From ed488c63496b3a99169c3f84282bf943c6b36b5a Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Wed, 14 Jul 2010 13:56:46 -0400 Subject: Fix ipa-compat-manage and ipa-nis-manage Neither of these was working properly, I assume due to changes in the ldap backend. The normalizer now appends the basedn if it isn't included and this was causing havoc with these utilities. After fixing the basics I found a few corner cases that I also addressed: - you can't/shouldn't disable compat if the nis plugin is enabled - we always want to load the nis LDAP update so we get the netgroup config - LDAPupdate.update() returns True/False, not an integer I took some time and fixed up some things pylint complained about too. Ticket #83 --- install/tools/ipa-compat-manage | 60 ++++++++++++++++---------- install/tools/ipa-nis-manage | 94 +++++++++++++++++++++++++++-------------- 2 files changed, 100 insertions(+), 54 deletions(-) (limited to 'install/tools') diff --git a/install/tools/ipa-compat-manage b/install/tools/ipa-compat-manage index b22ce77f9..3128ed718 100755 --- a/install/tools/ipa-compat-manage +++ b/install/tools/ipa-compat-manage @@ -22,18 +22,12 @@ import sys try: from optparse import OptionParser - from ipapython import entity, ipautil, config + from ipapython import ipautil, config from ipaserver.install import installutils - from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax, UPDATES_DIR + from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax from ipaserver.plugins.ldap2 import ldap2 - from ipalib import errors + from ipalib import api, errors import logging - import re - import krbV - import platform - import shlex - import time - import random except ImportError: print >> sys.stderr, """\ There was a problem importing one of the required Python modules. The @@ -43,6 +37,8 @@ error was: """ % sys.exc_value sys.exit(1) +netgroup_compat_dn = "cn=ng,cn=Schema Compatibility,cn=plugins,cn=config" + def parse_options(): usage = "%prog [options] \n" usage += "%prog [options]\n" @@ -71,7 +67,7 @@ def get_dirman_password(): def main(): retval = 0 loglevel = logging.ERROR - files=['/usr/share/ipa/schema_compat.uldif'] + files = ['/usr/share/ipa/schema_compat.uldif'] options, args = parse_options() if options.debug: @@ -94,6 +90,9 @@ def main(): else: dirman_password = get_dirman_password() + api.bootstrap(context='cli', debug=options.debug) + api.finalize() + conn = None try: ldapuri = 'ldap://%s' % installutils.get_fqdn() @@ -102,42 +101,57 @@ def main(): conn.connect( bind_dn='cn=directory manager', bind_pw=dirman_password ) - except errors.LDAPError, e: + except errors.LDAPError, lde: print "An error occurred while connecting to the server." - print e + print lde return 1 if args[0] == "enable": try: - conn.get_entry('cn=Schema Compatibility,cn=plugins,cn=config') + conn.get_entry('cn=Schema Compatibility,cn=plugins,cn=config', normalize=False) print "Plugin already Enabled" retval = 2 except errors.NotFound: print "Enabling plugin" - except errors.LDAPError, e: + except errors.LDAPError, lde: print "An error occurred while talking to the server." - print e + print lde retval = 1 if retval == 0: ld = LDAPUpdate(dm_password=dirman_password, sub_dict={}) - retval = ld.update(files) - if retval == 0: + rv = ld.update(files) + if rv: print "This setting will not take effect until you restart Directory Server." + else: + print "Updating Directory Server failed." + retval = 1 elif args[0] == "disable": - # Make a quick hack foir now, directly delete the entries by name, + # We can't disable schema compat if the NIS plugin is enabled + try: + conn.get_entry(netgroup_compat_dn, normalize=False) + print "The NIS plugin is configured, cannot disable compatibility." + print "Run 'ipa-nis-manage disable' first." + return 2 + except errors.NotFound: + pass + # Make a quick hack for now, directly delete the entries by name, # In future we should add delete capabilites to LDAPUpdate try: - conn.delete_entry('cn=groups,cn=Schema Compatibility,cn=plugins,cn=config') - conn.delete_entry('cn=users,cn=Schema Compatibility,cn=plugins,cn=config') - conn.delete_entry('cn=Schema Compatibility,cn=plugins,cn=config') + conn.delete_entry('cn=groups,cn=Schema Compatibility,cn=plugins,cn=config', normalize=False) + conn.delete_entry('cn=users,cn=Schema Compatibility,cn=plugins,cn=config', normalize=False) + conn.delete_entry('cn=Schema Compatibility,cn=plugins,cn=config', normalize=False) except errors.NotFound: print "Plugin is already disabled" retval = 2 - except errors.LDAPError, e: + except errors.DatabaseError, dbe: + print "An error occurred while talking to the server." + print lde + retval = 1 + except errors.LDAPError, lde: print "An error occurred while talking to the server." - print e + print lde retval = 1 else: diff --git a/install/tools/ipa-nis-manage b/install/tools/ipa-nis-manage index 22cfd432e..706b0e630 100755 --- a/install/tools/ipa-nis-manage +++ b/install/tools/ipa-nis-manage @@ -22,11 +22,11 @@ import sys try: from optparse import OptionParser - from ipapython import entity, ipautil, config + from ipapython import ipautil, config from ipaserver.install import installutils - from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax, UPDATES_DIR + from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax from ipaserver.plugins.ldap2 import ldap2 - from ipalib import errors + from ipalib import api, errors import logging except ImportError: print >> sys.stderr, """\ @@ -38,6 +38,7 @@ error was: sys.exit(1) nis_config_dn = "cn=NIS Server, cn=plugins, cn=config" +compat_dn = "cn=Schema Compatibility,cn=plugins,cn=config" def parse_options(): usage = "%prog [options] \n" @@ -64,10 +65,14 @@ def get_dirman_password(): return password -def get_nis_config(conn): +def get_entry(dn, conn): + """ + Return the entry for the given DN. If the entry is not found return + None. + """ entry = None try: - (dn, entry) = conn.get_entry(nis_config_dn) + (dn, entry) = conn.get_entry(dn, normalize=False) except errors.NotFound: pass return entry @@ -75,7 +80,7 @@ def get_nis_config(conn): def main(): retval = 0 loglevel = logging.ERROR - files=['/usr/share/ipa/nis.uldif'] + files = ['/usr/share/ipa/nis.uldif'] servicemsg = "" options, args = parse_options() @@ -99,6 +104,9 @@ def main(): else: dirman_password = get_dirman_password() + api.bootstrap(context='cli', debug=options.debug) + api.finalize() + conn = None try: ldapuri = 'ldap://%s' % installutils.get_fqdn() @@ -107,62 +115,86 @@ def main(): conn.connect( bind_dn='cn=directory manager', bind_pw=dirman_password ) - except errors.LDAPError, e: + except errors.LDAPError, lde: print "An error occurred while connecting to the server." - print e + print lde return 1 if args[0] == "enable": + compat = get_entry(compat_dn, conn) + if compat is None: + print "The compat plugin needs to be enabled: ipa-compat-manage enable" + return 1 entry = None try: - entry = get_nis_config(conn) - except errors.LDAPError, e: + entry = get_entry(nis_config_dn, conn) + except errors.LDAPError, lde: print "An error occurred while talking to the server." - print e + print lde retval = 1 # Enable either the portmap or rpcbind service try: ipautil.run(["/sbin/chkconfig", "portmap", "on"]) servicemsg = "portmap" - except ipautil.CalledProcessError, e: - if e.returncode == 1: + except ipautil.CalledProcessError, cpe: + if cpe.returncode == 1: try: ipautil.run(["/sbin/chkconfig", "rpcbind", "on"]) servicemsg = "rpcbind" - except ipautil.CalledProcessError, e: + except ipautil.CalledProcessError, cpe: print "Unable to enable either portmap or rpcbind" retval = 3 - if entry is None: + # The cn=config entry for the plugin may already exist but it + # could be turned off, handle both cases. + if (entry is None or + entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'off'): + # Already configured, just enable the plugin print "Enabling plugin" - - if entry is None: - # Load the plugin configuration - ld = LDAPUpdate(dm_password=dirman_password, sub_dict={}) - retval = ld.update(files) + ld = LDAPUpdate(dm_password=dirman_password, sub_dict={}) + if ld.update(files) != True: + retval = 1 + mod = {'nsslapd-pluginenabled': 'on'} + try: + conn.update_entry(nis_config_dn, mod, normalize=False) + except errors.EmptyModlist: + # plugin is already enabled, silently continue + pass else: - if entry.get('nsslapd-pluginenabled', '').lower() == 'off': - # Already configured, just enable the plugin - print "Enabling plugin" - mod = {'nsslapd-pluginenabled': 'on'} - conn.update_entry(nis_config_dn, mod) - else: - print "Plugin already Enabled" - retval = 2 + print "Plugin already Enabled" + retval = 2 elif args[0] == "disable": try: mod = {'nsslapd-pluginenabled': 'off'} - conn.update_entry(nis_config_dn, mod) + conn.update_entry(nis_config_dn, mod, normalize=False) except errors.NotFound: print "Plugin is already disabled" retval = 2 - except errors.LDAPError, e: + except errors.EmptyModlist: + print "Plugin is already disabled" + retval = 2 + except errors.LDAPError, lde: print "An error occurred while talking to the server." - print e + print lde retval = 1 + # delete the netgroups compat area. + try: + conn.delete_entry('cn=ng,cn=Schema Compatibility,cn=plugins,cn=config', normalize=False) + except errors.NotFound: + pass + except errors.DatabaseError, dbe: + print "An error occurred while talking to the server." + print lde + retval = 1 + except errors.LDAPError, lde: + print "An error occurred while talking to the server." + print lde + retval = 1 + + else: retval = 1 -- cgit