diff options
| author | Martin Nagy <mnagy@redhat.com> | 2010-04-15 11:08:48 +0200 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2010-04-23 17:19:36 -0400 |
| commit | 6e9cc2640bbc1df9142bb1165dbdb514c3a835c6 (patch) | |
| tree | e0394e81bd019ca5185ca02f8be55497536a3f0d | |
| parent | 1a9d49730d3eaa157df8c508a210e0b57ca4266e (diff) | |
| download | freeipa-6e9cc2640bbc1df9142bb1165dbdb514c3a835c6.tar.gz freeipa-6e9cc2640bbc1df9142bb1165dbdb514c3a835c6.tar.xz freeipa-6e9cc2640bbc1df9142bb1165dbdb514c3a835c6.zip | |
Connect to the ldap during the uninstallation
We need to ask the user for a password and connect to the ldap so the
bind uninstallation procedure can remove old records. This is of course
only helpful if one has more than one IPA server configured.
| -rwxr-xr-x | install/tools/ipa-server-install | 36 |
1 files changed, 28 insertions, 8 deletions
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 7b88f61e5..c1035e98c 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -133,9 +133,8 @@ def parse_options(): if options.uninstall: if (options.ds_user or options.realm_name or - options.dm_password or options.admin_password or - options.master_password): - parser.error("In uninstall mode, -u, r, -p and -P options are not allowed") + options.admin_password or options.master_password): + parser.error("In uninstall mode, -u, r and -P options are not allowed") elif options.unattended: if (not options.ds_user or not options.realm_name or not options.dm_password or not options.admin_password): @@ -375,7 +374,10 @@ def check_dirsrv(unattended): print "\t636" sys.exit(1) -def uninstall(ca = False): +def uninstall(ca=False, dm_password=None): + if dm_password: + api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=dm_password) + try: run(["/usr/sbin/ipa-client-install", "--on-master", "--unattended", "--uninstall"]) except Exception, e: @@ -464,16 +466,34 @@ def main(): ) if options.uninstall: + dm_password = options.dm_password + + # We will need at least api.env, finalize api now. This system is + # already installed, so the configuration file is there. + api.bootstrap(**cfg) + api.finalize() + if not options.unattended: print "\nThis is a NON REVERSIBLE operation and will delete all data and configuration!\n" if not user_input("Are you sure you want to continue with the uninstall procedure?", False): print "" print "Aborting uninstall operation." sys.exit(1) - - api.bootstrap(**cfg) - api.finalize() - return uninstall(not certs.ipa_self_signed()) + if not dm_password: + if user_input("Do you want to remove old SRV and NS records?", False): + dm_password = read_password("Directory Manager", confirm=False, validate=False) + # Try out the password + try: + conn = ipaldap.IPAdmin(api.env.host) + conn.do_simple_bind(bindpw=dm_password) + conn.unbind() + except (ldap.CONNECT_ERROR, ldap.SERVER_DOWN), e: + sys.exit("\nUnable to connect to LDAP server %s" % api.env.host) + except ldap.INVALID_CREDENTIALS, e : + sys.exit("\nThe password provided is incorrect for LDAP server %s" % api.env.host) + + + return uninstall(not certs.ipa_self_signed(), dm_password) # This will override any settings passed in on the cmdline options._update_loose(read_cache()) |