diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2010-08-11 15:26:37 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2010-08-19 10:50:07 -0400 |
| commit | e466bed5453302ca41e6ab7e85fddbdd35548d2a (patch) | |
| tree | 9c0065938b44951bcfd6f9e7eddf4ceea332b262 /install | |
| parent | e225ad4341b8f91b0aa3d4be3f93b9082716828e (diff) | |
| download | freeipa-e466bed5453302ca41e6ab7e85fddbdd35548d2a.tar.gz freeipa-e466bed5453302ca41e6ab7e85fddbdd35548d2a.tar.xz freeipa-e466bed5453302ca41e6ab7e85fddbdd35548d2a.zip | |
Enable compat plugin by default and configure netgroups
Move the netgroup compat configuration from the nis configuration to
the existing compat configuration.
Add a 'status' option to the ipa-copmat-manage tool.
ticket 91
Diffstat (limited to 'install')
| -rw-r--r-- | install/share/nis.uldif | 15 | ||||
| -rw-r--r-- | install/share/schema_compat.uldif | 15 | ||||
| -rwxr-xr-x | install/tools/ipa-compat-manage | 13 | ||||
| -rw-r--r-- | install/tools/man/ipa-compat-manage.1 | 6 |
4 files changed, 31 insertions, 18 deletions
diff --git a/install/share/nis.uldif b/install/share/nis.uldif index 5860d23af..d6a3644d5 100644 --- a/install/share/nis.uldif +++ b/install/share/nis.uldif @@ -82,18 +82,3 @@ default:nis-filter: (objectClass=ipanisNetgroup) default:nis-key-format: %{cn} default:nis-value-format: %merge(" ","%{memberNisNetgroup}","(%link(\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\",\"-\",\",\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\",\"-\"),%{nisDomainName:-})") default:nis-secure: no - -dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config -add:objectClass: top -add:objectClass: extensibleObject -add:cn: ng -add:schema-compat-container-group: 'cn=compat, $SUFFIX' -add:schema-compat-container-rdn: cn=ng -add:schema-compat-check-access: yes -add:schema-compat-search-base: 'cn=ng,cn=alt,$SUFFIX' -add:schema-compat-search-filter: !(cn=ng) -add:schema-compat-entry-rdn: cn=%{cn} -add:schema-compat-entry-attribute: objectclass=nisNetgroup -add:schema-compat-entry-attribute: 'memberNisNetgroup=%deref_r("member","cn")' -add:schema-compat-entry-attribute: 'memberNisNetgroup=%referred_r("cn=ng","memberOf","cn")' -add:schema-compat-entry-attribute: 'nisNetgroupTriple=(%link("%collect(\"%{externalHost}\",\"%deref(\\\"memberHost\\\",\\\"fqdn\\\")\",\"%deref_r(\\\"member\\\",\\\"fqdn\\\")\",\"%deref_r(\\\"memberHost\\\",\\\"member\\\",\\\"fqdn\\\")\")","-",",","%collect(\"%deref(\\\"memberUser\\\",\\\"uid\\\")\",\"%deref_r(\\\"member\\\",\\\"uid\\\")\",\"%deref_r(\\\"memberUser\\\",\\\"member\\\",\\\"uid\\\")\")","-"),%{nisDomainName:-})' diff --git a/install/share/schema_compat.uldif b/install/share/schema_compat.uldif index 9bcda2cdd..15ac2a296 100644 --- a/install/share/schema_compat.uldif +++ b/install/share/schema_compat.uldif @@ -49,6 +49,21 @@ default:schema-compat-entry-attribute: memberUid=%{memberUid} default:schema-compat-entry-attribute: memberUid=%deref("member","uid") default:schema-compat-entry-attribute: memberUid=%referred("cn=users","memberOf","uid") +dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config +add:objectClass: top +add:objectClass: extensibleObject +add:cn: ng +add:schema-compat-container-group: 'cn=compat, $SUFFIX' +add:schema-compat-container-rdn: cn=ng +add:schema-compat-check-access: yes +add:schema-compat-search-base: 'cn=ng,cn=alt,$SUFFIX' +add:schema-compat-search-filter: !(cn=ng) +add:schema-compat-entry-rdn: cn=%{cn} +add:schema-compat-entry-attribute: objectclass=nisNetgroup +add:schema-compat-entry-attribute: 'memberNisNetgroup=%deref_r("member","cn")' +add:schema-compat-entry-attribute: 'memberNisNetgroup=%referred_r("cn=ng","memberOf","cn")' +add:schema-compat-entry-attribute: 'nisNetgroupTriple=(%link("%collect(\"%{externalHost}\",\"%deref(\\\"memberHost\\\",\\\"fqdn\\\")\",\"%deref_r(\\\"member\\\",\\\"fqdn\\\")\",\"%deref_r(\\\"memberHost\\\",\\\"member\\\",\\\"fqdn\\\")\")","-",",","%collect(\"%deref(\\\"memberUser\\\",\\\"uid\\\")\",\"%deref_r(\\\"member\\\",\\\"uid\\\")\",\"%deref_r(\\\"memberUser\\\",\\\"member\\\",\\\"uid\\\")\")","-"),%{nisDomainName:-})' + # Enable anonymous VLV browsing for Solaris dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config only:aci: '(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )' diff --git a/install/tools/ipa-compat-manage b/install/tools/ipa-compat-manage index 3128ed718..ded587d5b 100755 --- a/install/tools/ipa-compat-manage +++ b/install/tools/ipa-compat-manage @@ -76,7 +76,7 @@ def main(): if len(args) != 1: print "You must specify one action, either enable or disable" sys.exit(1) - elif args[0] != "enable" and args[0] != "disable": + elif args[0] != "enable" and args[0] != "disable" and args[0] != "status": print "Unrecognized action [" + args[0] + "]" sys.exit(1) @@ -106,6 +106,17 @@ def main(): print lde return 1 + if args[0] == "status": + try: + conn.get_entry('cn=Schema Compatibility,cn=plugins,cn=config', normalize=False) + print "Plugin Enabled" + except errors.NotFound: + print "Plugin Disabled" + except errors.LDAPError, lde: + print "An error occurred while talking to the server." + print lde + return 0 + if args[0] == "enable": try: conn.get_entry('cn=Schema Compatibility,cn=plugins,cn=config', normalize=False) diff --git a/install/tools/man/ipa-compat-manage.1 b/install/tools/man/ipa-compat-manage.1 index 767384a42..5d36b4ecc 100644 --- a/install/tools/man/ipa-compat-manage.1 +++ b/install/tools/man/ipa-compat-manage.1 @@ -20,13 +20,15 @@ .SH "NAME" ipa\-compat\-manage \- Enables or disables the schema compatibility plugin .SH "SYNOPSIS" -ipa\-compat\-manage [options] <enable|disable> +ipa\-compat\-manage [options] <enable|disable|status> .SH "DESCRIPTION" Run the command with the \fBenable\fR option to enable the compat plugin. Run the command with the \fBdisable\fR option to disable the compat plugin. -In both cases the user will be prompted to provide the Directory Manager's password unless option \fB\-y\fR is used. +Run the command with the \fBstatus\fR to determine the current status of the compat plugin. + +In all cases the user will be prompted to provide the Directory Manager's password unless option \fB\-y\fR is used. Directory Server will need to be restarted after the schema compatibility plugin has been enabled. |