diff options
author | Rob Crittenden <rcritten@redhat.com> | 2010-08-04 10:09:35 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2010-08-27 09:50:50 -0400 |
commit | ea76d8c59af338f6a79ec87d7a931d2c8643e747 (patch) | |
tree | d68eb2f7dc9af906f8340e5eefabd88488ef1127 | |
parent | 49584d6efc6a10fa0b76ce81b2638d424f2208a8 (diff) | |
download | freeipa-ea76d8c59af338f6a79ec87d7a931d2c8643e747.tar.gz freeipa-ea76d8c59af338f6a79ec87d7a931d2c8643e747.tar.xz freeipa-ea76d8c59af338f6a79ec87d7a931d2c8643e747.zip |
Configure nslcd and a host of possible systems that use LDAP.
We will update any/all of /etc/ldap.conf, /etc/nss_ldap.conf,
/etc/libnss-ldap.conf and /etc/pam_ldap.conf.
nslcd is the replacement for nss_ldap.
ticket 50
-rwxr-xr-x | ipa-client/ipa-install/ipa-client-install | 62 |
1 files changed, 53 insertions, 9 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 5952c941b..e0abfd67a 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -31,7 +31,7 @@ try: import ipaclient.ipadiscovery import ipaclient.ipachangeconf import ipaclient.ntpconf - from ipapython.ipautil import run, user_input, CalledProcessError + from ipapython.ipautil import run, user_input, CalledProcessError, file_exists from ipapython import sysrestore from ipapython import version import SSSDConfig @@ -303,12 +303,51 @@ def configure_ldap_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, d opts.append({'name':'nss_srv_domain', 'type':'option', 'value':cli_domain}) opts.append({'name':'empty', 'type':'empty'}) - try: - fstore.backup_file("/etc/ldap.conf") - ldapconf.newConf("/etc/ldap.conf", opts) - except Exception, e: - print "Creation of /etc/ldap.conf: " + str(e) - return 1 + + # Depending on the release and distribution this may exist in any + # number of different file names, update what we find + for filename in ['/etc/ldap.conf', '/etc/nss_ldap.conf', '/etc/libnss-ldap.conf', '/etc/pam_ldap.conf']: + if file_exists(filename): + try: + fstore.backup_file(filename) + ldapconf.newConf(filename, opts) + except Exception, e: + print "Creation of %s: %s" % (filename, str(e)) + return 1 + + return 0 + +def configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options): + nslcdconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer") + nslcdconf.setOptionAssignment(" ") + + opts = [{'name':'comment', 'type':'comment', 'value':'File modified by ipa-client-install'}, + {'name':'empty', 'type':'empty'}, + {'name':'ldap_version', 'type':'option', 'value':'3'}, + {'name':'base', 'type':'option', 'value':cli_basedn}, + {'name':'empty', 'type':'empty'}, + {'name':'base passwd', 'type':'option', 'value':'cn=users,cn=accounts,'+cli_basedn}, + {'name':'base group', 'type':'option', 'value':'cn=groups,cn=accounts,'+cli_basedn}, + {'name':'map group', 'type':'option', 'value':'uniqueMember member'}, + {'name':'timelimit', 'type':'option', 'value':'15'}, + {'name':'empty', 'type':'empty'}] + if not dnsok or options.force or options.on_master: + if options.on_master: + opts.append({'name':'uri', 'type':'option', 'value':'ldap://localhost'}) + else: + opts.append({'name':'uri', 'type':'option', 'value':'ldap://'+cli_server}) + else: + opts.append({'name':'uri', 'type':'option', 'value':'DNS'}) + + opts.append({'name':'empty', 'type':'empty'}) + + if file_exists('/etc/nslcd.conf'): + try: + fstore.backup_file('/etc/nslcd.conf') + nslcdconf.newConf('/etc/nslcd.conf', opts) + except Exception, e: + print "Creation of %s: %s" % ('/etc/nslcd.conf', str(e)) + return 1 return 0 @@ -317,6 +356,9 @@ def hardcode_ldap_server(cli_server): DNS Discovery didn't return a valid IPA server, hardcode a value into the file instead. """ + if not file_exists('/etc/ldap.conf'): + return + ldapconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer") ldapconf.setOptionAssignment(" ") @@ -537,7 +579,7 @@ def main(): if not options.unattended: if options.principal is None and options.password is None and options.prompt_password is False: - options.principal = user_input("Principal", allow_empty=False) + options.principal = user_input("Enrollment principal", allow_empty=False) # Get the CA certificate try: @@ -628,7 +670,9 @@ def main(): else: if configure_ldap_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options): return 1 - print "Configured /etc/ldap.conf" + if configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options): + return 1 + print "Configured LDAP" # Add the CA to the default NSS database and trust it run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", "/etc/ipa/ca.crt"]) |