summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimo Sorce <ssorce@redhat.com>2008-11-26 18:24:36 -0500
committerSimo Sorce <ssorce@redhat.com>2008-12-01 17:18:57 -0500
commitb87a025ce895c554a1bf944772af04fe5da7f805 (patch)
tree9d567011200e51426e06a6d1dfbeabc850174f35
parentcc9169b0f81802cdc51ba0e41ae8bf7239c86e67 (diff)
downloadfreeipa-b87a025ce895c554a1bf944772af04fe5da7f805.zip
freeipa-b87a025ce895c554a1bf944772af04fe5da7f805.tar.gz
freeipa-b87a025ce895c554a1bf944772af04fe5da7f805.tar.xz
Add tool to enable or disable the schema compatibility plugin
-rwxr-xr-xipa-server/ipa-compat-manage157
-rw-r--r--ipa-server/ipa-install/share/schema_compat.uldif (renamed from ipa-server/ipa-install/updates/schema_compatibility.update)0
2 files changed, 157 insertions, 0 deletions
diff --git a/ipa-server/ipa-compat-manage b/ipa-server/ipa-compat-manage
new file mode 100755
index 0000000..048d6fd
--- /dev/null
+++ b/ipa-server/ipa-compat-manage
@@ -0,0 +1,157 @@
+#!/usr/bin/env python
+# Authors: Rob Crittenden <rcritten@redhat.com>
+# Authors: Simo Sorce <ssorce@redhat.com>
+#
+# Copyright (C) 2008 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import sys
+try:
+ from optparse import OptionParser
+ from ipaserver import ipaldap
+ from ipa import entity, ipaerror, ipautil, config
+ from ipaserver import installutils
+ from ipaserver.ldapupdate import LDAPUpdate, BadSyntax, UPDATES_DIR
+ import ldap
+ import logging
+ import re
+ import krbV
+ import platform
+ import shlex
+ import time
+ import random
+except ImportError:
+ print >> sys.stderr, """\
+There was a problem importing one of the required Python modules. The
+error was:
+
+ %s
+""" % sys.exc_value
+ sys.exit(1)
+
+def parse_options():
+ usage = "%prog [options] <enable|disable>\n"
+ usage += "%prog [options]\n"
+ parser = OptionParser(usage=usage, formatter=config.IPAFormatter())
+
+ parser.add_option("-d", "--debug", action="store_true", dest="debug",
+ help="Display debugging information about the update(s)")
+ parser.add_option("-y", dest="password",
+ help="File containing the Directory Manager password")
+
+ config.add_standard_options(parser)
+ options, args = parser.parse_args()
+
+ config.init_config(options)
+
+ return options, args
+
+def get_dirman_password():
+ """Prompt the user for the Directory Manager password and verify its
+ correctness.
+ """
+ password = installutils.read_password("Directory Manager", confirm=False, validate=False)
+
+ return password
+
+def main():
+ retval = 0
+ loglevel = logging.NOTSET
+ files=['/usr/share/ipa/schema_compat.uldif']
+
+ options, args = parse_options()
+ if options.debug:
+ loglevel = logging.DEBUG
+
+ if len(args) != 1:
+ print "You must specify one action, either enable or disable"
+ sys.exit(1)
+ elif args[0] != "enable" and args[0] != "disable":
+ print "Unrecognized action [" + args[0] + "]"
+ sys.exit(1)
+
+ logging.basicConfig(level=loglevel,
+ format='%(levelname)s %(message)s')
+
+ dirman_password = ""
+ if options.password:
+ pw = read_file(options.password)
+ dirman_password = pw[0].strip()
+ else:
+ dirman_password = get_dirman_password()
+
+ if args[0] == "enable":
+ try:
+ conn = ipaldap.IPAdmin(installutils.get_fqdn())
+ conn.do_simple_bind(bindpw=dirman_password)
+ conn.getEntry("cn=Schema Compatibility,cn=plugins,cn=config",
+ ldap.SCOPE_BASE, "(objectclass=*)")
+ print "Plugin already Enabled"
+ retval = 2
+ except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
+ print "Enabling plugin"
+ finally:
+ if conn:
+ conn.unbind()
+
+ if retval == 0:
+ ld = LDAPUpdate(dm_password=dirman_password, sub_dict={})
+ retval = ld.update(files)
+ if retval == 0:
+ print "This setting will not take effect until you restart Directory Server."
+
+ elif args[0] == "disable":
+ # Make a quick hack foir now, directly delete the entries by name,
+ # In future we should add delete capabilites to LDAPUpdate
+ try:
+ conn = ipaldap.IPAdmin(installutils.get_fqdn())
+ conn.do_simple_bind(bindpw=dirman_password)
+ conn.getEntry("cn=Schema Compatibility,cn=plugins,cn=config",
+ ldap.SCOPE_BASE, "(objectclass=*)")
+ conn.deleteEntry("cn=groups,cn=Schema Compatibility,cn=plugins,cn=config")
+ conn.deleteEntry("cn=users,cn=Schema Compatibility,cn=plugins,cn=config")
+ conn.deleteEntry("cn=Schema Compatibility,cn=plugins,cn=config")
+ except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
+ print "Plugin is already disabled"
+ retval = 2
+ finally:
+ if conn:
+ conn.unbind()
+
+ else:
+ retval = 1
+
+ return retval
+
+try:
+ if __name__ == "__main__":
+ sys.exit(main())
+except BadSyntax, e:
+ print "There is a syntax error in this update file:"
+ print " %s" % e
+ sys.exit(1)
+except RuntimeError, e:
+ print "%s" % e
+ sys.exit(1)
+except SystemExit, e:
+ sys.exit(e)
+except KeyboardInterrupt, e:
+ sys.exit(1)
+except config.IPAConfigError, e:
+ print "An IPA server to update cannot be found. Has one been configured yet?"
+ print "The error was: %s" % e
+ sys.exit(1)
diff --git a/ipa-server/ipa-install/updates/schema_compatibility.update b/ipa-server/ipa-install/share/schema_compat.uldif
index 71732c9..71732c9 100644
--- a/ipa-server/ipa-install/updates/schema_compatibility.update
+++ b/ipa-server/ipa-install/share/schema_compat.uldif