Verify current domain with user during installation

Use that domain when creating replicas

Resolves 432066

3 files changed, 66 insertions, 15 deletions

diff --git a/ipa-server/ipa-install/ipa-replica-install b/ipa-server/ipa-install/ipa-replica-install
index a723f4d84..1b88f4c53 100644
--- a/ipa-server/ipa-install/ipa-replica-install
+++ b/ipa-server/ipa-install/ipa-replica-install
@@ -70,6 +70,7 @@ def read_info(dir, rconfig):
     rconfig.realm_name = config.get("realm", "realm_name")
     rconfig.master_host_name = config.get("realm", "master_host_name")
     rconfig.ds_user = config.get("realm", "ds_user")
+    rconfig.domain_name = config.get("realm", "domain_name")
 
 def get_host_name():
     hostname = installutils.get_fqdn()
@@ -98,13 +99,13 @@ def install_ds(config):
                        config.dir + "/pwdfile.txt")
 
     ds = dsinstance.DsInstance()
-    ds.create_instance(config.ds_user, config.realm_name, config.host_name, config.dirman_password, pkcs12_info)
+    ds.create_instance(config.ds_user, config.realm_name, config.host_name, config.domain_name, config.dirman_password, pkcs12_info)
 
 def install_krb(config):
     krb = krbinstance.KrbInstance()
     ldappwd_filename = config.dir + "/ldappwd"
     krb.create_replica(config.ds_user, config.realm_name, config.host_name,
-                       config.dirman_password, ldappwd_filename)
+                       config.domain_name, config.dirman_password, ldappwd_filename)
 
 def install_http(config):
     # if we have a pkcs12 file, create the cert db from
@@ -116,7 +117,7 @@ def install_http(config):
                        config.dir + "/pwdfile.txt")
 
     http = httpinstance.HTTPInstance()
-    http.create_instance(config.realm_name, config.host_name, False, pkcs12_info)
+    http.create_instance(config.realm_name, config.host_name, config.domain_name, False, pkcs12_info)
 
     # Now copy the autoconfiguration files
     try:
diff --git a/ipa-server/ipa-install/ipa-replica-prepare b/ipa-server/ipa-install/ipa-replica-prepare
index 14e57dde3..8761f6535 100644
--- a/ipa-server/ipa-install/ipa-replica-prepare
+++ b/ipa-server/ipa-install/ipa-replica-prepare
@@ -28,7 +28,8 @@ from optparse import OptionParser
 
 import ipa.config
 from ipa import ipautil
-from ipaserver import dsinstance, installutils, certs
+from ipaserver import dsinstance, installutils, certs, ipaldap
+import ldap
 
 def usage():
     print "ipa-replica-prepate FQDN (e.g. replica.example.com)"
@@ -56,8 +57,27 @@ def get_host_name():
     return hostname
 
 def get_realm_name():
-    c = krbV.default_context()
-    return c.default_realm
+    try:
+        c = krbV.default_context()
+        return c.default_realm
+    except Exception, e:
+        return None
+
+def get_domain_name():
+    try:
+        conn = ipaldap.IPAdmin("127.0.0.1")
+        conn.simple_bind_s("", "")
+
+        context = conn.getEntry("", ldap.SCOPE_BASE, '(objectclass=*)', [ 'namingContexts' ])
+        conn.unbind()
+    except Exception, e:
+        return None
+
+    domain_name = context.getValue('namingContexts')
+    domain_name = domain_name.replace('dc=','')
+    domain_name = domain_name.replace(',','.')
+
+    return domain_name
 
 def check_ipa_configuration(realm_name):
     config_dir = dsinstance.config_dirname(dsinstance.realm_to_serverid(realm_name))
@@ -96,6 +116,9 @@ def export_certdb(realm_name, ds_dir, dir, fname, subject):
     os.unlink(dir + "/cert8.db")
     os.unlink(dir + "/key3.db")
     os.unlink(dir + "/secmod.db")
+    os.unlink(dir + "/noise.txt")
+    if ipautil.file_exists(passwd_fname + ".orig"):
+        os.unlink(passwd_fname + ".orig")
 
 def get_ds_user(ds_dir):
     uid = os.stat(ds_dir).st_uid
@@ -103,12 +126,13 @@ def get_ds_user(ds_dir):
 
     return user
 
-def save_config(dir, realm_name, host_name, ds_user):
+def save_config(dir, realm_name, host_name, ds_user, domain_name):
     config = SafeConfigParser()
     config.add_section("realm")
     config.set("realm", "realm_name", realm_name)
     config.set("realm", "master_host_name", host_name)
     config.set("realm", "ds_user", ds_user)
+    config.set("realm", "domain_name", domain_name)
     fd = open(dir + "/realm_info", "w")
     config.write(fd)
 
@@ -128,9 +152,20 @@ def main():
 
     replica_fqdn = args[1]
 
+    print "Determining current realm name"
     realm_name = get_realm_name()
+    if realm_name is None:
+        print "Unable to determine default realm"
+        sys.exit(1)
+
     check_ipa_configuration(realm_name)
 
+    print "Getting domain name from LDAP"
+    domain_name = get_domain_name()
+    if domain_name is None:
+        print "Unable to determine LDAP default domain"
+        sys.exit(1)
+
     host_name = get_host_name()
     ds_dir = dsinstance.config_dirname(dsinstance.realm_to_serverid(realm_name))
     ds_user = get_ds_user(ds_dir)
@@ -148,7 +183,7 @@ def main():
     print "Copying additional files"
     copy_files(realm_name, dir)
     print "Finalizing configuration"
-    save_config(dir, realm_name, host_name, ds_user)
+    save_config(dir, realm_name, host_name, ds_user, domain_name)
 
     print "Packaging the replica into %s" % "replica-info-" + replica_fqdn
     ipautil.run(["/bin/tar", "cfz", "replica-info-" + replica_fqdn, "-C", top_dir, "realm_info"])
@@ -159,7 +194,7 @@ try:
     if not os.geteuid()==0:
         sys.exit("\nYou must be root to run this script.\n")
     if not ipautil.file_exists("/usr/share/ipa/serial"):
-        sys.exist("The replica must be created on the primary IPA server.")
+        sys.exit("The replica must be created on the primary IPA server.")
 
     main()
 except SystemExit, e:
diff --git a/ipa-server/ipa-install/ipa-server-install b/ipa-server/ipa-install/ipa-server-install
index 3bc4b176b..aac4123c6 100644
--- a/ipa-server/ipa-install/ipa-server-install
+++ b/ipa-server/ipa-install/ipa-server-install
@@ -57,6 +57,8 @@ def parse_options():
                       help="ds user")
     parser.add_option("-r", "--realm", dest="realm_name",
                       help="realm name")
+    parser.add_option("-n", "--domain", dest="domain_name",
+                      help="domain name")
     parser.add_option("-p", "--ds-password", dest="dm_password",
                       help="admin password")
     parser.add_option("-P", "--master-password", dest="master_password",
@@ -206,6 +208,15 @@ def read_ds_user():
 
     return ds_user
 
+def read_domain_name(domain_name):
+    print "The domain name has been calculated based on the host name."
+    print ""
+    dn = raw_input("Please confirm the domain name ["+domain_name+"]: ")
+    print ""
+    if dn != "":
+        domain_name = dn
+    return domain_name
+
 def read_realm_name(domain_name):
     print "The kerberos protocol requires a Realm name to be defined."
     print "This is typically the domain name converted to uppercase."
@@ -357,8 +368,12 @@ def main():
         host_name = host_default
     else:
         host_name = read_host_name(host_default)
-    
-    domain_name = host_name[host_name.find(".")+1:]
+
+    if not options.domain_name:
+        domain_name = host_name[host_name.find(".")+1:]
+        domain_name = read_domain_name(domain_name)
+    else:
+        realm_name = options.realm_name
 
     # Check we have a public IP that is associated with the hostname
     ip = resolve_host(host_name)
@@ -432,21 +447,21 @@ def main():
 
     # Create a directory server instance
     ds = ipaserver.dsinstance.DsInstance()
-    ds.create_instance(ds_user, realm_name, host_name, dm_password)
+    ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password)
 
     # Create a kerberos instance
     krb = ipaserver.krbinstance.KrbInstance()
-    krb.create_instance(ds_user, realm_name, host_name, dm_password, master_password)
+    krb.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, master_password)
 
     # Create a HTTP instance
     http = ipaserver.httpinstance.HTTPInstance()
-    http.create_instance(realm_name, host_name)
+    http.create_instance(realm_name, host_name, domain_name)
 
     # Create a Web Gui instance
     webgui = ipaserver.httpinstance.WebGuiInstance()
     webgui.create_instance()
 
-    bind.setup(host_name, ip_address, realm_name)
+    bind.setup(host_name, ip_address, realm_name, domain_name)
     if options.setup_bind:
         skipbind = False
         if not options.unattended: