From f736253b93bbb58000ae4ca0de63f9d6340f570a Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Mon, 15 Sep 2008 18:15:12 -0400 Subject: Run the LDAP updater at the end of the installation process. Running at the end ensures that /etc/ipa/ipa.conf is created and generally makes it more likely to succeed. Added a new argument to ipa-server-installl, -y , so we don't have to pass it on the command-line. --- ipa-server/ipa-install/ipa-server-install | 5 +++++ ipa-server/ipa-ldap-updater | 9 ++++++++- ipa-server/ipaserver/dsinstance.py | 20 ++++++++++++++++++++ ipa-server/man/ipa-ldap-updater.1 | 3 +++ 4 files changed, 36 insertions(+), 1 deletion(-) diff --git a/ipa-server/ipa-install/ipa-server-install b/ipa-server/ipa-install/ipa-server-install index d80bd7871..2ac2638cf 100644 --- a/ipa-server/ipa-install/ipa-server-install +++ b/ipa-server/ipa-install/ipa-server-install @@ -540,6 +540,11 @@ def main(): else: bind.create_sample_bind_zone() + # Apply any LDAP updates. Needs to be done after the configuration file + # is created + service.print_msg("Applying LDAP updates") + ds.apply_updates() + # Restart ds and krb after configurations have been changed service.print_msg("restarting the directory server") ds.restart() diff --git a/ipa-server/ipa-ldap-updater b/ipa-server/ipa-ldap-updater index 86a9fe9b1..0d378bb71 100755 --- a/ipa-server/ipa-ldap-updater +++ b/ipa-server/ipa-ldap-updater @@ -69,6 +69,8 @@ def parse_options(): help="Display debugging information about the update(s)") parser.add_option("-t", "--test", action="store_true", dest="test", help="Run through the update without changing anything") + parser.add_option("-y", dest="password", + help="File containing the Directory Manager password") config.add_standard_options(parser) options, args = parser.parse_args() @@ -565,7 +567,12 @@ def main(): "DOMAIN" : domain, "SUFFIX" : suffix, "LIBARCH" : libarch, "TIME" : int(time.time()) } - dirman_password = get_dirman_password(fqdn) + dirman_password = "" + if options.password: + pw = read_file(options.password) + dirman_password = pw[0].strip() + else: + dirman_password = get_dirman_password(fqdn) files=[] if len(args) < 1: diff --git a/ipa-server/ipaserver/dsinstance.py b/ipa-server/ipaserver/dsinstance.py index d313b4ed2..5c7cadd55 100644 --- a/ipa-server/ipaserver/dsinstance.py +++ b/ipa-server/ipaserver/dsinstance.py @@ -304,6 +304,26 @@ class DsInstance(service.Service): def init_memberof(self): self.__ldap_mod("memberof-task.ldif", self.sub_dict) + def apply_updates(self): + """Run the ipa-ldap-updater tool. Needs to be run after the + configuration file /etc/ipa/ipa.conf has been created. + """ + [pw_fd, pw_name] = tempfile.mkstemp() + os.write(pw_fd, self.dm_password) + os.close(pw_fd) + + try: + args = ["/usr/sbin/ipa-ldap-updater", + "-y", pw_name] + try: + ipautil.run(args) + logging.debug("Updates applied") + except ipautil.CalledProcessError, e: + print "Unable to apply updates", e + logging.debug("Unable to apply updates%s" % e) + finally: + os.remove(pw_name) + def __add_referint_module(self): self.__ldap_mod("referint-conf.ldif") diff --git a/ipa-server/man/ipa-ldap-updater.1 b/ipa-server/man/ipa-ldap-updater.1 index 583f8931d..4a1dd5cda 100644 --- a/ipa-server/man/ipa-ldap-updater.1 +++ b/ipa-server/man/ipa-ldap-updater.1 @@ -67,6 +67,9 @@ Enable debug logging when more verbose output is needed .TP \fB\-t\fR, \fB\-\-test\fR Run through the update without changing anything +.TP +\fB\-y\fR +File containing the Directory Manager password .SH "EXIT STATUS" 0 if the command was successful -- cgit