summaryrefslogtreecommitdiffstats
path: root/install
diff options
context:
space:
mode:
Diffstat (limited to 'install')
-rw-r--r--install/certmonger/dogtag-ipa-retrieve-agent-submit4
-rw-r--r--install/migration/migration.py5
-rw-r--r--install/restart_scripts/renew_ca_cert4
-rw-r--r--install/restart_scripts/renew_ra_cert8
-rwxr-xr-xinstall/tools/ipa-adtrust-install1
-rwxr-xr-xinstall/tools/ipa-compat-manage7
-rw-r--r--install/tools/ipa-compliance5
-rwxr-xr-xinstall/tools/ipa-csreplica-manage41
-rwxr-xr-xinstall/tools/ipa-dns-install2
-rwxr-xr-xinstall/tools/ipa-managed-entries19
-rwxr-xr-xinstall/tools/ipa-nis-manage7
-rwxr-xr-xinstall/tools/ipa-replica-install19
-rwxr-xr-xinstall/tools/ipa-replica-manage69
-rwxr-xr-xinstall/tools/ipa-replica-prepare14
-rwxr-xr-xinstall/tools/ipa-server-certinstall5
-rwxr-xr-xinstall/tools/ipa-server-install18
-rw-r--r--install/tools/ipa-upgradeconfig2
-rwxr-xr-xinstall/tools/ipactl15
18 files changed, 126 insertions, 119 deletions
diff --git a/install/certmonger/dogtag-ipa-retrieve-agent-submit b/install/certmonger/dogtag-ipa-retrieve-agent-submit
index 24e1844a5..6d54000d6 100644
--- a/install/certmonger/dogtag-ipa-retrieve-agent-submit
+++ b/install/certmonger/dogtag-ipa-retrieve-agent-submit
@@ -29,7 +29,7 @@ import tempfile
import krbV
import syslog
from ipalib import api
-from ipalib.dn import DN
+from ipapython.dn import DN
from ipalib import errors
from ipalib import x509
from ipapython import services as ipaservices
@@ -52,7 +52,7 @@ api.finalize()
# Update or add it
tmpdir = tempfile.mkdtemp(prefix = "tmp-")
try:
- dn = str(DN(('cn',nickname),('cn=ca_renewal,cn=ipa,cn=etc'),(api.env.basedn)))
+ dn = DN(('cn', nickname), ('cn', 'ca_renewal'), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn)
principal = str('host/%s@%s' % (api.env.host, api.env.realm))
ccache = ipautil.kinit_hostprincipal('/etc/krb5.keytab', tmpdir, principal)
conn = ldap2(shared_instance=False, ldap_uri=api.env.ldap_uri)
diff --git a/install/migration/migration.py b/install/migration/migration.py
index 449d35c66..e0ada1310 100644
--- a/install/migration/migration.py
+++ b/install/migration/migration.py
@@ -27,6 +27,7 @@ import ldap
import wsgiref
from ipapython.ipa_log_manager import *
from ipapython.ipautil import get_ipa_basedn
+from ipapython.dn import DN
BASE_DN = ''
LDAP_URI = 'ldaps://localhost:636'
@@ -80,10 +81,10 @@ def bind(username, password):
if not base_dn:
root_logger.error('migration unable to get base dn')
raise IOError(errno.EIO, 'Cannot get Base DN')
- bind_dn = 'uid=%s,cn=users,cn=accounts,%s' % (username, base_dn)
+ bind_dn = DN(('uid', username), ('cn', 'users'), ('cn', 'accounts'), base_dn)
try:
conn = ldap.initialize(LDAP_URI)
- conn.simple_bind_s(bind_dn, password)
+ conn.simple_bind_s(str(bind_dn), password)
except (ldap.INVALID_CREDENTIALS, ldap.UNWILLING_TO_PERFORM,
ldap.NO_SUCH_OBJECT), e:
root_logger.error('migration invalid credentials for %s: %s' % (bind_dn, convert_exception(e)))
diff --git a/install/restart_scripts/renew_ca_cert b/install/restart_scripts/renew_ca_cert
index d3b756042..e4374eca5 100644
--- a/install/restart_scripts/renew_ca_cert
+++ b/install/restart_scripts/renew_ca_cert
@@ -26,7 +26,7 @@ import tempfile
import krbV
import syslog
from ipalib import api
-from ipalib.dn import DN
+from ipapython.dn import DN
from ipalib import errors
from ipapython import services as ipaservices
from ipapython import ipautil
@@ -50,7 +50,7 @@ if not cert:
# Update or add it
tmpdir = tempfile.mkdtemp(prefix = "tmp-")
try:
- dn = str(DN(('cn',nickname),('cn=ca_renewal,cn=ipa,cn=etc'),(api.env.basedn)))
+ dn = DN(('cn',nickname), ('cn', 'ca_renewal'), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn)
principal = str('host/%s@%s' % (api.env.host, api.env.realm))
ccache = ipautil.kinit_hostprincipal('/etc/krb5.keytab', tmpdir, principal)
conn = ldap2(shared_instance=False, ldap_uri=api.env.ldap_uri)
diff --git a/install/restart_scripts/renew_ra_cert b/install/restart_scripts/renew_ra_cert
index 2fcf1a79b..14cbc114c 100644
--- a/install/restart_scripts/renew_ra_cert
+++ b/install/restart_scripts/renew_ra_cert
@@ -29,7 +29,7 @@ from ipapython import ipautil
from ipaserver.install import certs
from ipaserver.install.cainstance import DEFAULT_DSPORT
from ipalib import api
-from ipalib.dn import DN
+from ipapython.dn import DN
from ipalib import x509
from ipalib import errors
from ipaserver.plugins.ldap2 import ldap2
@@ -45,7 +45,7 @@ subject = x509.get_subject(cert, datatype=x509.DER)
issuer = x509.get_issuer(cert, datatype=x509.DER)
# Load it into dogtag
-dn = str(DN(('uid','ipara'),('ou','People'),('o','ipaca')))
+dn = DN(('uid','ipara'),('ou','People'),('o','ipaca'))
try:
dm_password = get_pin('internaldb')
@@ -55,7 +55,7 @@ except IOError, e:
try:
conn = ldap2(shared_instance=False, ldap_uri='ldap://localhost:%d' % DEFAULT_DSPORT)
- conn.connect(bind_dn='cn=directory manager', bind_pw=dm_password)
+ conn.connect(bind_dn=DN(('cn', 'directory manager')), bind_pw=dm_password)
(entry_dn, entry_attrs) = conn.get_entry(dn, ['usercertificate'], normalize=False)
entry_attrs['usercertificate'].append(cert)
entry_attrs['description'] = '2;%d;%s;%s' % (serial_number, issuer, subject)
@@ -68,7 +68,7 @@ except Exception, e:
# Store it in the IPA LDAP server
tmpdir = tempfile.mkdtemp(prefix = "tmp-")
try:
- dn = str(DN(('cn','ipaCert'),('cn=ca_renewal,cn=ipa,cn=etc'),(api.env.basedn)))
+ dn = DN(('cn','ipaCert'), ('cn', 'ca_renewal'), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn)
principal = str('host/%s@%s' % (api.env.host, api.env.realm))
ccache = ipautil.kinit_hostprincipal('/etc/krb5.keytab', tmpdir, principal)
conn = ldap2(shared_instance=False, ldap_uri=api.env.ldap_uri)
diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install
index 02a309306..8cea077cc 100755
--- a/install/tools/ipa-adtrust-install
+++ b/install/tools/ipa-adtrust-install
@@ -32,6 +32,7 @@ from ipapython.config import IPAOptionParser
import krbV
import ldap
from ipapython.ipa_log_manager import *
+from ipapython.dn import DN
log_file_name = "/var/log/ipaserver-install.log"
diff --git a/install/tools/ipa-compat-manage b/install/tools/ipa-compat-manage
index f7564e0c5..e88d92286 100755
--- a/install/tools/ipa-compat-manage
+++ b/install/tools/ipa-compat-manage
@@ -28,6 +28,7 @@ try:
from ipaserver.plugins.ldap2 import ldap2
from ipalib import api, errors
from ipapython.ipa_log_manager import *
+ from ipapython.dn import DN
except ImportError:
print >> sys.stderr, """\
There was a problem importing one of the required Python modules. The
@@ -37,8 +38,8 @@ error was:
""" % sys.exc_value
sys.exit(1)
-compat_dn = "cn=Schema Compatibility,cn=plugins,cn=config"
-nis_config_dn = "cn=NIS Server,cn=plugins,cn=config"
+compat_dn = DN(('cn', 'Schema Compatibility'), ('cn', 'plugins'), ('cn', 'config'))
+nis_config_dn = DN(('cn', 'NIS Server'), ('cn', 'plugins'), ('cn', 'config'))
def parse_options():
usage = "%prog [options] <enable|disable>\n"
@@ -107,7 +108,7 @@ def main():
try:
conn = ldap2(shared_instance=False, base_dn='')
conn.connect(
- bind_dn='cn=directory manager', bind_pw=dirman_password
+ bind_dn=DN(('cn', 'directory manager')), bind_pw=dirman_password
)
except errors.ExecutionError, lde:
sys.exit("An error occurred while connecting to the server.\n%s\n" % str(lde))
diff --git a/install/tools/ipa-compliance b/install/tools/ipa-compliance
index 8ae91b777..c82e4151f 100644
--- a/install/tools/ipa-compliance
+++ b/install/tools/ipa-compliance
@@ -36,6 +36,7 @@ try:
from ipaserver.plugins.ldap2 import ldap2
from ipalib import api, errors, backend
from ipaserver.install import installutils
+ from ipapython.dn import DN
except ImportError, e:
# If python-rhsm isn't installed exit gracefully and quietly.
if e.args[0] == 'No module named rhsm.certificate':
@@ -116,7 +117,7 @@ def check_compliance(tmpdir, debug=False):
# Get the hosts first
try:
(entries, truncated) = conn.find_entries('(krblastpwdchange=*)', ['dn'],
- '%s,%s' % (api.env.container_host, api.env.basedn),
+ DN(api.env.container_host, api.env.basedn),
conn.SCOPE_ONELEVEL,
size_limit = -1)
except errors.NotFound:
@@ -136,7 +137,7 @@ def check_compliance(tmpdir, debug=False):
try:
(entries, truncated) = conn.find_entries('(objectclass=ipaentitlement)',
['dn', 'userCertificate'],
- '%s,%s' % (api.env.container_entitlements, api.env.basedn),
+ DN(api.env.container_entitlements, api.env.basedn),
conn.SCOPE_ONELEVEL,
size_limit = -1)
diff --git a/install/tools/ipa-csreplica-manage b/install/tools/ipa-csreplica-manage
index 938201fed..6eefe8d6d 100755
--- a/install/tools/ipa-csreplica-manage
+++ b/install/tools/ipa-csreplica-manage
@@ -30,7 +30,7 @@ from ipaserver.install import replication, installutils
from ipaserver import ipaldap
from ipapython import version
from ipalib import api, errors, util
-from ipalib.dn import DN
+from ipapython.dn import DN
CACERT = "/etc/ipa/ca.crt"
PORT = 7389
@@ -63,7 +63,7 @@ class CSReplicationManager(replication.ReplicationManager):
def __init__(self, realm, hostname, dirman_passwd, port=PORT, starttls=True):
super(CSReplicationManager, self).__init__(realm, hostname, dirman_passwd, port, starttls)
- self.suffix = 'o=ipaca'
+ self.suffix = DN(('o', 'ipaca'))
self.hostnames = [] # set before calling or agreement_dn() will fail
def agreement_dn(self, hostname, master=None):
@@ -89,14 +89,14 @@ class CSReplicationManager(replication.ReplicationManager):
else:
name = "clone"
cn="%sAgreement1-%s-%s" % (name, hostname, instance_name)
- dn = str(DN("cn=%s, %s" % (cn, self.replica_dn())))
+ dn = DN(('cn', cn), self.replica_dn())
return (cn, dn)
for host in self.hostnames:
for master in ["master", "clone"]:
try:
cn="%sAgreement1-%s-%s" % (master, host, instance_name)
- dn = "cn=%s, %s" % (cn, self.replica_dn())
+ dn = DN(('cn', cn), self.replica_dn())
self.conn.getEntry(dn, ldap.SCOPE_BASE)
return (cn, dn)
except errors.NotFound:
@@ -106,12 +106,10 @@ class CSReplicationManager(replication.ReplicationManager):
raise errors.NotFound(reason='No agreement found for %s' % hostname)
def delete_referral(self, hostname):
- esc1_suffix = self.suffix.replace('=', '\\3D').replace(',', '\\2C')
- esc2_suffix = self.suffix.replace('=', '%3D').replace(',', '%2C')
- dn = 'cn=%s,cn=mapping tree,cn=config' % esc1_suffix
+ dn = DN(('cn', self.suffix), ('cn', 'mapping tree'), ('cn', 'config'))
# TODO: should we detect proto/port somehow ?
mod = [(ldap.MOD_DELETE, 'nsslapd-referral',
- 'ldap://%s/%s' % (ipautil.format_netloc(hostname, PORT), esc2_suffix))]
+ 'ldap://%s/%s' % (ipautil.format_netloc(hostname, PORT), self.suffix))]
try:
self.conn.modify_s(dn, mod)
@@ -165,16 +163,16 @@ def list_replicas(realm, host, replica, dirman_passwd, verbose):
conn = ipaldap.IPAdmin(host, 636, cacert=CACERT)
conn.do_simple_bind(bindpw=dirman_passwd)
- dn = str(DN('cn=masters,cn=ipa,cn=etc,%s' % ipautil.realm_to_suffix(realm)))
- entries = conn.search_s(dn, ldap.SCOPE_ONELEVEL)
+ dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), ipautil.realm_to_suffix(realm))
+ entries = conn.getList(dn, ldap.SCOPE_ONELEVEL)
for ent in entries:
try:
cadn = DN(('cn', 'CA'), DN(ent.dn))
- entry = conn.getEntry(str(cadn), ldap.SCOPE_BASE)
- peers[ent.cn] = ['master', '']
+ entry = conn.getEntry(cadn, ldap.SCOPE_BASE)
+ peers[ent.getValue('cn')] = ['master', '']
except errors.NotFound:
- peers[ent.cn] = ['CA not configured', '']
+ peers[ent.getValue('cn')] = ['CA not configured', '']
except Exception, e:
sys.exit("Failed to get data from '%s': %s" % (host, convert_error(e)))
@@ -190,13 +188,13 @@ def list_replicas(realm, host, replica, dirman_passwd, verbose):
entries = repl.find_replication_agreements()
for entry in entries:
- print '%s' % entry.nsds5replicahost
+ print '%s' % entry.getValue('nsds5replicahost')
if verbose:
- print " last init status: %s" % entry.nsds5replicalastinitstatus
- print " last init ended: %s" % str(ipautil.parse_generalized_time(entry.nsds5replicalastinitend))
- print " last update status: %s" % entry.nsds5replicalastupdatestatus
- print " last update ended: %s" % str(ipautil.parse_generalized_time(entry.nsds5replicalastupdateend))
+ print " last init status: %s" % entry.getValue('nsds5replicalastinitstatus')
+ print " last init ended: %s" % str(ipautil.parse_generalized_time(entry.getValue('nsds5replicalastinitend')))
+ print " last update status: %s" % entry.getValue('nsds5replicalastupdatestatus')
+ print " last update ended: %s" % str(ipautil.parse_generalized_time(entry.getValue('nsds5replicalastupdateend')))
def del_link(realm, replica1, replica2, dirman_passwd, force=False):
@@ -316,7 +314,8 @@ def add_link(realm, replica1, replica2, dirman_passwd, options):
conn = ipaldap.IPAdmin(replica2, 636, cacert=CACERT)
conn.do_simple_bind(bindpw=dirman_passwd)
- dn = str(DN('cn=CA,cn=%s,cn=masters,cn=ipa,cn=etc,%s' % (replica2, ipautil.realm_to_suffix(realm))))
+ dn = DN(('cn', 'CA'), ('cn', replica2), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'),
+ ipautil.realm_to_suffix(realm))
conn.search_s(dn, ldap.SCOPE_ONELEVEL)
conn.unbind_s()
except ldap.NO_SUCH_OBJECT:
@@ -341,7 +340,7 @@ def add_link(realm, replica1, replica2, dirman_passwd, options):
except Exception, e:
sys.exit("Failed to get data from '%s': %s" % (replica1, convert_error(e)))
- repl1.setup_replication(replica2, PORT, 0, "cn=Directory Manager", dirman_passwd, True, True)
+ repl1.setup_replication(replica2, PORT, 0, DN(('cn', 'Directory Manager')), dirman_passwd, True, True)
print "Connected '%s' to '%s'" % (replica1, replica2)
def re_initialize(realm, options):
@@ -355,7 +354,7 @@ def re_initialize(realm, options):
thishost = installutils.get_fqdn()
filter = "(&(nsDS5ReplicaHost=%s)(|(objectclass=nsDSWindowsReplicationAgreement)(objectclass=nsds5ReplicationAgreement)))" % thishost
- entry = repl.conn.search_s("cn=config", ldap.SCOPE_SUBTREE, filter)
+ entry = repl.conn.search_s(DN(('cn', 'config')), ldap.SCOPE_SUBTREE, filter)
if len(entry) == 0:
root_logger.error("Unable to find %s -> %s replication agreement" % (options.fromhost, thishost))
sys.exit(1)
diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install
index 47bffdf83..d4795f72e 100755
--- a/install/tools/ipa-dns-install
+++ b/install/tools/ipa-dns-install
@@ -202,7 +202,7 @@ def main():
root_logger.debug("will use dns_forwarders: %s\n", str(dns_forwarders))
if bind.dm_password:
- api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=bind.dm_password)
+ api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')), bind_pw=bind.dm_password)
else:
# See if our LDAP server is up and we can talk to it over GSSAPI
ccache = krbV.default_context().default_ccache().name
diff --git a/install/tools/ipa-managed-entries b/install/tools/ipa-managed-entries
index b9a492e48..e68d4d360 100755
--- a/install/tools/ipa-managed-entries
+++ b/install/tools/ipa-managed-entries
@@ -28,8 +28,8 @@ try:
from ipaserver import ipaldap
from ipaserver.plugins.ldap2 import ldap2
from ipalib import api, errors
- from ipalib.dn import *
from ipapython.ipa_log_manager import *
+ from ipapython.dn import DN
except ImportError:
print >> sys.stderr, """\
@@ -92,9 +92,8 @@ def main():
('cn', 'Definitions'),
('cn', 'Managed Entries'),
('cn', 'etc'),
- DN(api.env.basedn)
+ api.env.basedn
)
- managed_entry_definitions_dn = str(managed_entry_definitions_dn)
conn = None
try:
@@ -125,13 +124,13 @@ def main():
# List available Managed Entry Plugins
managed_entries = None
try:
- entries = conn.search_s(
+ entries = conn.getList(
managed_entry_definitions_dn, ldap.SCOPE_SUBTREE, filter
)
except Exception, e:
root_logger.debug("Search for managed entries failed: %s" % str(e))
sys.exit("Unable to find managed entries at %s" % managed_entry_definitions_dn)
- managed_entries = [entry.cn for entry in entries]
+ managed_entries = [entry.getValue('cn') for entry in entries]
if managed_entries:
print "Available Managed Entry Definitions:"
for managed_entry in managed_entries:
@@ -142,22 +141,18 @@ def main():
if not options.managed_entry:
sys.exit("\nYou must specify a managed entry definition")
else:
- rdn = DN(
- ('cn', options.managed_entry),
- DN(managed_entry_definitions_dn)
- )
- def_dn = str(rdn)
+ def_dn = DN(('cn', options.managed_entry), managed_entry_definitions_dn)
disabled = True
try:
- entries = conn.search_s(def_dn,
+ entry = conn.getEntry(def_dn,
ldap.SCOPE_BASE,
filter,
['originfilter'],
)
disable_attr = '(objectclass=disable)'
try:
- org_filter = entries[0].originfilter
+ org_filter = entry.getValue('originfilter')
disabled = re.search(r'%s' % disable_attr, org_filter)
except KeyError:
sys.exit("%s is not a valid Managed Entry" % def_dn)
diff --git a/install/tools/ipa-nis-manage b/install/tools/ipa-nis-manage
index 1c6de7b57..5ef3ce0e6 100755
--- a/install/tools/ipa-nis-manage
+++ b/install/tools/ipa-nis-manage
@@ -30,6 +30,7 @@ try:
from ipaserver.plugins.ldap2 import ldap2
from ipalib import api, errors
from ipapython.ipa_log_manager import *
+ from ipapython.dn import DN
except ImportError:
print >> sys.stderr, """\
There was a problem importing one of the required Python modules. The
@@ -39,8 +40,8 @@ error was:
""" % sys.exc_value
sys.exit(1)
-nis_config_dn = "cn=NIS Server,cn=plugins,cn=config"
-compat_dn = "cn=Schema Compatibility,cn=plugins,cn=config"
+nis_config_dn = DN(('cn', 'NIS Server'), ('cn', 'plugins'), ('cn', 'config'))
+compat_dn = DN(('cn', 'Schema Compatibility'), ('cn', 'plugins'), ('cn', 'config'))
def parse_options():
usage = "%prog [options] <enable|disable>\n"
@@ -120,7 +121,7 @@ def main():
try:
conn = ldap2(shared_instance=False, base_dn='')
conn.connect(
- bind_dn='cn=directory manager', bind_pw=dirman_password
+ bind_dn=DN(('cn', 'directory manager')), bind_pw=dirman_password
)
except errors.ExecutionError, lde:
sys.exit("An error occurred while connecting to the server: %s" % str(lde))
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index c322cb62e..d7baf9c05 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -36,12 +36,13 @@ from ipaserver.install.installutils import ReplicaConfig, expand_replica_info, r
from ipaserver.install.installutils import get_host_name, BadHostError
from ipaserver.plugins.ldap2 import ldap2
from ipaserver.install import cainstance
-from ipapython import version
from ipalib import api, errors, util
+from ipapython import version
from ipapython.config import IPAOptionParser
from ipapython import sysrestore
from ipapython import services as ipaservices
from ipapython.ipa_log_manager import *
+from ipapython.dn import DN
log_file_name = "/var/log/ipareplica-install.log"
CACERT = "/etc/ipa/ca.crt"
@@ -204,7 +205,7 @@ def install_http(config, auto_redirect):
return http
def install_bind(config, options):
- api.Backend.ldap2.connect(bind_dn="cn=Directory Manager",
+ api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')),
bind_pw=config.dirman_password)
if options.forwarders:
forwarders = options.forwarders
@@ -246,7 +247,7 @@ def install_dns_records(config, options):
cur_uri = api.Backend.ldap2.ldap_uri
object.__setattr__(api.Backend.ldap2, 'ldap_uri',
'ldaps://%s' % ipautil.format_netloc(config.master_host_name))
- api.Backend.ldap2.connect(bind_dn="cn=Directory Manager",
+ api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')),
bind_pw=config.dirman_password,
tls_cacertfile=CACERT)
bind = bindinstance.BindInstance(dm_password=config.dirman_password)
@@ -360,10 +361,10 @@ def main():
try:
fd = open("/etc/ipa/default.conf", "w")
fd.write("[global]\n")
- fd.write("host=" + config.host_name + "\n")
- fd.write("basedn=" + ipautil.realm_to_suffix(config.realm_name) + "\n")
- fd.write("realm=" + config.realm_name + "\n")
- fd.write("domain=" + config.domain_name + "\n")
+ fd.write("host=%s\n" % config.host_name)
+ fd.write("basedn=%s\n" % str(ipautil.realm_to_suffix(config.realm_name)))
+ fd.write("realm=%s\n" % config.realm_name)
+ fd.write("domain=%s\n" % config.domain_name)
fd.write("xmlrpc_uri=https://%s/ipa/xml\n" % ipautil.format_netloc(config.host_name))
fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % dsinstance.realm_to_serverid(config.realm_name))
if ipautil.file_exists(config.dir + "/cacert.p12"):
@@ -404,14 +405,14 @@ def main():
ldapuri = 'ldaps://%s' % ipautil.format_netloc(config.master_host_name)
try:
conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn='')
- conn.connect(bind_dn='cn=directory manager',
+ conn.connect(bind_dn=DN(('cn', 'directory manager')),
bind_pw=config.dirman_password,
tls_cacertfile=CACERT)
replman = ReplicationManager(config.realm_name, config.master_host_name,
config.dirman_password)
found = False
try:
- entry = conn.find_entries(u'fqdn=%s' % host, ['dn', 'fqdn'], u'%s,%s' % (api.env.container_host, api.env.basedn))
+ entry = conn.find_entries(u'fqdn=%s' % host, ['dn', 'fqdn'], DN(api.env.container_host, api.env.basedn))
print "The host %s already exists on the master server.\nYou should remove it before proceeding:" % host
print " %% ipa host-del %s" % host
found = True
diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage
index b095daf03..b2e819d1e 100755
--- a/install/tools/ipa-replica-manage
+++ b/install/tools/ipa-replica-manage
@@ -29,8 +29,8 @@ from ipaserver.install import bindinstance
from ipaserver import ipaldap
from ipapython import version
from ipalib import api, errors, util
-from ipalib.dn import DN
from ipapython.ipa_log_manager import *
+from ipapython.dn import DN
CACERT = "/etc/ipa/ca.crt"
@@ -125,23 +125,28 @@ def list_replicas(realm, host, replica, dirman_passwd, verbose):
conn.do_simple_bind(bindpw=dirman_passwd)
else:
conn.do_sasl_gssapi_bind()
+ except Exception, e:
+ print "Failed to connect to host '%s': %s" % (host, str(e))
+ return
- dn = 'cn=masters,cn=ipa,cn=etc,%s' % ipautil.realm_to_suffix(realm)
- entries = conn.search_s(dn, ldap.SCOPE_ONELEVEL)
-
+ dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), ipautil.realm_to_suffix(realm))
+ try:
+ entries = conn.getList(dn, ldap.SCOPE_ONELEVEL)
+ except:
+ print "Failed read master data from '%s': %s" % (host, str(e))
+ return
+ else:
for ent in entries:
- peers[ent.cn] = ['master', '']
-
- dn = 'cn=replicas,cn=ipa,cn=etc,%s' % ipautil.realm_to_suffix(realm)
- entries = conn.search_s(dn, ldap.SCOPE_ONELEVEL)
+ peers[ent.getValue('cn')] = ['master', '']
+ dn = DN(('cn', 'replicas'), ('cn', 'ipa'), ('cn', 'etc'), ipautil.realm_to_suffix(realm))
+ try:
+ entries = conn.getList(dn, ldap.SCOPE_ONELEVEL)
+ except:
+ pass
+ else:
for ent in entries:
- peers[ent.cn] = ent.ipaconfigstring.split(':')
-
- except Exception, e:
- print "Failed to get data from '%s': %s" % (host, str(e))
- return
-
+ peers[ent.getValue('cn')] = ent.getValue('ipaConfigString').split(':')
if not replica:
for k, p in peers.iteritems():
@@ -164,8 +169,8 @@ def list_replicas(realm, host, replica, dirman_passwd, verbose):
repl = replication.ReplicationManager(realm, winsync_peer,
dirman_passwd)
cn, dn = repl.agreement_dn(replica)
- entries = repl.conn.search_s(dn, ldap.SCOPE_BASE,
- "(objectclass=nsDSWindowsReplicationAgreement)")
+ entries = repl.conn.getList(dn, ldap.SCOPE_BASE,
+ "(objectclass=nsDSWindowsReplicationAgreement)")
ent_type = 'winsync'
else:
repl = replication.ReplicationManager(realm, replica,
@@ -177,13 +182,13 @@ def list_replicas(realm, host, replica, dirman_passwd, verbose):
return
for entry in entries:
- print '%s: %s' % (entry.nsds5replicahost, ent_type)
+ print '%s: %s' % (entry.getValue('nsds5replicahost'), ent_type)
if verbose:
- print " last init status: %s" % entry.nsds5replicalastinitstatus
- print " last init ended: %s" % str(ipautil.parse_generalized_time(entry.nsds5replicalastinitend))
- print " last update status: %s" % entry.nsds5replicalastupdatestatus
- print " last update ended: %s" % str(ipautil.parse_generalized_time(entry.nsds5replicalastupdateend))
+ print " last init status: %s" % entry.getValue('nsds5replicalastinitstatus')
+ print " last init ended: %s" % str(ipautil.parse_generalized_time(entry.getValue('nsds5replicalastinitend')))
+ print " last update status: %s" % entry.getValue('nsds5replicalastupdatestatus')
+ print " last update ended: %s" % str(ipautil.parse_generalized_time(entry.getValue('nsds5replicalastupdateend')))
def del_link(realm, replica1, replica2, dirman_passwd, force=False):
@@ -254,9 +259,9 @@ def del_link(realm, replica1, replica2, dirman_passwd, force=False):
if type1 == replication.WINSYNC:
try:
- dn = 'cn=%s,cn=replicas,cn=ipa,cn=etc,%s' % (replica2,
- ipautil.realm_to_suffix(realm))
- entries = repl1.conn.search_s(dn, ldap.SCOPE_SUBTREE)
+ dn = DN(('cn', replica2), ('cn', 'replicas'), ('cn', 'ipa'), ('cn', 'etc'),
+ ipautil.realm_to_suffix(realm))
+ entries = repl1.conn.getList(dn, ldap.SCOPE_SUBTREE)
if len(entries) != 0:
dnset = repl1.conn.get_dns_sorted_by_length(entries,
reverse=True)
@@ -300,11 +305,11 @@ def del_master(realm, hostname, options):
force_del = True
if force_del:
- dn = 'cn=masters,cn=ipa,cn=etc,%s' % thisrepl.suffix
- res = thisrepl.conn.search_s(dn, ldap.SCOPE_ONELEVEL)
+ dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), thisrepl.suffix)
+ entries = thisrepl.conn.getList(dn, ldap.SCOPE_ONELEVEL)
replica_names = []
- for entry in res:
- replica_names.append(entry.cn)
+ for entry in entries:
+ replica_names.append(entry.getValue('cn'))
else:
# Get list of agreements.
replica_names = delrepl.find_ipa_replication_agreements()
@@ -340,7 +345,7 @@ def del_master(realm, hostname, options):
if bindinstance.dns_container_exists(options.host, thisrepl.suffix,
dm_password=options.dirman_passwd):
if options.dirman_passwd:
- api.Backend.ldap2.connect(bind_dn='cn=Directory Manager',
+ api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')),
bind_pw=options.dirman_passwd)
else:
ccache = krbV.default_context().default_ccache().name
@@ -366,7 +371,7 @@ def add_link(realm, replica1, replica2, dirman_passwd, options):
repl = replication.ReplicationManager(realm, replica1, dirman_passwd)
if repl.get_agreement_type(replica2) == replication.WINSYNC:
agreement = repl.get_replication_agreement(replica2)
- sys.exit("winsync agreement already exists on subtree %s" %
+ sys.exit("winsync agreement already exists on subtree %s" %
agreement.getValue('nsds7WindowsReplicaSubtree'))
else:
sys.exit("A replication agreement to %s already exists" % replica2)
@@ -407,8 +412,8 @@ def add_link(realm, replica1, replica2, dirman_passwd, options):
# from scratch
try:
masters_dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), (api.env.basedn))
- master1_dn = str(DN(('cn', replica1), masters_dn))
- master2_dn = str(DN(('cn', replica2), masters_dn))
+ master1_dn = DN(('cn', replica1), masters_dn)
+ master2_dn = DN(('cn', replica2), masters_dn)
repl1.conn.getEntry(master1_dn, ldap.SCOPE_BASE)
repl1.conn.getEntry(master2_dn, ldap.SCOPE_BASE)
diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare
index 19360fdf2..210a9de11 100755
--- a/install/tools/ipa-replica-prepare
+++ b/install/tools/ipa-replica-prepare
@@ -35,6 +35,7 @@ from ipaserver.plugins.ldap2 import ldap2
from ipapython import version
from ipapython.config import IPAOptionParser
from ipalib import api, errors, util
+from ipapython.dn import DN
def parse_options():
usage = "%prog [options] FQDN (e.g. replica.example.com)"
@@ -99,13 +100,16 @@ def parse_options():
def get_subject_base(host_name, dm_password, suffix):
try:
conn = ldap2(shared_instance=False, base_dn=suffix)
- conn.connect(bind_dn='cn=directory manager', bind_pw=dm_password)
+ conn.connect(bind_dn=DN(('cn', 'directory manager')), bind_pw=dm_password)
except errors.ExecutionError, e:
root_logger.critical("Could not connect to the Directory Server on %s" % host_name)
raise e
(dn, entry_attrs) = conn.get_ipa_config()
conn.disconnect()
- return entry_attrs.get('ipacertificatesubjectbase', [None])[0]
+ subject_base = entry_attrs.get('ipacertificatesubjectbase', [None])[0]
+ if subject_base is not None:
+ subject_base = DN(subject_base)
+ return subject_base
def check_ipa_configuration(realm_name):
config_dir = dsinstance.config_dirname(dsinstance.realm_to_serverid(realm_name))
@@ -200,7 +204,7 @@ def save_config(dir, realm_name, host_name,
config.set("realm", "master_host_name", host_name)
config.set("realm", "domain_name", domain_name)
config.set("realm", "destination_host", dest_host)
- config.set("realm", "subject_base", subject_base)
+ config.set("realm", "subject_base", str(subject_base))
fd = open(dir + "/realm_info", "w")
config.write(fd)
@@ -260,7 +264,7 @@ def main():
# Try out the password
try:
conn = ldap2(shared_instance=False)
- conn.connect(bind_dn='cn=directory manager', bind_pw=dirman_password)
+ conn.connect(bind_dn=DN(('cn', 'directory manager')), bind_pw=dirman_password)
conn.disconnect()
except errors.ACIError:
sys.exit("\nThe password provided is incorrect for LDAP server %s" % api.env.host)
@@ -431,7 +435,7 @@ def main():
if options.ip_address:
print "Adding DNS records for %s" % replica_fqdn
- api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=dirman_password)
+ api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')), bind_pw=dirman_password)
domain = replica_fqdn.split(".")
name = domain.pop(0)
diff --git a/install/tools/ipa-server-certinstall b/install/tools/ipa-server-certinstall
index 3b19f0452..bc4dde272 100755
--- a/install/tools/ipa-server-certinstall
+++ b/install/tools/ipa-server-certinstall
@@ -32,6 +32,7 @@ from ipapython.ipautil import user_input
from ipaserver.install import certs, dsinstance, httpinstance, installutils
from ipalib import api
from ipapython.ipa_log_manager import *
+from ipapython.dn import DN
from ipaserver.plugins.ldap2 import ldap2
def get_realm_name():
@@ -66,9 +67,9 @@ def parse_options():
def set_ds_cert_name(cert_name, dm_password):
conn = ldap2(shared_instance=False, base_dn='')
- conn.connect(bind_dn='cn=directory manager', bind_pw=dm_password)
+ conn.connect(bind_dn=DN(('cn', 'directory manager')), bind_pw=dm_password)
mod = {'nssslpersonalityssl': cert_name}
- conn.update_entry('cn=RSA,cn=encryption,cn=config', mod)
+ conn.update_entry(DN(('cn', 'RSA'), ('cn', 'encryption'), ('cn', 'config')), mod)
conn.disconnect()
def choose_server_cert(server_certs):
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index d7de70631..d9682bbb3 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -60,11 +60,11 @@ from ipapython.ipautil import *
from ipapython import ipautil
from ipalib import api, errors, util
from ipapython.config import IPAOptionParser
-from ipalib.dn import DN
from ipalib.x509 import load_certificate_from_file, load_certificate_chain_from_file
from ipalib.util import validate_domain_name
from ipapython import services as ipaservices
from ipapython.ipa_log_manager import *
+from ipapython.dn import DN
pw_name = None
uninstalling = False
@@ -530,13 +530,13 @@ def set_subject_in_config(realm_name, dm_password, suffix, subject_base):
)
try:
conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn=suffix)
- conn.connect(bind_dn='cn=directory manager', bind_pw=dm_password)
+ conn.connect(bind_dn=DN(('cn', 'directory manager')), bind_pw=dm_password)
except errors.ExecutionError, e:
root_logger.critical("Could not connect to the Directory Server on %s" % realm_name)
raise e
(dn, entry_attrs) = conn.get_ipa_config()
if 'ipacertificatesubjectbase' not in entry_attrs:
- mod = {'ipacertificatesubjectbase': subject_base}
+ mod = {'ipacertificatesubjectbase': str(subject_base)}
conn.update_entry(dn, mod)
conn.disconnect()
@@ -770,7 +770,7 @@ def main():
realm_name = options.realm_name.upper()
if not options.subject:
- options.subject = "O=%s" % realm_name
+ options.subject = DN(('O', realm_name))
if not options.dm_password:
dm_password = read_dm_password()
@@ -840,10 +840,10 @@ def main():
target_fname = '/etc/ipa/default.conf'
fd = open(target_fname, "w")
fd.write("[global]\n")
- fd.write("host=" + host_name + "\n")
- fd.write("basedn=" + ipautil.realm_to_suffix(realm_name) + "\n")
- fd.write("realm=" + realm_name + "\n")
- fd.write("domain=" + domain_name + "\n")
+ fd.write("host=%s\n" % host_name)
+ fd.write("basedn=%s\n" % ipautil.realm_to_suffix(realm_name))
+ fd.write("realm=%s\n" % realm_name)
+ fd.write("domain=%s\n" % domain_name)
fd.write("xmlrpc_uri=https://%s/ipa/xml\n" % format_netloc(host_name))
fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % dsinstance.realm_to_serverid(realm_name))
fd.write("enable_ra=True\n")
@@ -1046,7 +1046,7 @@ def main():
persistent_search=options.persistent_search,
serial_autoincrement=options.serial_autoincrement)
if options.setup_dns:
- api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=dm_password)
+ api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')), bind_pw=dm_password)
bind.create_instance()
print ""
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
index 951bd4854..3041cb60b 100644
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -253,7 +253,7 @@ def update_dbmodules(realm, filename="/etc/krb5.conf"):
newfile.append('#%s' % line)
prefix = ''
continue
-
+
newfile.append('%s%s' % (prefix, line))
# Append updated dbmodules information
diff --git a/install/tools/ipactl b/install/tools/ipactl
index 22a4f6e03..e173d10c1 100755
--- a/install/tools/ipactl
+++ b/install/tools/ipactl
@@ -26,10 +26,10 @@ try:
from ipaserver.install.dsinstance import config_dirname, realm_to_serverid
from ipaserver.install.installutils import is_ipa_configured, ScriptError
from ipapython.ipautil import wait_for_open_ports, wait_for_open_socket
+ from ipalib import api, errors
from ipapython import sysrestore
from ipapython import config
- from ipalib import api, errors
- from ipalib.dn import DN
+ from ipapython.dn import DN
import ldap
import ldap.sasl
import ldapurl
@@ -107,8 +107,7 @@ def emit_err(err):
sys.stderr.write(err + '\n')
def get_config(dirsrv):
- base = "cn=%s,cn=masters,cn=ipa,cn=etc,%s" % (api.env.host,
- api.env.basedn)
+ base = DN(('cn', api.env.host), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn)
srcfilter = '(ipaConfigString=enabledService)'
attrs = ['cn', 'ipaConfigString']
if not dirsrv.is_running():
@@ -127,7 +126,7 @@ def get_config(dirsrv):
wait_for_open_ports(host, [int(port)], timeout=api.env.startup_timeout)
con = ldap.initialize(api.env.ldap_uri)
con.sasl_interactive_bind_s('', SASL_EXTERNAL)
- res = con.search_st(base,
+ res = con.search_st(str(base),
ldap.SCOPE_SUBTREE,
filterstr=srcfilter,
attrlist=attrs,
@@ -138,12 +137,10 @@ def get_config(dirsrv):
"Directory Server is stopped", 3)
except ldap.NO_SUCH_OBJECT:
masters_list = []
- dn = str(DN('cn=masters,cn=ipa,cn=etc,%s' % api.env.basedn))
+ dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn)
attrs = ['cn']
try:
- entries = con.search_s(dn,
- ldap.SCOPE_ONELEVEL,
- attrlist=attrs,)
+ entries = con.search_s(str(dn), ldap.SCOPE_ONELEVEL, attrlist=attrs)
except Exception, e:
masters_list.append("No master found because of error: %s" % str(e))
else:
generated by cgit (git 2.34.1) at 2024-06-24 00:00:56 +0000