summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2010-08-04 10:09:35 -0400
committerRob Crittenden <rcritten@redhat.com>2010-08-27 09:50:50 -0400
commitea76d8c59af338f6a79ec87d7a931d2c8643e747 (patch)
treed68eb2f7dc9af906f8340e5eefabd88488ef1127
parent49584d6efc6a10fa0b76ce81b2638d424f2208a8 (diff)
downloadfreeipa-ea76d8c59af338f6a79ec87d7a931d2c8643e747.tar.gz
freeipa-ea76d8c59af338f6a79ec87d7a931d2c8643e747.tar.xz
freeipa-ea76d8c59af338f6a79ec87d7a931d2c8643e747.zip
Configure nslcd and a host of possible systems that use LDAP.
We will update any/all of /etc/ldap.conf, /etc/nss_ldap.conf, /etc/libnss-ldap.conf and /etc/pam_ldap.conf. nslcd is the replacement for nss_ldap. ticket 50
-rwxr-xr-xipa-client/ipa-install/ipa-client-install62
1 files changed, 53 insertions, 9 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 5952c941b..e0abfd67a 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -31,7 +31,7 @@ try:
import ipaclient.ipadiscovery
import ipaclient.ipachangeconf
import ipaclient.ntpconf
- from ipapython.ipautil import run, user_input, CalledProcessError
+ from ipapython.ipautil import run, user_input, CalledProcessError, file_exists
from ipapython import sysrestore
from ipapython import version
import SSSDConfig
@@ -303,12 +303,51 @@ def configure_ldap_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, d
opts.append({'name':'nss_srv_domain', 'type':'option', 'value':cli_domain})
opts.append({'name':'empty', 'type':'empty'})
- try:
- fstore.backup_file("/etc/ldap.conf")
- ldapconf.newConf("/etc/ldap.conf", opts)
- except Exception, e:
- print "Creation of /etc/ldap.conf: " + str(e)
- return 1
+
+ # Depending on the release and distribution this may exist in any
+ # number of different file names, update what we find
+ for filename in ['/etc/ldap.conf', '/etc/nss_ldap.conf', '/etc/libnss-ldap.conf', '/etc/pam_ldap.conf']:
+ if file_exists(filename):
+ try:
+ fstore.backup_file(filename)
+ ldapconf.newConf(filename, opts)
+ except Exception, e:
+ print "Creation of %s: %s" % (filename, str(e))
+ return 1
+
+ return 0
+
+def configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options):
+ nslcdconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer")
+ nslcdconf.setOptionAssignment(" ")
+
+ opts = [{'name':'comment', 'type':'comment', 'value':'File modified by ipa-client-install'},
+ {'name':'empty', 'type':'empty'},
+ {'name':'ldap_version', 'type':'option', 'value':'3'},
+ {'name':'base', 'type':'option', 'value':cli_basedn},
+ {'name':'empty', 'type':'empty'},
+ {'name':'base passwd', 'type':'option', 'value':'cn=users,cn=accounts,'+cli_basedn},
+ {'name':'base group', 'type':'option', 'value':'cn=groups,cn=accounts,'+cli_basedn},
+ {'name':'map group', 'type':'option', 'value':'uniqueMember member'},
+ {'name':'timelimit', 'type':'option', 'value':'15'},
+ {'name':'empty', 'type':'empty'}]
+ if not dnsok or options.force or options.on_master:
+ if options.on_master:
+ opts.append({'name':'uri', 'type':'option', 'value':'ldap://localhost'})
+ else:
+ opts.append({'name':'uri', 'type':'option', 'value':'ldap://'+cli_server})
+ else:
+ opts.append({'name':'uri', 'type':'option', 'value':'DNS'})
+
+ opts.append({'name':'empty', 'type':'empty'})
+
+ if file_exists('/etc/nslcd.conf'):
+ try:
+ fstore.backup_file('/etc/nslcd.conf')
+ nslcdconf.newConf('/etc/nslcd.conf', opts)
+ except Exception, e:
+ print "Creation of %s: %s" % ('/etc/nslcd.conf', str(e))
+ return 1
return 0
@@ -317,6 +356,9 @@ def hardcode_ldap_server(cli_server):
DNS Discovery didn't return a valid IPA server, hardcode a value into
the file instead.
"""
+ if not file_exists('/etc/ldap.conf'):
+ return
+
ldapconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer")
ldapconf.setOptionAssignment(" ")
@@ -537,7 +579,7 @@ def main():
if not options.unattended:
if options.principal is None and options.password is None and options.prompt_password is False:
- options.principal = user_input("Principal", allow_empty=False)
+ options.principal = user_input("Enrollment principal", allow_empty=False)
# Get the CA certificate
try:
@@ -628,7 +670,9 @@ def main():
else:
if configure_ldap_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options):
return 1
- print "Configured /etc/ldap.conf"
+ if configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options):
+ return 1
+ print "Configured LDAP"
# Add the CA to the default NSS database and trust it
run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", "/etc/ipa/ca.crt"])