From b87a025ce895c554a1bf944772af04fe5da7f805 Mon Sep 17 00:00:00 2001
From: Simo Sorce <ssorce@redhat.com>
Date: Wed, 26 Nov 2008 18:24:36 -0500
Subject: Add tool to enable or disable the schema compatibility plugin

---
 ipa-server/ipa-compat-manage                       | 157 +++++++++++++++++++++
 ipa-server/ipa-install/share/schema_compat.uldif   |  50 +++++++
 .../updates/schema_compatibility.update            |  50 -------
 3 files changed, 207 insertions(+), 50 deletions(-)
 create mode 100755 ipa-server/ipa-compat-manage
 create mode 100644 ipa-server/ipa-install/share/schema_compat.uldif
 delete mode 100644 ipa-server/ipa-install/updates/schema_compatibility.update

diff --git a/ipa-server/ipa-compat-manage b/ipa-server/ipa-compat-manage
new file mode 100755
index 000000000..048d6fd2f
--- /dev/null
+++ b/ipa-server/ipa-compat-manage
@@ -0,0 +1,157 @@
+#!/usr/bin/env python
+# Authors: Rob Crittenden <rcritten@redhat.com>
+# Authors: Simo Sorce <ssorce@redhat.com>
+#
+# Copyright (C) 2008  Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import sys
+try:
+    from optparse import OptionParser
+    from ipaserver import ipaldap
+    from ipa import entity, ipaerror, ipautil, config
+    from ipaserver import installutils
+    from ipaserver.ldapupdate import LDAPUpdate, BadSyntax, UPDATES_DIR
+    import ldap
+    import logging
+    import re
+    import krbV
+    import platform
+    import shlex
+    import time
+    import random
+except ImportError:
+    print >> sys.stderr, """\
+There was a problem importing one of the required Python modules. The
+error was:
+
+    %s
+""" % sys.exc_value
+    sys.exit(1)
+
+def parse_options():
+    usage = "%prog [options] <enable|disable>\n"
+    usage += "%prog [options]\n"
+    parser = OptionParser(usage=usage, formatter=config.IPAFormatter())
+
+    parser.add_option("-d", "--debug", action="store_true", dest="debug",
+                      help="Display debugging information about the update(s)")
+    parser.add_option("-y", dest="password",
+                      help="File containing the Directory Manager password")
+
+    config.add_standard_options(parser)
+    options, args = parser.parse_args()
+
+    config.init_config(options)
+
+    return options, args
+
+def get_dirman_password():
+    """Prompt the user for the Directory Manager password and verify its
+       correctness.
+    """
+    password = installutils.read_password("Directory Manager", confirm=False, validate=False)
+
+    return password
+
+def main():
+    retval = 0
+    loglevel = logging.NOTSET
+    files=['/usr/share/ipa/schema_compat.uldif']
+
+    options, args = parse_options()
+    if options.debug:
+        loglevel = logging.DEBUG
+
+    if len(args) != 1:
+        print "You must specify one action, either enable or disable"
+        sys.exit(1)
+    elif args[0] != "enable" and args[0] != "disable":
+        print "Unrecognized action [" + args[0] + "]"
+        sys.exit(1)
+
+    logging.basicConfig(level=loglevel,
+                        format='%(levelname)s %(message)s')
+
+    dirman_password = ""
+    if options.password:
+        pw = read_file(options.password)
+        dirman_password = pw[0].strip()
+    else:
+        dirman_password = get_dirman_password()
+
+    if args[0] == "enable":
+        try:
+            conn = ipaldap.IPAdmin(installutils.get_fqdn())
+            conn.do_simple_bind(bindpw=dirman_password)
+            conn.getEntry("cn=Schema Compatibility,cn=plugins,cn=config",
+                          ldap.SCOPE_BASE, "(objectclass=*)")
+            print "Plugin already Enabled"
+            retval = 2
+        except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
+            print "Enabling plugin"
+        finally:
+            if conn:
+                conn.unbind()
+
+        if retval == 0:
+            ld = LDAPUpdate(dm_password=dirman_password, sub_dict={})
+            retval = ld.update(files)
+            if retval == 0:
+                print "This setting will not take effect until you restart Directory Server."
+
+    elif args[0] == "disable":
+        # Make a quick hack foir now, directly delete the entries by name,
+        # In future we should add delete capabilites to LDAPUpdate
+        try:
+            conn = ipaldap.IPAdmin(installutils.get_fqdn())
+            conn.do_simple_bind(bindpw=dirman_password)
+            conn.getEntry("cn=Schema Compatibility,cn=plugins,cn=config",
+                          ldap.SCOPE_BASE, "(objectclass=*)")
+            conn.deleteEntry("cn=groups,cn=Schema Compatibility,cn=plugins,cn=config")
+            conn.deleteEntry("cn=users,cn=Schema Compatibility,cn=plugins,cn=config")
+            conn.deleteEntry("cn=Schema Compatibility,cn=plugins,cn=config")
+        except ipaerror.exception_for(ipaerror.LDAP_NOT_FOUND):
+            print "Plugin is already disabled"
+            retval = 2
+        finally:
+            if conn:
+                conn.unbind()
+
+    else:
+        retval = 1
+
+    return retval
+
+try:
+    if __name__ == "__main__":
+        sys.exit(main())
+except BadSyntax, e:
+    print "There is a syntax error in this update file:"
+    print "  %s" % e
+    sys.exit(1)
+except RuntimeError, e:
+    print "%s" % e
+    sys.exit(1)
+except SystemExit, e:
+    sys.exit(e)
+except KeyboardInterrupt, e:
+    sys.exit(1)
+except config.IPAConfigError, e:
+    print "An IPA server to update cannot be found. Has one been configured yet?"
+    print "The error was: %s" % e
+    sys.exit(1)
diff --git a/ipa-server/ipa-install/share/schema_compat.uldif b/ipa-server/ipa-install/share/schema_compat.uldif
new file mode 100644
index 000000000..71732c995
--- /dev/null
+++ b/ipa-server/ipa-install/share/schema_compat.uldif
@@ -0,0 +1,50 @@
+#
+# Enable the Schema Compatibility plugin provided by slapi-nis.
+#
+# http://slapi-nis.fedorahosted.org/
+#
+dn: cn=Schema Compatibility, cn=plugins, cn=config
+default:objectclass: top
+default:objectclass: nsSlapdPlugin
+default:objectclass: extensibleObject
+default:cn: Schema Compatibility
+default:nsslapd-pluginpath: /usr/lib$LIBARCH/dirsrv/plugins/schemacompat-plugin.so
+default:nsslapd-plugininitfunc: schema_compat_plugin_init
+default:nsslapd-plugintype: object
+default:nsslapd-pluginenabled: on
+default:nsslapd-pluginid: schema-compat-plugin
+default:nsslapd-pluginversion: 0.8
+default:nsslapd-pluginvendor: redhat.com
+default:nsslapd-plugindescription: Schema Compatibility Plugin
+
+dn: cn=users, cn=Schema Compatibility, cn=plugins, cn=config
+default:objectClass: top
+default:objectClass: extensibleObject
+default:cn: users
+default:schema-compat-container-group: cn=compat, $SUFFIX
+default:schema-compat-container-rdn: cn=users
+default:schema-compat-search-base: cn=users, cn=accounts, $SUFFIX
+default:schema-compat-search-filter: objectclass=posixAccount
+default:schema-compat-entry-rdn: uid=%{uid}
+default:schema-compat-entry-attribute: objectclass=posixAccount
+default:schema-compat-entry-attribute: gecos=%{cn}
+default:schema-compat-entry-attribute: cn=%{cn}
+default:schema-compat-entry-attribute: uidNumber=%{uidNumber}
+default:schema-compat-entry-attribute: gidNumber=%{gidNumber}
+default:schema-compat-entry-attribute: loginShell=%{loginShell}
+default:schema-compat-entry-attribute: homeDirectory=%{homeDirectory}
+
+dn: cn=groups, cn=Schema Compatibility, cn=plugins, cn=config
+default:objectClass: top
+default:objectClass: extensibleObject
+default:cn: groups
+default:schema-compat-container-group: cn=compat, $SUFFIX
+default:schema-compat-container-rdn: cn=groups
+default:schema-compat-search-base: cn=groups, cn=accounts, $SUFFIX
+default:schema-compat-search-filter: objectclass=posixGroup
+default:schema-compat-entry-rdn: cn=%{cn}
+default:schema-compat-entry-attribute: objectclass=posixGroup
+default:schema-compat-entry-attribute: gidNumber=%{gidNumber}
+default:schema-compat-entry-attribute: memberUid=%{memberUid}
+default:schema-compat-entry-attribute: memberUid=%deref("member","uid")
+default:schema-compat-entry-attribute: memberUid=%referred("cn=users","memberOf","uid")
diff --git a/ipa-server/ipa-install/updates/schema_compatibility.update b/ipa-server/ipa-install/updates/schema_compatibility.update
deleted file mode 100644
index 71732c995..000000000
--- a/ipa-server/ipa-install/updates/schema_compatibility.update
+++ /dev/null
@@ -1,50 +0,0 @@
-#
-# Enable the Schema Compatibility plugin provided by slapi-nis.
-#
-# http://slapi-nis.fedorahosted.org/
-#
-dn: cn=Schema Compatibility, cn=plugins, cn=config
-default:objectclass: top
-default:objectclass: nsSlapdPlugin
-default:objectclass: extensibleObject
-default:cn: Schema Compatibility
-default:nsslapd-pluginpath: /usr/lib$LIBARCH/dirsrv/plugins/schemacompat-plugin.so
-default:nsslapd-plugininitfunc: schema_compat_plugin_init
-default:nsslapd-plugintype: object
-default:nsslapd-pluginenabled: on
-default:nsslapd-pluginid: schema-compat-plugin
-default:nsslapd-pluginversion: 0.8
-default:nsslapd-pluginvendor: redhat.com
-default:nsslapd-plugindescription: Schema Compatibility Plugin
-
-dn: cn=users, cn=Schema Compatibility, cn=plugins, cn=config
-default:objectClass: top
-default:objectClass: extensibleObject
-default:cn: users
-default:schema-compat-container-group: cn=compat, $SUFFIX
-default:schema-compat-container-rdn: cn=users
-default:schema-compat-search-base: cn=users, cn=accounts, $SUFFIX
-default:schema-compat-search-filter: objectclass=posixAccount
-default:schema-compat-entry-rdn: uid=%{uid}
-default:schema-compat-entry-attribute: objectclass=posixAccount
-default:schema-compat-entry-attribute: gecos=%{cn}
-default:schema-compat-entry-attribute: cn=%{cn}
-default:schema-compat-entry-attribute: uidNumber=%{uidNumber}
-default:schema-compat-entry-attribute: gidNumber=%{gidNumber}
-default:schema-compat-entry-attribute: loginShell=%{loginShell}
-default:schema-compat-entry-attribute: homeDirectory=%{homeDirectory}
-
-dn: cn=groups, cn=Schema Compatibility, cn=plugins, cn=config
-default:objectClass: top
-default:objectClass: extensibleObject
-default:cn: groups
-default:schema-compat-container-group: cn=compat, $SUFFIX
-default:schema-compat-container-rdn: cn=groups
-default:schema-compat-search-base: cn=groups, cn=accounts, $SUFFIX
-default:schema-compat-search-filter: objectclass=posixGroup
-default:schema-compat-entry-rdn: cn=%{cn}
-default:schema-compat-entry-attribute: objectclass=posixGroup
-default:schema-compat-entry-attribute: gidNumber=%{gidNumber}
-default:schema-compat-entry-attribute: memberUid=%{memberUid}
-default:schema-compat-entry-attribute: memberUid=%deref("member","uid")
-default:schema-compat-entry-attribute: memberUid=%referred("cn=users","memberOf","uid")
-- 
cgit