ipa-client assumes a single namingcontext

When LDAP server contains more that one suffixes, the ipa client installation does not detect it as IPA server and fails to install. Fix ipa server discovery so that it correctly searches all naming contexts for the IPA one. https://fedorahosted.org/freeipa/ticket/1868
author: Martin Kosek <mkosek@redhat.com> 2011-09-30 16:52:30 +0200
committer: Martin Kosek <mkosek@redhat.com> 2011-09-30 16:53:59 +0200
commit: 00cffce6c2ba0121188326535d6c9cd244a4ae5b (patch)
tree: c23b640c15773e3c30ecfdf86a88a835c9e6d9b0 /ipa-client
parent: 8f2e3333952edcce8d27a4d8fc23386908819030 (diff)
download: freeipa-00cffce6c2ba0121188326535d6c9cd244a4ae5b.tar.gz
freeipa-00cffce6c2ba0121188326535d6c9cd244a4ae5b.tar.xz
freeipa-00cffce6c2ba0121188326535d6c9cd244a4ae5b.zip
1 files changed, 14 insertions, 18 deletions
diff --git a/ipa-client/ipaclient/ipadiscovery.py b/ipa-client/ipaclient/ipadiscovery.py
index c5567822e..f6c13fb67 100644
--- a/ipa-client/ipaclient/ipadiscovery.py
+++ b/ipa-client/ipaclient/ipadiscovery.py
@@ -24,7 +24,8 @@ import ipapython.dnsclient
 import tempfile
 import ldap
 from ldap import LDAPError
-from ipapython.ipautil import run, CalledProcessError, valid_ip
+from ipapython.ipautil import run, CalledProcessError, valid_ip, get_ipa_basedn, \
+                              realm_to_suffix
 
 
 NOT_FQDN = -1
@@ -176,9 +177,15 @@ class IPADiscovery:
             self.server = ldapret[1]
             self.realm = ldapret[2]
 
-        if ldapret[0] == NO_ACCESS_TO_LDAP and self.realm == None:
+        if ldapret[0] == NO_ACCESS_TO_LDAP and self.realm is None:
             # Assume realm is the same as domain.upper()
             self.realm = self.domain.upper()
+            logging.debug("Assuming realm is the same as domain: %s" % self.realm)
+
+        if ldapret[0] == NO_ACCESS_TO_LDAP and self.basedn is None:
+            # Generate suffix from realm
+            self.basedn = realm_to_suffix(self.realm)
+            logging.debug("Generate basedn from realm: %s" % self.basedn)
 
         return ldapret[0]
 
@@ -229,25 +236,14 @@ class IPADiscovery:
             lh.start_tls_s()
             lh.simple_bind_s("","")
 
-            logging.debug("Search rootdse")
-            lret = lh.search_s("", ldap.SCOPE_BASE, "(objectClass=*)")
-            for lattr in lret[0][1]:
-                if lattr.lower() == "namingcontexts":
-                    self.basedn = lret[0][1][lattr][0]
+            # get IPA base DN
+            logging.debug("Search LDAP server for IPA base DN")
+            basedn = get_ipa_basedn(lh)
 
-            logging.debug("Search for (info=*) in "+self.basedn+"(base)")
-            lret = lh.search_s(self.basedn, ldap.SCOPE_BASE, "(info=IPA*)")
-            if not lret:
+            if basedn is None:
                 return [NOT_IPA_SERVER]
-            logging.debug("Found: "+str(lret))
 
-            for lattr in lret[0][1]:
-                if lattr.lower() == "info":
-                    linfo = lret[0][1][lattr][0].lower()
-                    break
-
-            if not linfo or linfo.lower() != 'ipa v2.0':
-                return [NOT_IPA_SERVER]
+            self.basedn = basedn
 
             #search and return known realms
             logging.debug("Search for (objectClass=krbRealmContainer) in "+self.basedn+"(sub)")
author	Martin Kosek <mkosek@redhat.com>	2011-09-30 16:52:30 +0200
committer	Martin Kosek <mkosek@redhat.com>	2011-09-30 16:53:59 +0200
commit	00cffce6c2ba0121188326535d6c9cd244a4ae5b (patch)
tree	c23b640c15773e3c30ecfdf86a88a835c9e6d9b0 /ipa-client
parent	8f2e3333952edcce8d27a4d8fc23386908819030 (diff)
download	freeipa-00cffce6c2ba0121188326535d6c9cd244a4ae5b.tar.gz freeipa-00cffce6c2ba0121188326535d6c9cd244a4ae5b.tar.xz freeipa-00cffce6c2ba0121188326535d6c9cd244a4ae5b.zip