diff options
author | Martin Kosek <mkosek@redhat.com> | 2014-08-01 16:34:33 +0200 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-08-07 11:12:04 +0200 |
commit | 7caed6ecfb17050796c11fa9718aa8fb1464655d (patch) | |
tree | c2ab219fdfa15e9d6845ad32f6c9598a1f4cd054 /ipaserver | |
parent | 34de95545d0a09de2f1acc6987edc27feb762c1b (diff) | |
download | freeipa-7caed6ecfb17050796c11fa9718aa8fb1464655d.tar.gz freeipa-7caed6ecfb17050796c11fa9718aa8fb1464655d.tar.xz freeipa-7caed6ecfb17050796c11fa9718aa8fb1464655d.zip |
ipa-adtrust-install does not re-add member in adtrust agents group
When a CIFS service exists and adtrust agents group does not
have it as a member attribute (for whatever reason), re-running
ipa-adtrust-install does not fix the inconsistency.
Make the installer more robust by being able to fix the inconsistency.
https://fedorahosted.org/freeipa/ticket/4464
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/adtrustinstance.py | 39 |
1 files changed, 21 insertions, 18 deletions
diff --git a/ipaserver/install/adtrustinstance.py b/ipaserver/install/adtrustinstance.py index 7cfc5e886..38b080131 100644 --- a/ipaserver/install/adtrustinstance.py +++ b/ipaserver/install/adtrustinstance.py @@ -497,28 +497,31 @@ class ADTRUSTInstance(service.Service): def __setup_principal(self): try: api.Command.service_add(unicode(self.cifs_principal)) - # Add the principal to the 'adtrust agents' group - # as 389-ds only operates with GroupOfNames, we have to use - # the principal's proper dn as defined in self.cifs_agent - try: - current = self.admin_conn.get_entry(self.smb_dn) - members = current.get('member', []) - if not(self.cifs_agent in members): - current["member"] = members + [self.cifs_agent] - self.admin_conn.update_entry(current) - except errors.NotFound: - entry = self.admin_conn.make_entry( - self.smb_dn, - objectclass=["top", "GroupOfNames"], - cn=[self.smb_dn['cn']], - member=[self.cifs_agent], - ) - self.admin_conn.add_entry(entry) - except Exception: + except errors.DuplicateEntry: # CIFS principal already exists, it is not the first time # adtrustinstance is managed # That's fine, we we'll re-extract the key again. pass + except Exception, e: + self.print_msg("Cannot add CIFS service: %s" % e) + + # Add the principal to the 'adtrust agents' group + # as 389-ds only operates with GroupOfNames, we have to use + # the principal's proper dn as defined in self.cifs_agent + try: + current = self.admin_conn.get_entry(self.smb_dn) + members = current.get('member', []) + if not(self.cifs_agent in members): + current["member"] = members + [self.cifs_agent] + self.admin_conn.update_entry(current) + except errors.NotFound: + entry = self.admin_conn.make_entry( + self.smb_dn, + objectclass=["top", "GroupOfNames"], + cn=[self.smb_dn['cn']], + member=[self.cifs_agent], + ) + self.admin_conn.add_entry(entry) self.clean_samba_keytab() |