('cn', 'directory manager')), bind_pw=dirman_password
)
except errors.ExecutionError, lde:
sys.exit("An error occurred while connecting to the server: %s" % str(lde))
except errors.AuthorizationError:
sys.exit("Incorrect password")
if args[0] == "enable":
compat = get_entry(compat_dn, conn)
if compat is None or compat.get('nsslapd-pluginenabled', [''])[0].lower() == 'off':
sys.exit("The compat plugin needs to be enabled: ipa-compat-manage enable")
entry = None
try:
entry = get_entry(nis_config_dn, conn)
except errors.ExecutionError, lde:
print "An error occurred while talking to the server."
print lde
retval = 1
# Enable either the portmap or rpcbind service
try:
portmap = services.knownservices.portmap
portmap.enable()
servicemsg = portmap.service_name
except ipautil.CalledProcessError, cpe:
if cpe.returncode == 1:
try:
rpcbind = services.knownservices.rpcbind
rpcbind.enable()
servicemsg = rpcbind.service_name
except ipautil.CalledProcessError, cpe:
print "Unable to enable either %s or %s" % (portmap.service_name, rpcbind.service_name)
retval = 3
# The cn=config entry for the plugin may already exist but it
# could be turned off, handle both cases.
if entry is None:
print "Enabling plugin"
ld = LDAPUpdate(dm_password=dirman_password, sub_dict={}, ldapi=True)
if ld.update(files) != True:
retval = 1
elif entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'off':
print "Enabling plugin"
# Already configured, just enable the plugin
entry['nsslapd-pluginenabled'] = ['on']
conn.update_entry(entry)
else:
print "Plugin already Enabled"
retval = 2
elif args[0] == "disable":
try:
entry = conn.get_entry(nis_config_dn, ['nsslapd-pluginenabled'])
entry['nsslapd-pluginenabled'] = ['off']
conn.update_entry(entry)
except (errors.NotFound, errors.EmptyModlist):
print "Plugin is already disabled"
retval = 2
except errors.LDAPError, lde:
print "An error occurred while talking to the server."
print lde
retval = 1
else:
retval = 1
if retval == 0:
print "This setting will not take effect until you restart Directory Server."
if args[0] == "enable":
print "The %s service may need to be started." % servicemsg
finally:
if conn and conn.isconnected():
conn.disconnect()
return retval
if __name__ == '__main__':
installutils.run_script(main, operation_name='ipa-nis-manage')