diff options
author | Rob Crittenden <rcritten@redhat.com> | 2011-04-11 15:30:11 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2011-04-11 15:33:03 -0400 |
commit | d42bf3f530759824586bba0df52f9bd8a6f20df7 (patch) | |
tree | ba7cdd29f4564b69051d9ed03bdd667128564d8f /install | |
parent | 68ff18ed10a957bf022c654c38518915bd68fcc8 (diff) | |
download | freeipa-d42bf3f530759824586bba0df52f9bd8a6f20df7.tar.gz freeipa-d42bf3f530759824586bba0df52f9bd8a6f20df7.tar.xz freeipa-d42bf3f530759824586bba0df52f9bd8a6f20df7.zip |
Fix traceback in ipa-nis-manage.
The root user cannot use ldapi because of the autobind configuration.
Fall back to a standard GSSAPI sasl bind if the external bind fails.
With --ldapi a regular user may be trying this as well, catch that
and report a reasonable error message.
This also gives priority to the DM password if it is passed in.
Also require the user be root to run the ipa-nis-manage command.
We enable/disable and start/stop services which need to be done as root.
Add a new option to ipa-ldap-updater to prompt for the DM password.
Remove restriction to be run as root except when doing an upgrade.
Ticket 1157
Diffstat (limited to 'install')
-rwxr-xr-x | install/tools/ipa-ldap-updater | 7 | ||||
-rwxr-xr-x | install/tools/ipa-nis-manage | 3 | ||||
-rw-r--r-- | install/tools/man/ipa-ldap-updater.1 | 3 |
3 files changed, 10 insertions, 3 deletions
diff --git a/install/tools/ipa-ldap-updater b/install/tools/ipa-ldap-updater index b325e35e9..ddf222e08 100755 --- a/install/tools/ipa-ldap-updater +++ b/install/tools/ipa-ldap-updater @@ -58,6 +58,9 @@ def parse_options(): default=False, help="Connect to the LDAP server using the ldapi socket") parser.add_option("-u", '--upgrade', action="store_true", dest="upgrade", default=False, help="Upgrade an installed server in offline mode") + parser.add_option("-W", '--password', action="store_true", + dest="ask_password", + help="Prompt for the Directory Manager password") options, args = parser.parse_args() safe_options = parser.get_safe_opts(options) @@ -92,7 +95,7 @@ def main(): pw = ipautil.template_file(options.password, []) dirman_password = pw.strip() else: - if not options.ldapi and not options.upgrade: + if (options.ask_password or not options.ldapi) and not options.upgrade: dirman_password = get_dirman_password() files = [] @@ -112,8 +115,6 @@ def main(): modified = upgrade.modified badsyntax = upgrade.badsyntax else: - if os.getegid() == 0 and options.ldapi: - sys.exit('ldapi cannot be used by root') # Clear all existing log handlers, this is need to log as root loggers = logging.getLogger() if loggers.handlers: diff --git a/install/tools/ipa-nis-manage b/install/tools/ipa-nis-manage index d611134e6..9cd6b5f03 100755 --- a/install/tools/ipa-nis-manage +++ b/install/tools/ipa-nis-manage @@ -83,6 +83,9 @@ def main(): files = ['/usr/share/ipa/nis.uldif'] servicemsg = "" + if os.getegid() != 0: + sys.exit('Must be root to use this tool.') + options, args = parse_options() if options.debug: loglevel = logging.DEBUG diff --git a/install/tools/man/ipa-ldap-updater.1 b/install/tools/man/ipa-ldap-updater.1 index 9924d2f8e..761ca14c4 100644 --- a/install/tools/man/ipa-ldap-updater.1 +++ b/install/tools/man/ipa-ldap-updater.1 @@ -79,6 +79,9 @@ Connect to the LDAP server using the ldapi socket .TP \fB\-u\fR, \fB\-\-\-upgrade\fR Upgrade an installed server in offline mode (implies \-\-ldapi) +.TP +\fB\-W\fR, \fB\-\-\-password\fR +Prompt for the Directory Manager password .SH "EXIT STATUS" 0 if the command was successful |