diff options
-rw-r--r-- | install/share/Makefile.am | 1 | ||||
-rw-r--r-- | install/share/root-autobind.ldif | 24 | ||||
-rwxr-xr-x | install/tools/ipactl | 5 | ||||
-rw-r--r-- | ipaserver/install/dsinstance.py | 5 |
4 files changed, 34 insertions, 1 deletions
diff --git a/install/share/Makefile.am b/install/share/Makefile.am index 0fb5c8961..4527a922c 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -47,6 +47,7 @@ app_DATA = \ uuid-ipauniqueid.ldif \ modrdn-krbprinc.ldif \ entryusn.ldif \ + root-autobind.ldif \ $(NULL) EXTRA_DIST = \ diff --git a/install/share/root-autobind.ldif b/install/share/root-autobind.ldif new file mode 100644 index 000000000..e7bbc8dbe --- /dev/null +++ b/install/share/root-autobind.ldif @@ -0,0 +1,24 @@ +# root-autobind, config +dn: cn=root-autobind,cn=config +changetype: add +objectClass: extensibleObject +objectClass: top +cn: root-autobind +uidNumber: 0 +gidNumber: 0 + +dn: cn=config +changetype: modify +replace: nsslapd-ldapiautobind +nsslapd-ldapiautobind: on + +dn: cn=config +changetype: modify +replace: nsslapd-ldapimaptoentries +nsslapd-ldapimaptoentries: on + +dn: cn=config +changetype: modify +replace: nsslapd-ldapientrysearchbase +nsslapd-ldapientrysearchbase: cn=config + diff --git a/install/tools/ipactl b/install/tools/ipactl index 0254a2762..fc652c975 100755 --- a/install/tools/ipactl +++ b/install/tools/ipactl @@ -26,6 +26,7 @@ try: from ipalib import api, errors import logging import ldap + import ldap.sasl import socket except ImportError: print >> sys.stderr, """\ @@ -36,6 +37,8 @@ error was: """ % sys.exc_value sys.exit(1) +SASL_EXTERNAL = ldap.sasl.sasl({}, 'EXTERNAL') + def parse_options(): usage = "%prog start|stop|restart|status\n" parser = config.IPAOptionParser(usage=usage, @@ -60,7 +63,7 @@ def get_config(): try: con = ldap.initialize(api.env.ldap_uri) - con.simple_bind() + con.sasl_interactive_bind_s('', SASL_EXTERNAL) res = con.search_st(base, ldap.SCOPE_SUBTREE, filterstr=srcfilter, diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 859d5c8ff..378e01234 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -207,6 +207,7 @@ class DsInstance(service.Service): self.step("creating indices", self.__create_indices) self.step("configuring ssl for ds instance", self.__enable_ssl) self.step("configuring certmap.conf", self.__certmap_conf) + self.step("configure autobind for root", self.__root_autobind) self.step("restarting directory server", self.__restart_instance) def __common_post_setup(self): @@ -728,3 +729,7 @@ class DsInstance(service.Service): def __tuning(self): self.tune_nofile(8192) + + def __root_autobind(self): + self._ldap_mod("root-autobind.ldif") + |