diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2010-05-04 15:24:54 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2010-05-05 14:57:58 -0400 |
| commit | 92e350ca0a1fda0dc9fe6e073dd7afe19a62d9ec (patch) | |
| tree | 84bb163a6a1dde36f43900f5805ffb87e518dc3c /ipaserver/install/dsinstance.py | |
| parent | a3d1b1755965c73a758acb1ec4992bf2428fa37b (diff) | |
| download | freeipa-92e350ca0a1fda0dc9fe6e073dd7afe19a62d9ec.tar.gz freeipa-92e350ca0a1fda0dc9fe6e073dd7afe19a62d9ec.tar.xz freeipa-92e350ca0a1fda0dc9fe6e073dd7afe19a62d9ec.zip | |
Create default HBAC rule allowing any user to access any host from any host
This is to make initial installation and testing easier.
Use the --no_hbac_allow option on the command-line to disable this when
doing an install.
To remove it from a running server do: ipa hbac-del allow_all
Diffstat (limited to 'ipaserver/install/dsinstance.py')
| -rw-r--r-- | ipaserver/install/dsinstance.py | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 3987f08ee..d6dbb80bc 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -38,7 +38,7 @@ from ldap.dn import escape_dn_chars from ipaserver import ipaldap from ipaserver.install import ldapupdate from ipaserver.install import httpinstance -from ipalib import util +from ipalib import util, uuid SERVER_ROOT_64 = "/usr/lib64/dirsrv" SERVER_ROOT_32 = "/usr/lib/dirsrv" @@ -157,7 +157,7 @@ class DsInstance(service.Service): else: self.suffix = None - def create_instance(self, ds_user, realm_name, host_name, domain_name, dm_password, pkcs12_info=None, self_signed_ca=False, uidstart=1100, gidstart=1100, subject_base=None): + def create_instance(self, ds_user, realm_name, host_name, domain_name, dm_password, pkcs12_info=None, self_signed_ca=False, uidstart=1100, gidstart=1100, subject_base=None, hbac_allow=True): self.ds_user = ds_user self.realm_name = realm_name.upper() self.serverid = realm_to_serverid(self.realm_name) @@ -194,6 +194,8 @@ class DsInstance(service.Service): self.__add_master_entry_first_master) self.step("initializing group membership", self.init_memberof) + if hbac_allow: + self.step("creating default HBAC rule allow_all", self.add_hbac) self.step("configuring directory to start on boot", self.__enable) @@ -411,6 +413,11 @@ class DsInstance(service.Service): def __enable_ldapi(self): self._ldap_mod("ldapi.ldif", self.sub_dict) + def add_hbac(self): + self.sub_dict['UUID'] = str(uuid.uuid1()) + self._ldap_mod("default-hbac.ldif", self.sub_dict) + del self.sub_dict['UUID'] + def change_admin_password(self, password): logging.debug("Changing admin password") dirname = config_dirname(self.serverid) |