diff options
| author | Petr Vobornik <pvoborni@redhat.com> | 2014-10-13 14:59:24 +0200 |
|---|---|---|
| committer | Tomas Babej <tbabej@redhat.com> | 2014-11-11 10:56:16 +0100 |
| commit | 61d98bdc5988b3b13d6cf21139bfef32ea1b0fc9 (patch) | |
| tree | 35a3661abd5ec636956655d8fc17cad662a87756 /ipaserver | |
| parent | feea9047be19acda394b65688dcc41dd064421b8 (diff) | |
| download | freeipa-61d98bdc5988b3b13d6cf21139bfef32ea1b0fc9.tar.gz freeipa-61d98bdc5988b3b13d6cf21139bfef32ea1b0fc9.tar.xz freeipa-61d98bdc5988b3b13d6cf21139bfef32ea1b0fc9.zip | |
ldapupdater: set baserid to 0 for ipa-ad-trust-posix ranges
New updater plugin which sets baserid to 0 for ranges with type ipa-ad-trust-posix
https://fedorahosted.org/freeipa/ticket/4221
Reviewed-By: Tomas Babej <tbabej@redhat.com>
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/install/plugins/update_idranges.py | 69 |
1 files changed, 68 insertions, 1 deletions
diff --git a/ipaserver/install/plugins/update_idranges.py b/ipaserver/install/plugins/update_idranges.py index 9e97c9f74..1aa5fa763 100644 --- a/ipaserver/install/plugins/update_idranges.py +++ b/ipaserver/install/plugins/update_idranges.py @@ -17,7 +17,7 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -from ipaserver.install.plugins import MIDDLE +from ipaserver.install.plugins import MIDDLE, LAST from ipaserver.install.plugins.baseupdate import PostUpdate from ipalib import api, errors from ipapython.dn import DN @@ -111,4 +111,71 @@ class update_idrange_type(PostUpdate): return (False, False, []) + +class update_idrange_baserid(PostUpdate): + """ + Update ipa-ad-trust-posix ranges' base RID to 0. This applies to AD trust + posix ranges prior to IPA 4.1. + """ + + order = LAST + + def execute(self, **options): + ldap = self.obj.backend + + base_dn = DN(api.env.container_ranges, api.env.basedn) + search_filter = ("(&(objectClass=ipaTrustedADDomainRange)" + "(ipaRangeType=ipa-ad-trust-posix)" + "(!(ipaBaseRID=0)))") + root_logger.debug( + "update_idrange_baserid: search for ipa-ad-trust-posix ID ranges " + "with ipaBaseRID != 0" + ) + + try: + (entries, truncated) = ldap.find_entries( + search_filter, ['ipabaserid'], base_dn, + paged_search=True, time_limit=0, size_limit=0) + + except errors.NotFound: + root_logger.debug("update_idrange_baserid: no AD domain " + "range with posix attributes found") + return (False, False, []) + + except errors.ExecutionError, e: + root_logger.error("update_idrange_baserid: cannot retrieve " + "list of affected ranges: %s", e) + return (False, False, []) + + root_logger.debug("update_idrange_baserid: found %d " + "idranges possible to update", + len(entries)) + + error = False + + # Set the range type + for entry in entries: + entry['ipabaserid'] = 0 + try: + root_logger.info("Updating existing idrange: %s" % (entry.dn)) + ldap.update_entry(entry) + root_logger.info("Done") + except (errors.EmptyModlist, errors.NotFound): + pass + except errors.ExecutionError, e: + root_logger.debug("update_idrange_type: cannot " + "update idrange: %s", e) + error = True + + if error: + root_logger.error("update_idrange_baserid: error(s) " + "detected during idrange baserid update") + else: + # All affected entries updated, exit the loop + root_logger.debug("update_idrange_baserid: all affected " + "idranges updated") + + return (False, False, []) + api.register(update_idrange_type) +api.register(update_idrange_baserid) |