diff options
| author | Martin Kosek <mkosek@redhat.com> | 2011-05-18 17:06:15 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2011-06-08 10:00:27 +0200 |
| commit | e7731244749028b11d89e8ac745a5d16f7d470e2 (patch) | |
| tree | 4bdda0f7ce8703be8f26ec63223969c3b7a25f77 | |
| parent | 241ee334defda108e22855331d5d9a14f261ce16 (diff) | |
| download | freeipa-e7731244749028b11d89e8ac745a5d16f7d470e2.tar.gz freeipa-e7731244749028b11d89e8ac745a5d16f7d470e2.tar.xz freeipa-e7731244749028b11d89e8ac745a5d16f7d470e2.zip | |
Fix support for nss-pam-ldapd
Client installation with --no-sssd option was broken if the client
was based on a nss-pam-ldap instead of nss_ldap. The main issue is
with authconfig rewriting the nslcd.conf after it has been
configured by ipa-client-install.
This has been fixed by changing an order of installation steps.
Additionally, nslcd daemon needed for nss-pam-ldap function is
correctly started.
https://fedorahosted.org/freeipa/ticket/1235
| -rwxr-xr-x | ipa-client/ipa-install/ipa-client-install | 59 |
1 files changed, 45 insertions, 14 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 67196022a..3b6385ef2 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -240,7 +240,7 @@ def uninstall(options, env): ipautil.service_restart('nscd') except: print "Failed to restart start the NSCD daemon" - + try: ipautil.chkconfig_on('nscd') except: @@ -249,6 +249,20 @@ def uninstall(options, env): # this is optional service, just log logging.info("NSCD daemon is not installed, skip configuration") + if ipautil.service_is_installed('nslcd'): + try: + ipautil.service_stop('nslcd') + except: + print "Failed to stop the NSLCD daemon" + + try: + ipautil.chkconfig_off('nslcd') + except: + print "Failed to disable automatic startup of the NSLCD daemon" + else: + # this is optional service, just log + logging.info("NSLCD daemon is not installed, skip configuration") + if not options.unattended: print "The original nsswitch.conf configuration has been restored." print "You may need to restart services or reboot the machine." @@ -365,6 +379,20 @@ def configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, print "Creation of %s: %s" % ('/etc/nslcd.conf', str(e)) return 1 + if ipautil.service_is_installed('nslcd'): + try: + ipautil.service_restart('nslcd') + except Exception, e: + logging.error("nslcd failed to restart: %s" % str(e)) + + try: + ipautil.chkconfig_on('nslcd') + except Exception, e: + print "Failed to configure automatic startup of the NSLCD daemon" + logging.error("Failed to enable automatic startup of the NSLCD daemon: %s" % str(e)) + else: + logging.debug("NSLCD daemon is not installed, skip configuration") + return 0 def hardcode_ldap_server(cli_server): @@ -667,7 +695,7 @@ def main(): ds = ipaclient.ipadiscovery.IPADiscovery() ret = ds.search(domain=options.domain, server=options.server) - + if ret == -10: print >>sys.stderr, "Can't get the fully qualified name of this host" print >>sys.stderr, "Please check that the client is properly configured" @@ -684,7 +712,7 @@ def main(): cli_domain = user_input("Please provide the domain name of your IPA server (ex: example.com)", allow_empty = False) logging.debug("will use domain: %s\n", cli_domain) ret = ds.search(domain=cli_domain, server=options.server) - + if not cli_domain: if ds.getDomainName(): cli_domain = ds.getDomainName() @@ -856,12 +884,6 @@ def main(): if configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options): return 1 print "Configured /etc/sssd/sssd.conf" - else: - if configure_ldap_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options): - return 1 - if configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options): - return 1 - print "Configured LDAP" # Add the CA to the default NSS database and trust it run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", "/etc/ipa/ca.crt"]) @@ -898,7 +920,7 @@ def main(): print >>sys.stderr, "Failed to %s the NSCD daemon" % nscd_service_action if not options.sssd: print >>sys.stderr, "Caching of users/groups will not be available" - + try: nscd_chkconfig_cmd('nscd') except: @@ -922,6 +944,19 @@ def main(): run(cmd) print message + #Modify pam to add pam_krb5 + run(["/usr/sbin/authconfig", "--enablekrb5", "--update", "--nostart"]) + print "Kerberos 5 enabled" + + # Update non-SSSD LDAP configuration after authconfig calls as it would + # change its configuration otherways + if not options.sssd: + if configure_ldap_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options): + return 1 + if configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options): + return 1 + print "LDAP configured" + #Check that nss is working properly if not options.on_master: n = 0 @@ -946,10 +981,6 @@ def main(): except Exception, e: sys.exit("Adding hardcoded server name to /etc/ldap.conf failed: " + str(e)) - #Modify pam to add pam_krb5 - run(["/usr/sbin/authconfig", "--enablekrb5", "--update", "--nostart"]) - print "Kerberos 5 enabled" - if options.conf_ntp and not options.on_master: if options.ntp_server: ntp_server = options.ntp_server |