summaryrefslogtreecommitdiffstats
path: root/ipaserver/install/dsinstance.py
diff options
context:
space:
mode:
authorJr Aquino <jr.aquino@citrix.com>2011-02-23 11:37:07 -0800
committerRob Crittenden <rcritten@redhat.com>2011-02-23 15:32:24 -0500
commit1770750b8adad6d9f2d98c0c9debc54d61f341cf (patch)
tree1643d76b32080976114f495b486928c84afae63b /ipaserver/install/dsinstance.py
parent523eaa9749a37f8a5b6f62136567629193adade7 (diff)
downloadfreeipa-1770750b8adad6d9f2d98c0c9debc54d61f341cf.zip
freeipa-1770750b8adad6d9f2d98c0c9debc54d61f341cf.tar.gz
freeipa-1770750b8adad6d9f2d98c0c9debc54d61f341cf.tar.xz
Create default disabled sudo bind user
Read access is denied to the sudo container for unauthenticated users. This shared user can be used to provide authenticated access to the sudo information. https://fedorahosted.org/freeipa/ticket/998
Diffstat (limited to 'ipaserver/install/dsinstance.py')
-rw-r--r--ipaserver/install/dsinstance.py8
1 files changed, 8 insertions, 0 deletions
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 2544e16..bf631a6 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -249,6 +249,7 @@ class DsInstance(service.Service):
self.step("adding replication acis", self.__add_replication_acis)
self.step("configuring user private groups", self.__user_private_groups)
self.step("configuring netgroups from hostgroups", self.__host_nis_groups)
+ self.step("creating default SUDO bind user", self.__add_sudo_binduser)
if hbac_allow:
self.step("creating default HBAC rule allow_all", self.add_hbac)
@@ -311,6 +312,7 @@ class DsInstance(service.Service):
server_root = find_server_root()
self.sub_dict = dict(FQHN=self.fqdn, SERVERID=self.serverid,
PASSWORD=self.dm_password,
+ RANDOM_PASSWORD=self.generate_random(),
SUFFIX=self.suffix.lower(),
REALM=self.realm_name, USER=DS_USER,
SERVER_ROOT=server_root, DOMAIN=self.domain,
@@ -475,6 +477,9 @@ class DsInstance(service.Service):
def __add_enrollment_module(self):
self._ldap_mod("enrollment-conf.ldif", self.sub_dict)
+ def generate_random(self):
+ return ipautil.ipa_generate_password()
+
def __enable_ssl(self):
dirname = config_dirname(self.serverid)
dsdb = certs.CertDB(self.realm_name, nssdir=dirname, subject_base=self.subject_base)
@@ -735,6 +740,9 @@ class DsInstance(service.Service):
def __root_autobind(self):
self._ldap_mod("root-autobind.ldif")
+ def __add_sudo_binduser(self):
+ self._ldap_mod("sudobind.ldif", self.sub_dict)
+
def replica_populate(self):
self.ldap_connect()