Allow ipa-dns-install to install with just admin credentials

Do this by creating a common way to attach to the ldap server for each instance. Fixes: https://fedorahosted.org/freeipa/ticket/686
author: Simo Sorce <ssorce@redhat.com> 2011-01-05 07:46:30 -0500
committer: Simo Sorce <ssorce@redhat.com> 2011-01-07 04:54:17 -0500
commit: 21bf175e0c10b087deb10b8e328a6a6bd549c0f9 (patch)
tree: 83c43dc5630268fce968fbecd15c754b60d98372 /ipaserver/install/bindinstance.py
parent: 56f000e9a9330598c5768aee0697c4423500a4fe (diff)
download: freeipa-21bf175e0c10b087deb10b8e328a6a6bd549c0f9.tar.gz
freeipa-21bf175e0c10b087deb10b8e328a6a6bd549c0f9.tar.xz
freeipa-21bf175e0c10b087deb10b8e328a6a6bd549c0f9.zip
1 files changed, 4 insertions, 13 deletions
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 4b52137bf..73deda096 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -217,7 +217,6 @@ class BindInstance(service.Service):
         service.Service.__init__(self, "named", dm_password=dm_password)
         self.dns_backup = DnsBackup(self)
         self.named_user = None
-        self.fqdn = None
         self.domain = None
         self.host = None
         self.ip_address = None
@@ -270,6 +269,9 @@ class BindInstance(service.Service):
         except:
             pass
 
+        # get a connection to the DS
+        self.ldap_connect()
+
         if not dns_container_exists(self.fqdn, self.suffix):
             self.step("adding DNS container", self.__setup_dns_container)
         if not dns_zone_exists(self.domain):
@@ -384,30 +386,19 @@ class BindInstance(service.Service):
         # it can host the memberof attribute, then also add it to the
         # dnsserver role group, this way the DNS is allowed to perform
         # DNS Updates
-        conn = None
-
-        try:
-            conn = ipaldap.IPAdmin("127.0.0.1")
-            conn.simple_bind_s("cn=directory manager", self.dm_password)
-        except Exception, e:
-            logging.critical("Could not connect to the Directory Server on %s" % self.fqdn)
-            raise e
-
         dns_group = "cn=dnsserver,cn=privileges,cn=pbac,%s" % self.suffix
         if isinstance(dns_principal, unicode):
             dns_principal = dns_principal.encode('utf-8')
         mod = [(ldap.MOD_ADD, 'member', dns_principal)]
 
         try:
-            conn.modify_s(dns_group, mod)
+            self.admin_conn.modify_s(dns_group, mod)
         except ldap.TYPE_OR_VALUE_EXISTS:
             pass
         except Exception, e:
             logging.critical("Could not modify principal's %s entry" % dns_principal)
             raise e
 
-        conn.unbind()
-
     def __setup_named_conf(self):
         self.fstore.backup_file('/etc/named.conf')
         named_txt = ipautil.template_file(ipautil.SHARE_DIR + "bind.named.conf.template", self.sub_dict)
author	Simo Sorce <ssorce@redhat.com>	2011-01-05 07:46:30 -0500
committer	Simo Sorce <ssorce@redhat.com>	2011-01-07 04:54:17 -0500
commit	21bf175e0c10b087deb10b8e328a6a6bd549c0f9 (patch)
tree	83c43dc5630268fce968fbecd15c754b60d98372 /ipaserver/install/bindinstance.py
parent	56f000e9a9330598c5768aee0697c4423500a4fe (diff)
download	freeipa-21bf175e0c10b087deb10b8e328a6a6bd549c0f9.tar.gz freeipa-21bf175e0c10b087deb10b8e328a6a6bd549c0f9.tar.xz freeipa-21bf175e0c10b087deb10b8e328a6a6bd549c0f9.zip