mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-30 10:47:08 -06:00
e39fe4ed31
https://fedorahosted.org/freeipa/ticket/3090 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
205 lines
7.0 KiB
Python
Executable File
205 lines
7.0 KiB
Python
Executable File
#!/usr/bin/python2
|
|
# Authors: Rob Crittenden <rcritten@redhat.com>
|
|
# Authors: Simo Sorce <ssorce@redhat.com>
|
|
#
|
|
# Copyright (C) 2009 Red Hat
|
|
# see file 'COPYING' for use and warranty information
|
|
#
|
|
# This program is free software; you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
#
|
|
|
|
import sys
|
|
import os
|
|
from ipaplatform.paths import paths
|
|
try:
|
|
from optparse import OptionParser
|
|
from ipapython import ipautil, config
|
|
from ipaserver.install import installutils
|
|
from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax
|
|
from ipaserver.plugins.ldap2 import ldap2
|
|
from ipalib import api, errors
|
|
from ipapython.ipa_log_manager import *
|
|
from ipapython.dn import DN
|
|
from ipaplatform import services
|
|
except ImportError:
|
|
print >> sys.stderr, """\
|
|
There was a problem importing one of the required Python modules. The
|
|
error was:
|
|
|
|
%s
|
|
""" % sys.exc_value
|
|
sys.exit(1)
|
|
|
|
nis_config_dn = DN(('cn', 'NIS Server'), ('cn', 'plugins'), ('cn', 'config'))
|
|
compat_dn = DN(('cn', 'Schema Compatibility'), ('cn', 'plugins'), ('cn', 'config'))
|
|
|
|
def parse_options():
|
|
usage = "%prog [options] <enable|disable>\n"
|
|
usage += "%prog [options]\n"
|
|
parser = OptionParser(usage=usage, formatter=config.IPAFormatter())
|
|
|
|
parser.add_option("-d", "--debug", action="store_true", dest="debug",
|
|
help="Display debugging information about the update(s)")
|
|
parser.add_option("-y", dest="password",
|
|
help="File containing the Directory Manager password")
|
|
|
|
config.add_standard_options(parser)
|
|
options, args = parser.parse_args()
|
|
|
|
config.init_config(options)
|
|
|
|
return options, args
|
|
|
|
def get_dirman_password():
|
|
"""Prompt the user for the Directory Manager password and verify its
|
|
correctness.
|
|
"""
|
|
password = installutils.read_password("Directory Manager", confirm=False, validate=False, retry=False)
|
|
|
|
return password
|
|
|
|
def get_entry(dn, conn):
|
|
"""
|
|
Return the entry for the given DN. If the entry is not found return
|
|
None.
|
|
"""
|
|
entry = None
|
|
try:
|
|
entry = conn.get_entry(dn)
|
|
except errors.NotFound:
|
|
pass
|
|
return entry
|
|
|
|
def main():
|
|
retval = 0
|
|
files = [paths.NIS_ULDIF]
|
|
servicemsg = ""
|
|
|
|
if os.getegid() != 0:
|
|
sys.exit('Must be root to use this tool.')
|
|
|
|
installutils.check_server_configuration()
|
|
|
|
options, args = parse_options()
|
|
|
|
if len(args) != 1:
|
|
sys.exit("You must specify one action, either enable or disable")
|
|
elif args[0] != "enable" and args[0] != "disable":
|
|
sys.exit("Unrecognized action [" + args[0] + "]")
|
|
|
|
standard_logging_setup(None, debug=options.debug)
|
|
dirman_password = ""
|
|
if options.password:
|
|
try:
|
|
pw = ipautil.template_file(options.password, [])
|
|
except IOError:
|
|
sys.exit("File \"%s\" not found or not readable" % options.password)
|
|
dirman_password = pw.strip()
|
|
else:
|
|
dirman_password = get_dirman_password()
|
|
if dirman_password is None:
|
|
sys.exit("Directory Manager password required")
|
|
|
|
if not dirman_password:
|
|
sys.exit("No password supplied")
|
|
|
|
api.bootstrap(context='cli', debug=options.debug)
|
|
api.finalize()
|
|
|
|
conn = None
|
|
try:
|
|
try:
|
|
conn = ldap2(api)
|
|
conn.connect(
|
|
bind_dn=DN(('cn', 'directory manager')), bind_pw=dirman_password
|
|
)
|
|
except errors.ExecutionError, lde:
|
|
sys.exit("An error occurred while connecting to the server: %s" % str(lde))
|
|
except errors.AuthorizationError:
|
|
sys.exit("Incorrect password")
|
|
|
|
if args[0] == "enable":
|
|
compat = get_entry(compat_dn, conn)
|
|
if compat is None or compat.get('nsslapd-pluginenabled', [''])[0].lower() == 'off':
|
|
sys.exit("The compat plugin needs to be enabled: ipa-compat-manage enable")
|
|
entry = None
|
|
try:
|
|
entry = get_entry(nis_config_dn, conn)
|
|
except errors.ExecutionError, lde:
|
|
print "An error occurred while talking to the server."
|
|
print lde
|
|
retval = 1
|
|
|
|
# Enable either the portmap or rpcbind service
|
|
try:
|
|
portmap = services.knownservices.portmap
|
|
portmap.enable()
|
|
servicemsg = portmap.service_name
|
|
except ipautil.CalledProcessError, cpe:
|
|
if cpe.returncode == 1:
|
|
try:
|
|
rpcbind = services.knownservices.rpcbind
|
|
rpcbind.enable()
|
|
servicemsg = rpcbind.service_name
|
|
except ipautil.CalledProcessError, cpe:
|
|
print "Unable to enable either %s or %s" % (portmap.service_name, rpcbind.service_name)
|
|
retval = 3
|
|
|
|
# The cn=config entry for the plugin may already exist but it
|
|
# could be turned off, handle both cases.
|
|
if entry is None:
|
|
print "Enabling plugin"
|
|
ld = LDAPUpdate(dm_password=dirman_password, sub_dict={}, ldapi=True)
|
|
if ld.update(files) != True:
|
|
retval = 1
|
|
elif entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'off':
|
|
print "Enabling plugin"
|
|
# Already configured, just enable the plugin
|
|
entry['nsslapd-pluginenabled'] = ['on']
|
|
conn.update_entry(entry)
|
|
else:
|
|
print "Plugin already Enabled"
|
|
retval = 2
|
|
|
|
elif args[0] == "disable":
|
|
try:
|
|
entry = conn.get_entry(nis_config_dn, ['nsslapd-pluginenabled'])
|
|
entry['nsslapd-pluginenabled'] = ['off']
|
|
conn.update_entry(entry)
|
|
except (errors.NotFound, errors.EmptyModlist):
|
|
print "Plugin is already disabled"
|
|
retval = 2
|
|
except errors.LDAPError, lde:
|
|
print "An error occurred while talking to the server."
|
|
print lde
|
|
retval = 1
|
|
|
|
else:
|
|
retval = 1
|
|
|
|
if retval == 0:
|
|
print "This setting will not take effect until you restart Directory Server."
|
|
|
|
if args[0] == "enable":
|
|
print "The %s service may need to be started." % servicemsg
|
|
|
|
finally:
|
|
if conn and conn.isconnected():
|
|
conn.disconnect()
|
|
|
|
return retval
|
|
|
|
if __name__ == '__main__':
|
|
installutils.run_script(main, operation_name='ipa-nis-manage')
|