From b8f46b1ceecf9d2fb44dba68394fee8f435c8755 Mon Sep 17 00:00:00 2001 From: Rich Megginson Date: Wed, 17 Sep 2008 13:13:42 -0600 Subject: fix issues brought up by initial review of ipa winsync enhancements --- ipa-server/ipa-install/ipa-replica-manage | 20 +++++++++++++------- ipa-server/ipa-install/share/indices.ldif | 13 +++++++++++++ .../ipa-winsync/ipa-winsync-config.c | 4 +++- 3 files changed, 29 insertions(+), 8 deletions(-) diff --git a/ipa-server/ipa-install/ipa-replica-manage b/ipa-server/ipa-install/ipa-replica-manage index 2021eab68..c8e573504 100644 --- a/ipa-server/ipa-install/ipa-replica-manage +++ b/ipa-server/ipa-install/ipa-replica-manage @@ -93,19 +93,25 @@ def del_master(replman, hostname): def add_master(replman, hostname, options): other_args = {} - if options.winsync: - # these are the parameters required to create a winsync agreement - other_args['winsync'] = True - if options.port: - other_args['port'] = options.port + if options.port: + other_args['port'] = options.port + if options.binddn: other_args['binddn'] = options.binddn + if options.bindpw: other_args['bindpw'] = options.bindpw + if options.cacert: other_args['cacert'] = options.cacert - # have to install the windows ca cert before doing anything else + if options.winsync: + other_args['winsync'] = True + if not options.binddn or not options.bindpw or not options.cacert: + logging.error("The arguments --binddn, --bindpw, and --cacert are required to create a winsync agreement") + sys.exit(1) + if options.cacert: + # have to install the given CA cert before doing anything else ds = dsinstance.DsInstance(realm_name = get_realm_name(), dm_password = replman.dirman_passwd) if not ds.add_ca_cert(options.cacert): - logging.error("Could not load the required CA certificate file [%s] - cannot add winsync agreement" % + logging.error("Could not load the required CA certificate file [%s]" % options.cacert) sys.exit(1) # have to reconnect replman connection since the directory server was restarted diff --git a/ipa-server/ipa-install/share/indices.ldif b/ipa-server/ipa-install/share/indices.ldif index 632a28791..e00898316 100644 --- a/ipa-server/ipa-install/share/indices.ldif +++ b/ipa-server/ipa-install/share/indices.ldif @@ -82,3 +82,16 @@ nsSystemIndex:false nsIndexType:eq nsMatchingRule: integerOrderingMatch +dn: cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +objectClass: top +objectClass: nsIndex +cn: ntUniqueId +nsSystemIndex: false +nsIndexType: eq,pres + +dn: cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +objectClass: top +objectClass: nsIndex +cn: ntUserDomainId +nsSystemIndex: false +nsIndexType: eq,pres diff --git a/ipa-server/ipa-slapi-plugins/ipa-winsync/ipa-winsync-config.c b/ipa-server/ipa-slapi-plugins/ipa-winsync/ipa-winsync-config.c index 7020847e3..f4c4484d9 100644 --- a/ipa-server/ipa-slapi-plugins/ipa-winsync/ipa-winsync-config.c +++ b/ipa-server/ipa-slapi-plugins/ipa-winsync/ipa-winsync-config.c @@ -110,7 +110,9 @@ ipa_winsync_config(Slapi_Entry *config_e) if ( inited ) { slapi_log_error( SLAPI_LOG_FATAL, IPA_WINSYNC_PLUGIN_NAME, - "only one PAM pass through plugin instance can be used\n" ); + "Error: IPA WinSync plug-in already configured. " + "Please remove the plugin config entry [%s]\n", + slapi_entry_get_dn_const(config_e)); return( LDAP_PARAM_ERROR ); } -- cgit