Add external domain extop DS plugin

This extop can be used by clients of the IPA domain, e.g. sssd, to
retrieve data from trusted external domains. It can be used e.g. to map
Windows SIDs to user or groups names and back.

1 files changed, 13 insertions, 1 deletions

diff --git a/ipaserver/install/adtrustinstance.py b/ipaserver/install/adtrustinstance.py
index 4d417c8d1..602a36201 100644
--- a/ipaserver/install/adtrustinstance.py
+++ b/ipaserver/install/adtrustinstance.py
@@ -223,6 +223,12 @@ class ADTRUSTInstance(service.Service):
         except:
             pass
 
+    def __add_extdom_module(self):
+        try:
+            self._ldap_mod("ipa-extdom-extop-conf.ldif", self.sub_dict)
+        except:
+            pass
+
     def __write_smb_registry(self):
         template = os.path.join(ipautil.SHARE_DIR, "smb.conf.template")
         conf = ipautil.template_file(template, self.sub_dict)
@@ -380,7 +386,12 @@ class ADTRUSTInstance(service.Service):
                              self.suffix)
         except (ldap.ALREADY_EXISTS, errors.DuplicateEntry), e:
             root_logger.info("ADTRUST Service startup entry already exists.")
-            pass
+
+        try:
+            self.ldap_enable('EXTID', self.fqdn, self.dm_password, \
+                             self.suffix)
+        except (ldap.ALREADY_EXISTS, errors.DuplicateEntry), e:
+            root_logger.info("EXTID Service startup entry already exists.")
 
     def __setup_sub_dict(self):
         self.sub_dict = dict(REALM = self.realm_name,
@@ -430,6 +441,7 @@ class ADTRUSTInstance(service.Service):
         self.step("adding cifs Kerberos principal", self.__setup_principal)
         self.step("adding admin(group) SIDs", self.__add_admin_sids)
         self.step("activating CLDAP plugin", self.__add_cldap_module)
+        self.step("activating extdom plugin", self.__add_extdom_module)
         self.step("configuring smbd to start on boot", self.__enable)
         if not self.no_msdcs:
             self.step("adding special DNS service records", \