diff options
author | Tomas Babej <tbabej@redhat.com> | 2015-04-29 08:15:50 +0200 |
---|---|---|
committer | Tomas Babej <tbabej@redhat.com> | 2015-07-02 13:23:21 +0200 |
commit | 0cb87fc31ae5babb9331ed81d8d743bcc5bb1c92 (patch) | |
tree | 6c8111818597a306d2463d9dea7c2c686eb4c88a | |
parent | ccbf2678725949c527a99cb8c36a1fc9cc1b884f (diff) | |
download | freeipa-0cb87fc31ae5babb9331ed81d8d743bcc5bb1c92.tar.gz freeipa-0cb87fc31ae5babb9331ed81d8d743bcc5bb1c92.tar.xz freeipa-0cb87fc31ae5babb9331ed81d8d743bcc5bb1c92.zip |
winsync-migrate: Add initial plumbing
https://fedorahosted.org/freeipa/ticket/4524
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
-rwxr-xr-x | install/tools/ipa-winsync-migrate | 23 | ||||
-rw-r--r-- | ipaserver/winsync_migrate/__init__.py | 22 | ||||
-rw-r--r-- | ipaserver/winsync_migrate/base.py | 67 |
3 files changed, 112 insertions, 0 deletions
diff --git a/install/tools/ipa-winsync-migrate b/install/tools/ipa-winsync-migrate new file mode 100755 index 000000000..9eb9a03eb --- /dev/null +++ b/install/tools/ipa-winsync-migrate @@ -0,0 +1,23 @@ +#! /usr/bin/python2 -E +# Authors: Tomas Babej <tbabej@redhat.com> +# +# Copyright (C) 2015 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +from ipaserver.winsync_migrate.base import MigrateWinsync + +MigrateWinsync.run_cli() diff --git a/ipaserver/winsync_migrate/__init__.py b/ipaserver/winsync_migrate/__init__.py new file mode 100644 index 000000000..e0da63db3 --- /dev/null +++ b/ipaserver/winsync_migrate/__init__.py @@ -0,0 +1,22 @@ +# Authors: Tomas Babej <tbabej@redhat.com> +# +# Copyright (C) 2015 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +""" +Base subpackage for winsync-migrate related code. +""" diff --git a/ipaserver/winsync_migrate/base.py b/ipaserver/winsync_migrate/base.py new file mode 100644 index 000000000..c21a861c2 --- /dev/null +++ b/ipaserver/winsync_migrate/base.py @@ -0,0 +1,67 @@ +# Authors: Tomas Babej <tbabej@redhat.com> +# +# Copyright (C) 2015 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +import krbV +import sys + +from ipalib import api +from ipalib import errors +from ipapython import admintool +from ipapython.dn import DN +from ipapython.ipa_log_manager import log_mgr +from ipaserver.plugins.ldap2 import ldap2 + + +class MigrateWinsync(admintool.AdminTool): + """ + Tool to migrate winsync users. + """ + + command_name = 'ipa-migrate-winsync' + usage = "ipa-migrate-winsync" + description = ( + "This tool creates user ID overrides for all the users " + "that were previously synced from AD domain using the " + "winsync replication agreement. It requires that trust " + "with the AD forest has already been established and " + "the users in question are resolvable using SSSD. " + "For more information, see `man ipa-migrate-winsync`." + ) + + def run(self): + super(MigrateWinsync, self).run() + + # Finalize API + api.bootstrap(in_server=True, context='server') + api.finalize() + + # Setup LDAP connection + try: + ctx = krbV.default_context() + ccache = ctx.default_ccache() + except krbV.Krb5Error, e: + sys.exit("Must have Kerberos credentials to migrate Winsync users.") + + try: + api.Backend.ldap2.connect(ccache) + self.ldap = api.Backend.ldap2 + except errors.ACIError, e: + sys.exit("Outdated Kerberos credentials. Use kdestroy and kinit to update your ticket.") + except errors.DatabaseError, e: + sys.exit("Cannot connect to the LDAP database. Please check if IPA is running.") |