3 files changed, 47 insertions, 65 deletions

diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 53fca5af0..7bd9aa69e 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -139,9 +139,8 @@ info: IPA V1.0
 
 class DsInstance(service.Service):
     def __init__(self, realm_name=None, domain_name=None, dm_password=None):
-        service.Service.__init__(self, "dirsrv")
+        service.Service.__init__(self, "dirsrv", dm_password=dm_password)
         self.realm_name = realm_name
-        self.dm_password = dm_password
         self.sub_dict = None
         self.domain = domain_name
         self.serverid = None
@@ -287,38 +286,11 @@ class DsInstance(service.Service):
             # TODO: roll back here?
             logging.critical("Failed to restart the directory server. See the installation log for details.")
 
-    def __ldap_mod(self, ldif, sub_dict = None):
-        fd = None
-        path = ipautil.SHARE_DIR + ldif
-
-        if not sub_dict is None:
-            txt = ipautil.template_file(path, sub_dict)
-            fd = ipautil.write_tmp_file(txt)
-            path = fd.name
-
-        [pw_fd, pw_name] = tempfile.mkstemp()
-        os.write(pw_fd, self.dm_password)
-        os.close(pw_fd)
-
-        args = ["/usr/bin/ldapmodify", "-h", "127.0.0.1", "-xv",
-                "-D", "cn=Directory Manager", "-y", pw_name, "-f", path]
-
-        try:
-            try:
-                ipautil.run(args)
-            except ipautil.CalledProcessError, e:
-                logging.critical("Failed to load %s: %s" % (ldif, str(e)))
-        finally:
-            os.remove(pw_name)
-
-        if not fd is None:
-            fd.close()
-
     def __add_memberof_module(self):
-        self.__ldap_mod("memberof-conf.ldif")
+        self._ldap_mod("memberof-conf.ldif")
 
     def init_memberof(self):
-        self.__ldap_mod("memberof-task.ldif", self.sub_dict)
+        self._ldap_mod("memberof-task.ldif", self.sub_dict)
 
     def apply_updates(self):
         ld = ldapupdate.LDAPUpdate(dm_password=self.dm_password)
@@ -326,19 +298,19 @@ class DsInstance(service.Service):
         ld.update(files)
 
     def __add_referint_module(self):
-        self.__ldap_mod("referint-conf.ldif")
+        self._ldap_mod("referint-conf.ldif")
 
     def __set_unique_attrs(self):
-        self.__ldap_mod("unique-attributes.ldif", self.sub_dict)
+        self._ldap_mod("unique-attributes.ldif", self.sub_dict)
 
     def __config_uidgid_gen_first_master(self):
-        self.__ldap_mod("dna-posix.ldif", self.sub_dict)
+        self._ldap_mod("dna-posix.ldif", self.sub_dict)
 
     def __add_master_entry_first_master(self):
-        self.__ldap_mod("master-entry.ldif", self.sub_dict)
+        self._ldap_mod("master-entry.ldif", self.sub_dict)
 
     def __add_winsync_module(self):
-        self.__ldap_mod("ipa-winsync-conf.ldif")
+        self._ldap_mod("ipa-winsync-conf.ldif")
 
     def __enable_ssl(self):
         dirname = config_dirname(self.serverid)
@@ -391,10 +363,10 @@ class DsInstance(service.Service):
         conn.unbind()
 
     def __add_default_layout(self):
-        self.__ldap_mod("bootstrap-template.ldif", self.sub_dict)
+        self._ldap_mod("bootstrap-template.ldif", self.sub_dict)
 
     def __create_indices(self):
-        self.__ldap_mod("indices.ldif")
+        self._ldap_mod("indices.ldif")
 
     def __certmap_conf(self):
         shutil.copyfile(ipautil.SHARE_DIR + "certmap.conf.template",
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index 6a45d3456..66ee63f81 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -83,7 +83,7 @@ class KrbInstance(service.Service):
         self.ds_user = None
         self.fqdn = None
         self.realm = None
-	self.domain = None
+        self.domain = None
         self.host = None
         self.admin_password = None
         self.master_password = None
@@ -108,6 +108,7 @@ class KrbInstance(service.Service):
         self.suffix = util.realm_to_suffix(self.realm)
         self.kdc_password = ipautil.ipa_generate_password()
         self.admin_password = admin_password
+        self.dm_password = admin_password
 
         self.__setup_sub_dict()
 
@@ -212,27 +213,6 @@ class KrbInstance(service.Service):
                              HOST=self.host,
                              REALM=self.realm)
 
-    def __ldap_mod(self, ldif):
-        txt = ipautil.template_file(ipautil.SHARE_DIR + ldif, self.sub_dict)
-        fd = ipautil.write_tmp_file(txt)
-
-        [pw_fd, pw_name] = tempfile.mkstemp()
-        os.write(pw_fd, self.admin_password)
-        os.close(pw_fd)
-
-        args = ["/usr/bin/ldapmodify", "-h", "127.0.0.1", "-xv",
-                "-D", "cn=Directory Manager", "-y", pw_name, "-f", fd.name]
-
-        try:
-            try:
-                ipautil.run(args)
-            except ipautil.CalledProcessError, e:
-                logging.critical("Failed to load %s: %s" % (ldif, str(e)))
-        finally:
-            os.remove(pw_name)
-
-        fd.close()
-
     def __configure_sasl_mappings(self):
         # we need to remove any existing SASL mappings in the directory as otherwise they
         # they may conflict. There is no way to define the order they are used in atm.
@@ -285,13 +265,13 @@ class KrbInstance(service.Service):
             raise e
 
     def __add_krb_entries(self):
-        self.__ldap_mod("kerberos.ldif")
+        self._ldap_mod("kerberos.ldif", self.sub_dict)
 
     def __add_default_acis(self):
-        self.__ldap_mod("default-aci.ldif")
+        self._ldap_mod("default-aci.ldif", self.sub_dict)
 
     def __add_default_keytypes(self):
-        self.__ldap_mod("default-keytypes.ldif")
+        self._ldap_mod("default-keytypes.ldif", self.sub_dict)
 
     def __create_replica_instance(self):
         self.__create_instance(replica=True)
@@ -342,7 +322,7 @@ class KrbInstance(service.Service):
 
     #add the password extop module
     def __add_pwd_extop_module(self):
-        self.__ldap_mod("pwd-extop-conf.ldif")
+        self._ldap_mod("pwd-extop-conf.ldif", self.sub_dict)
 
     def __add_master_key(self):
         #get the Master Key from the stash file
diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py
index ba539a210..41e77a73e 100644
--- a/ipaserver/install/service.py
+++ b/ipaserver/install/service.py
@@ -78,16 +78,46 @@ def print_msg(message, output_fd=sys.stdout):
 
 
 class Service:
-    def __init__(self, service_name, sstore=None):
+    def __init__(self, service_name, sstore=None, dm_password=None):
         self.service_name = service_name
         self.steps = []
         self.output_fd = sys.stdout
+        self.dm_password = dm_password
 
         if sstore:
             self.sstore = sstore
         else:
             self.sstore = sysrestore.StateFile('/var/lib/ipa/sysrestore')
 
+    def _ldap_mod(self, ldif, sub_dict = None):
+        assert self.dm_password is not None
+
+        fd = None
+        path = ipautil.SHARE_DIR + ldif
+
+        if sub_dict is not None:
+            txt = ipautil.template_file(path, sub_dict)
+            fd = ipautil.write_tmp_file(txt)
+            path = fd.name
+
+        [pw_fd, pw_name] = tempfile.mkstemp()
+        os.write(pw_fd, self.dm_password)
+        os.close(pw_fd)
+
+        args = ["/usr/bin/ldapmodify", "-h", "127.0.0.1", "-xv",
+                "-D", "cn=Directory Manager", "-y", pw_name, "-f", path]
+
+        try:
+            try:
+                ipautil.run(args)
+            except ipautil.CalledProcessError, e:
+                logging.critical("Failed to load %s: %s" % (ldif, str(e)))
+        finally:
+            os.remove(pw_name)
+
+        if fd is not None:
+            fd.close()
+
     def set_output(self, fd):
         self.output_fd = fd