diff options
author | Simo Sorce <ssorce@redhat.com> | 2011-01-05 07:46:30 -0500 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2011-01-07 04:54:17 -0500 |
commit | 21bf175e0c10b087deb10b8e328a6a6bd549c0f9 (patch) | |
tree | 83c43dc5630268fce968fbecd15c754b60d98372 /ipaserver/install/bindinstance.py | |
parent | 56f000e9a9330598c5768aee0697c4423500a4fe (diff) | |
download | freeipa-21bf175e0c10b087deb10b8e328a6a6bd549c0f9.tar.gz freeipa-21bf175e0c10b087deb10b8e328a6a6bd549c0f9.tar.xz freeipa-21bf175e0c10b087deb10b8e328a6a6bd549c0f9.zip |
Allow ipa-dns-install to install with just admin credentials
Do this by creating a common way to attach to the ldap server for each
instance.
Fixes: https://fedorahosted.org/freeipa/ticket/686
Diffstat (limited to 'ipaserver/install/bindinstance.py')
-rw-r--r-- | ipaserver/install/bindinstance.py | 17 |
1 files changed, 4 insertions, 13 deletions
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index 4b52137bf..73deda096 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -217,7 +217,6 @@ class BindInstance(service.Service): service.Service.__init__(self, "named", dm_password=dm_password) self.dns_backup = DnsBackup(self) self.named_user = None - self.fqdn = None self.domain = None self.host = None self.ip_address = None @@ -270,6 +269,9 @@ class BindInstance(service.Service): except: pass + # get a connection to the DS + self.ldap_connect() + if not dns_container_exists(self.fqdn, self.suffix): self.step("adding DNS container", self.__setup_dns_container) if not dns_zone_exists(self.domain): @@ -384,30 +386,19 @@ class BindInstance(service.Service): # it can host the memberof attribute, then also add it to the # dnsserver role group, this way the DNS is allowed to perform # DNS Updates - conn = None - - try: - conn = ipaldap.IPAdmin("127.0.0.1") - conn.simple_bind_s("cn=directory manager", self.dm_password) - except Exception, e: - logging.critical("Could not connect to the Directory Server on %s" % self.fqdn) - raise e - dns_group = "cn=dnsserver,cn=privileges,cn=pbac,%s" % self.suffix if isinstance(dns_principal, unicode): dns_principal = dns_principal.encode('utf-8') mod = [(ldap.MOD_ADD, 'member', dns_principal)] try: - conn.modify_s(dns_group, mod) + self.admin_conn.modify_s(dns_group, mod) except ldap.TYPE_OR_VALUE_EXISTS: pass except Exception, e: logging.critical("Could not modify principal's %s entry" % dns_principal) raise e - conn.unbind() - def __setup_named_conf(self): self.fstore.backup_file('/etc/named.conf') named_txt = ipautil.template_file(ipautil.SHARE_DIR + "bind.named.conf.template", self.sub_dict) |