6 files changed, 72 insertions, 18 deletions

diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index a10b85464..30ce41138 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -275,7 +275,10 @@ class BindInstance(service.Service):
 
     def __enable(self):
         self.backup_state("enabled", self.is_running())
-        self.chkconfig_on()
+        # We do not let the system start IPA components on its own,
+        # Instead we reply on the IPA init script to start only enabled
+        # components as found in our LDAP configuration tree
+        self.ldap_enable('DNS', self.fqdn, self.dm_password, self.suffix)
 
     def __setup_sub_dict(self):
         if self.forwarders:
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 5f13b721f..4a645bc84 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -242,7 +242,6 @@ class CADSInstance(service.Service):
 
         self.step("creating directory server user", self.__create_ds_user)
         self.step("creating directory server instance", self.__create_instance)
-        self.step("configuring directory to start on boot", self.__enable)
         self.step("restarting directory server", self.__restart_instance)
 
         self.start_creation("Configuring directory server for the CA", 30)
@@ -255,13 +254,6 @@ class CADSInstance(service.Service):
                              SERVER_ROOT=server_root, DOMAIN=self.domain,
                              TIME=int(time.time()), DSPORT=self.ds_port)
 
-    def __enable(self):
-        name = self.service_name
-        self.service_name="dirsrv"
-        self.backup_state("enabled", self.is_enabled())
-        self.chkconfig_on()
-        self.service_name = name
-
     def __create_ds_user(self):
         user_exists = True
         try:
@@ -483,7 +475,11 @@ class CAInstance(service.Service):
 
     def __enable(self):
         self.backup_state("enabled", self.is_enabled())
-        self.chkconfig_on()
+        # We do not let the system start IPA components on its own,
+        # Instead we reply on the IPA init script to start only enabled
+        # components as found in our LDAP configuration tree
+        suffix = util.realm_to_suffix(self.realm)
+        self.ldap_enable('CA', self.fqdn, self.dm_password, suffix)
 
     def __create_ca_user(self):
         user_exists = True
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 03066984e..6fdc479ca 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -295,7 +295,10 @@ class DsInstance(service.Service):
 
     def __enable(self):
         self.backup_state("enabled", self.is_enabled())
-        self.chkconfig_on()
+        # At the end of the installation ipa-server-install will enable the
+        # 'ipa' service wich takes care of starting/stopping dirsrv
+        # self.chkconfig_on()
+        self.chkconfig_off()
 
     def __setup_sub_dict(self):
         server_root = find_server_root()
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index f55995b19..73930825f 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -91,7 +91,10 @@ class HTTPInstance(service.Service):
 
     def __enable(self):
         self.backup_state("enabled", self.is_running())
-        self.chkconfig_on()
+        # We do not let the system start IPA components on its own,
+        # Instead we reply on the IPA init script to start only enabled
+        # components as found in our LDAP configuration tree
+        self.ldap_enable('HTTP', self.fqdn, self.dm_password, self.suffix)
 
     def __selinux_config(self):
         selinux=0
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index 8c22e6f41..516c7eac5 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -203,8 +203,7 @@ class KrbInstance(service.Service):
         self.start_creation("Configuring Kerberos KDC", 30)
 
         self.kpasswd = KpasswdInstance()
-
-        self.kpasswd.create_instance()
+        self.kpasswd.create_instance('KPASSWD', self.fqdn, self.admin_password, self.suffix)
 
     def create_replica(self, ds_user, realm_name, host_name,
                        domain_name, admin_password,
@@ -233,7 +232,7 @@ class KrbInstance(service.Service):
         self.start_creation("Configuring Kerberos KDC", 30)
 
         self.kpasswd = KpasswdInstance()
-        self.kpasswd.create_instance()
+        self.kpasswd.create_instance('KPASSWD', self.fqdn, self.admin_password, self.suffix)
 
     def __copy_ldap_passwd(self, filename):
         self.fstore.backup_file("/var/kerberos/krb5kdc/ldappwd")
@@ -258,7 +257,10 @@ class KrbInstance(service.Service):
 
     def __enable(self):
         self.backup_state("enabled", self.is_enabled())
-        self.chkconfig_on()
+        # We do not let the system start IPA components on its own,
+        # Instead we reply on the IPA init script to start only enabled
+        # components as found in our LDAP configuration tree
+        self.ldap_enable('KDC', self.fqdn, self.admin_password, self.suffix)
 
     def __start_instance(self):
         try:
diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py
index 43437306e..41b5455d3 100644
--- a/ipaserver/install/service.py
+++ b/ipaserver/install/service.py
@@ -29,6 +29,13 @@ import base64
 import time
 import datetime
 
+SERVICE_LIST = {
+    'KDC':('krb5kdc', 10),
+    'KPASSWD':('ipa_kpasswd', 20),
+    'DNS':('named', 30),
+    'HTTP':('httpd', 40),
+    'CA':('pki_cad', 50)
+}
 
 def stop(service_name, instance_name=""):
     ipautil.run(["/sbin/service", service_name, "stop", instance_name])
@@ -263,8 +270,44 @@ class Service:
 
         self.steps = []
 
+    def __get_conn(self, dm_password):
+        try:
+            conn = ipaldap.IPAdmin("127.0.0.1")
+            conn.simple_bind_s("cn=directory manager", dm_password)
+        except Exception, e:
+            logging.critical("Could not connect to the Directory Server on %s: %s" % (self.fqdn, str(e)))
+            raise e
+
+        return conn
+
+    def ldap_enable(self, name, fqdn, dm_password, ldap_suffix):
+        self.chkconfig_off()
+        conn = self.__get_conn(dm_password)
+
+        entry_name = "cn=%s,cn=%s,%s,%s" % (name, fqdn,
+                                            "cn=masters,cn=ipa,cn=etc",
+                                            ldap_suffix)
+        order = SERVICE_LIST[name][1]
+        entry = ipaldap.Entry(entry_name)
+        entry.setValues("objectclass",
+                        "nsContainer", "ipaConfigObject")
+        entry.setValues("cn", name)
+        entry.setValues("ipaconfigstring",
+                        "enabledService", "startOrder " + str(order))
+
+        try:
+            conn.add_s(entry)
+        except ldap.ALREADY_EXISTS:
+            logging.critical("failed to add %s Service startup entry" % name)
+            raise e
+
 class SimpleServiceInstance(Service):
-    def create_instance(self):
+    def create_instance(self, gensvc_name=None, fqdn=None, dm_password=None, ldap_suffix=None):
+        self.gensvc_name = gensvc_name
+        self.fqdn = fqdn
+        self.dm_password = dm_password
+        self.suffix = ldap_suffix
+
         self.step("starting %s " % self.service_name, self.__start)
         self.step("configuring %s to start on boot" % self.service_name, self.__enable)
         self.start_creation("Configuring %s" % self.service_name)
@@ -276,7 +319,11 @@ class SimpleServiceInstance(Service):
     def __enable(self):
         self.chkconfig_add()
         self.backup_state("enabled", self.is_enabled())
-        self.chkconfig_on()
+        if self.gensvc_name == None:
+            self.chkconfig_on()
+        else:
+            self.ldap_enable(self.gensvc_name, self.fqdn,
+                             self.dm_password, self.suffix)
 
     def uninstall(self):
         if self.is_configured():