From a3554af3c7186a248222398b3ca4411fa6bb6a85 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Fri, 29 Jul 2011 13:05:07 +0300
Subject: Make proper LDAP configuration reporting for ipa-client-install

Ticket https://fedorahosted.org/freeipa/ticket/1369
---
 ipa-client/ipa-install/ipa-client-install | 47 +++++++++++++++++++------------
 1 file changed, 29 insertions(+), 18 deletions(-)

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index c5f66be85..e3b9dfbab 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -147,7 +147,7 @@ def uninstall(options, env):
     server_fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
     if server_fstore.has_files() and not options.on_master:
         print "IPA client is configured as a part of IPA server on this system."
-        print "Please refer to ipa-server-install for uninstallation."
+        print "Refer to ipa-server-install for uninstallation."
         return 2
 
     sssdconfig = SSSDConfig.SSSDConfig()
@@ -345,6 +345,7 @@ def configure_ldap_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, d
 
     opts.append({'name':'empty', 'type':'empty'})
 
+    ret = (0, None, None)
     # Depending on the release and distribution this may exist in any
     # number of different file names, update what we find
     for filename in ['/etc/ldap.conf', '/etc/nss_ldap.conf', '/etc/libnss-ldap.conf', '/etc/pam_ldap.conf']:
@@ -352,11 +353,12 @@ def configure_ldap_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, d
             try:
                 fstore.backup_file(filename)
                 ldapconf.newConf(filename, opts)
+                return (0, 'LDAP', filename)
             except Exception, e:
                 print "Creation of %s: %s" % (filename, str(e))
-                return 1
+                return (1, 'LDAP', filename)
 
-    return 0
+    return ret
 
 def configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options):
     nslcdconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer")
@@ -388,7 +390,7 @@ def configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server,
             nslcdconf.newConf('/etc/nslcd.conf', opts)
         except Exception, e:
             print "Creation of %s: %s" % ('/etc/nslcd.conf', str(e))
-            return 1
+            return (1, None, None)
 
     if ipautil.service_is_installed('nslcd'):
         try:
@@ -403,8 +405,9 @@ def configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server,
             logging.error("Failed to enable automatic startup of the NSLCD daemon: %s" % str(e))
     else:
         logging.debug("NSLCD daemon is not installed, skip configuration")
+        return (0, None, None)
 
-    return 0
+    return (0, 'NSLCD', '/etc/nslcd.conf')
 
 def hardcode_ldap_server(cli_server):
     """
@@ -422,6 +425,7 @@ def hardcode_ldap_server(cli_server):
 
     # Errors raised by this should be caught by the caller
     ldapconf.changeConf("/etc/ldap.conf", opts)
+    print "Changed configuration of /etc/ldap.conf to use hardcoded server name: " +cli_server
 
     return
 
@@ -737,7 +741,7 @@ def main():
 
     if fstore.has_files():
         sys.exit("IPA client is already configured on this system.\n"
-                + "If you want to reinstall the IPA client please uninstall it first.")
+                + "If you want to reinstall the IPA client, uninstall it first.")
 
     cli_domain = None
     cli_server = None
@@ -766,7 +770,7 @@ def main():
 
     if ret == ipadiscovery.BAD_HOST_CONFIG:
         print >>sys.stderr, "Can't get the fully qualified name of this host"
-        print >>sys.stderr, "Please check that the client is properly configured"
+        print >>sys.stderr, "Check that the client is properly configured"
         return ret
     if ret == ipadiscovery.NOT_FQDN:
         print >>sys.stderr, "%s is not a fully-qualified hostname" % hostname
@@ -780,7 +784,7 @@ def main():
             return ret
         else:
             print "DNS discovery failed to determine your DNS domain"
-            cli_domain = user_input("Please provide the domain name of your IPA server (ex: example.com)", allow_empty = False)
+            cli_domain = user_input("Provide the domain name of your IPA server (ex: example.com)", allow_empty = False)
             logging.debug("will use domain: %s\n", cli_domain)
         ret = ds.search(domain=cli_domain, server=options.server, hostname=hostname)
 
@@ -798,7 +802,7 @@ def main():
             return ret
         else:
             print "DNS discovery failed to find the IPA Server"
-            cli_server = user_input("Please provide your IPA server name (ex: ipa.example.com)", allow_empty = False)
+            cli_server = user_input("Provide your IPA server name (ex: ipa.example.com)", allow_empty = False)
             logging.debug("will use server: %s\n", cli_server)
         ret = ds.search(domain=cli_domain, server=cli_server, hostname=hostname)
     else:
@@ -998,16 +1002,19 @@ def main():
                 print >>sys.stderr, "Failed to configure automatic startup of the NSCD daemon"
                 print >>sys.stderr, "Caching of users/groups will not be available after reboot"
             else:
-                print >>sys.stderr, "Failed to disable NSCD daemon. Please disable it manually."
+                print >>sys.stderr, "Failed to disable NSCD daemon. Disable it manually."
 
     else:
         # this is optional service, just log
-        logging.info("NSCD daemon is not installed, skip configuration")
+        if not options.sssd:
+            logging.info("NSCD daemon is not installed, skip configuration")
 
+    retcode, conf, filename = (0, None, None)
     # Modify nsswitch/pam stack
     if options.sssd:
         cmd = ["/usr/sbin/authconfig", "--enablesssd", "--enablesssdauth", "--update"]
         message = "SSSD enabled"
+        conf = 'SSSD'
     else:
         cmd = ["/usr/sbin/authconfig", "--enableldap", "--enableforcelegacy", "--update"]
         message = "LDAP enabled"
@@ -1024,11 +1031,12 @@ def main():
     # Update non-SSSD LDAP configuration after authconfig calls as it would
     # change its configuration otherways
     if not options.sssd:
-        if configure_ldap_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options):
-            return 1
-        if configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options):
-            return 1
-        print "LDAP configured"
+        for configurer in [configure_ldap_conf, configure_nslcd_conf]:
+            (retcode, conf, filename) = configurer(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options)
+            if retcode:
+                return 1
+            if conf:
+                print "%s configured using configuration file %s" % (conf, filename)
 
     #Check that nss is working properly
     if not options.on_master:
@@ -1046,8 +1054,11 @@ def main():
                 n = n + 1
 
         if not found:
-            print "nss_ldap is not able to use DNS discovery!"
-            print "Changing configuration to use hardcoded server name: " +cli_server
+            print "Unable to find 'admin' user with 'getent passwd admin'!"
+            if conf:
+                print "Recognized configuration: %s" % (conf)
+            else:
+                print "Unable to reliably detect configuration. Check NSS setup manually."
 
             try:
                 hardcode_ldap_server(cli_server)
-- 
cgit