diff options
author | Rob Crittenden <rcritten@redhat.com> | 2008-02-15 20:47:29 -0500 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2008-02-15 20:47:29 -0500 |
commit | 80a4e94e5b102847786e5f5be0f0853df21bb4d9 (patch) | |
tree | ffe13961db94a4442960d0d425dc4e7e1140a9d1 /ipa-server/ipa-install | |
parent | c47248c5d82cdd7a07d6c19586c2610ae6ae50be (diff) | |
download | freeipa-80a4e94e5b102847786e5f5be0f0853df21bb4d9.tar.gz freeipa-80a4e94e5b102847786e5f5be0f0853df21bb4d9.tar.xz freeipa-80a4e94e5b102847786e5f5be0f0853df21bb4d9.zip |
Verify current domain with user during installation
Use that domain when creating replicas
Resolves 432066
Diffstat (limited to 'ipa-server/ipa-install')
-rw-r--r-- | ipa-server/ipa-install/ipa-replica-install | 7 | ||||
-rw-r--r-- | ipa-server/ipa-install/ipa-replica-prepare | 47 | ||||
-rw-r--r-- | ipa-server/ipa-install/ipa-server-install | 27 |
3 files changed, 66 insertions, 15 deletions
diff --git a/ipa-server/ipa-install/ipa-replica-install b/ipa-server/ipa-install/ipa-replica-install index a723f4d84..1b88f4c53 100644 --- a/ipa-server/ipa-install/ipa-replica-install +++ b/ipa-server/ipa-install/ipa-replica-install @@ -70,6 +70,7 @@ def read_info(dir, rconfig): rconfig.realm_name = config.get("realm", "realm_name") rconfig.master_host_name = config.get("realm", "master_host_name") rconfig.ds_user = config.get("realm", "ds_user") + rconfig.domain_name = config.get("realm", "domain_name") def get_host_name(): hostname = installutils.get_fqdn() @@ -98,13 +99,13 @@ def install_ds(config): config.dir + "/pwdfile.txt") ds = dsinstance.DsInstance() - ds.create_instance(config.ds_user, config.realm_name, config.host_name, config.dirman_password, pkcs12_info) + ds.create_instance(config.ds_user, config.realm_name, config.host_name, config.domain_name, config.dirman_password, pkcs12_info) def install_krb(config): krb = krbinstance.KrbInstance() ldappwd_filename = config.dir + "/ldappwd" krb.create_replica(config.ds_user, config.realm_name, config.host_name, - config.dirman_password, ldappwd_filename) + config.domain_name, config.dirman_password, ldappwd_filename) def install_http(config): # if we have a pkcs12 file, create the cert db from @@ -116,7 +117,7 @@ def install_http(config): config.dir + "/pwdfile.txt") http = httpinstance.HTTPInstance() - http.create_instance(config.realm_name, config.host_name, False, pkcs12_info) + http.create_instance(config.realm_name, config.host_name, config.domain_name, False, pkcs12_info) # Now copy the autoconfiguration files try: diff --git a/ipa-server/ipa-install/ipa-replica-prepare b/ipa-server/ipa-install/ipa-replica-prepare index 14e57dde3..8761f6535 100644 --- a/ipa-server/ipa-install/ipa-replica-prepare +++ b/ipa-server/ipa-install/ipa-replica-prepare @@ -28,7 +28,8 @@ from optparse import OptionParser import ipa.config from ipa import ipautil -from ipaserver import dsinstance, installutils, certs +from ipaserver import dsinstance, installutils, certs, ipaldap +import ldap def usage(): print "ipa-replica-prepate FQDN (e.g. replica.example.com)" @@ -56,8 +57,27 @@ def get_host_name(): return hostname def get_realm_name(): - c = krbV.default_context() - return c.default_realm + try: + c = krbV.default_context() + return c.default_realm + except Exception, e: + return None + +def get_domain_name(): + try: + conn = ipaldap.IPAdmin("127.0.0.1") + conn.simple_bind_s("", "") + + context = conn.getEntry("", ldap.SCOPE_BASE, '(objectclass=*)', [ 'namingContexts' ]) + conn.unbind() + except Exception, e: + return None + + domain_name = context.getValue('namingContexts') + domain_name = domain_name.replace('dc=','') + domain_name = domain_name.replace(',','.') + + return domain_name def check_ipa_configuration(realm_name): config_dir = dsinstance.config_dirname(dsinstance.realm_to_serverid(realm_name)) @@ -96,6 +116,9 @@ def export_certdb(realm_name, ds_dir, dir, fname, subject): os.unlink(dir + "/cert8.db") os.unlink(dir + "/key3.db") os.unlink(dir + "/secmod.db") + os.unlink(dir + "/noise.txt") + if ipautil.file_exists(passwd_fname + ".orig"): + os.unlink(passwd_fname + ".orig") def get_ds_user(ds_dir): uid = os.stat(ds_dir).st_uid @@ -103,12 +126,13 @@ def get_ds_user(ds_dir): return user -def save_config(dir, realm_name, host_name, ds_user): +def save_config(dir, realm_name, host_name, ds_user, domain_name): config = SafeConfigParser() config.add_section("realm") config.set("realm", "realm_name", realm_name) config.set("realm", "master_host_name", host_name) config.set("realm", "ds_user", ds_user) + config.set("realm", "domain_name", domain_name) fd = open(dir + "/realm_info", "w") config.write(fd) @@ -128,9 +152,20 @@ def main(): replica_fqdn = args[1] + print "Determining current realm name" realm_name = get_realm_name() + if realm_name is None: + print "Unable to determine default realm" + sys.exit(1) + check_ipa_configuration(realm_name) + print "Getting domain name from LDAP" + domain_name = get_domain_name() + if domain_name is None: + print "Unable to determine LDAP default domain" + sys.exit(1) + host_name = get_host_name() ds_dir = dsinstance.config_dirname(dsinstance.realm_to_serverid(realm_name)) ds_user = get_ds_user(ds_dir) @@ -148,7 +183,7 @@ def main(): print "Copying additional files" copy_files(realm_name, dir) print "Finalizing configuration" - save_config(dir, realm_name, host_name, ds_user) + save_config(dir, realm_name, host_name, ds_user, domain_name) print "Packaging the replica into %s" % "replica-info-" + replica_fqdn ipautil.run(["/bin/tar", "cfz", "replica-info-" + replica_fqdn, "-C", top_dir, "realm_info"]) @@ -159,7 +194,7 @@ try: if not os.geteuid()==0: sys.exit("\nYou must be root to run this script.\n") if not ipautil.file_exists("/usr/share/ipa/serial"): - sys.exist("The replica must be created on the primary IPA server.") + sys.exit("The replica must be created on the primary IPA server.") main() except SystemExit, e: diff --git a/ipa-server/ipa-install/ipa-server-install b/ipa-server/ipa-install/ipa-server-install index 3bc4b176b..aac4123c6 100644 --- a/ipa-server/ipa-install/ipa-server-install +++ b/ipa-server/ipa-install/ipa-server-install @@ -57,6 +57,8 @@ def parse_options(): help="ds user") parser.add_option("-r", "--realm", dest="realm_name", help="realm name") + parser.add_option("-n", "--domain", dest="domain_name", + help="domain name") parser.add_option("-p", "--ds-password", dest="dm_password", help="admin password") parser.add_option("-P", "--master-password", dest="master_password", @@ -206,6 +208,15 @@ def read_ds_user(): return ds_user +def read_domain_name(domain_name): + print "The domain name has been calculated based on the host name." + print "" + dn = raw_input("Please confirm the domain name ["+domain_name+"]: ") + print "" + if dn != "": + domain_name = dn + return domain_name + def read_realm_name(domain_name): print "The kerberos protocol requires a Realm name to be defined." print "This is typically the domain name converted to uppercase." @@ -357,8 +368,12 @@ def main(): host_name = host_default else: host_name = read_host_name(host_default) - - domain_name = host_name[host_name.find(".")+1:] + + if not options.domain_name: + domain_name = host_name[host_name.find(".")+1:] + domain_name = read_domain_name(domain_name) + else: + realm_name = options.realm_name # Check we have a public IP that is associated with the hostname ip = resolve_host(host_name) @@ -432,21 +447,21 @@ def main(): # Create a directory server instance ds = ipaserver.dsinstance.DsInstance() - ds.create_instance(ds_user, realm_name, host_name, dm_password) + ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password) # Create a kerberos instance krb = ipaserver.krbinstance.KrbInstance() - krb.create_instance(ds_user, realm_name, host_name, dm_password, master_password) + krb.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, master_password) # Create a HTTP instance http = ipaserver.httpinstance.HTTPInstance() - http.create_instance(realm_name, host_name) + http.create_instance(realm_name, host_name, domain_name) # Create a Web Gui instance webgui = ipaserver.httpinstance.WebGuiInstance() webgui.create_instance() - bind.setup(host_name, ip_address, realm_name) + bind.setup(host_name, ip_address, realm_name, domain_name) if options.setup_bind: skipbind = False if not options.unattended: |