diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2011-04-11 15:30:11 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2011-04-11 15:33:03 -0400 |
| commit | d42bf3f530759824586bba0df52f9bd8a6f20df7 (patch) | |
| tree | ba7cdd29f4564b69051d9ed03bdd667128564d8f /install/tools/ipa-nis-manage | |
| parent | 68ff18ed10a957bf022c654c38518915bd68fcc8 (diff) | |
| download | freeipa-d42bf3f530759824586bba0df52f9bd8a6f20df7.tar.gz freeipa-d42bf3f530759824586bba0df52f9bd8a6f20df7.tar.xz freeipa-d42bf3f530759824586bba0df52f9bd8a6f20df7.zip | |
Fix traceback in ipa-nis-manage.
The root user cannot use ldapi because of the autobind configuration.
Fall back to a standard GSSAPI sasl bind if the external bind fails.
With --ldapi a regular user may be trying this as well, catch that
and report a reasonable error message.
This also gives priority to the DM password if it is passed in.
Also require the user be root to run the ipa-nis-manage command.
We enable/disable and start/stop services which need to be done as root.
Add a new option to ipa-ldap-updater to prompt for the DM password.
Remove restriction to be run as root except when doing an upgrade.
Ticket 1157
Diffstat (limited to 'install/tools/ipa-nis-manage')
| -rwxr-xr-x | install/tools/ipa-nis-manage | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/install/tools/ipa-nis-manage b/install/tools/ipa-nis-manage index d611134e6..9cd6b5f03 100755 --- a/install/tools/ipa-nis-manage +++ b/install/tools/ipa-nis-manage @@ -83,6 +83,9 @@ def main(): files = ['/usr/share/ipa/nis.uldif'] servicemsg = "" + if os.getegid() != 0: + sys.exit('Must be root to use this tool.') + options, args = parse_options() if options.debug: loglevel = logging.DEBUG |