From df7ee2ccf5ff12ab43b1a97385b4f28bc64ef083 Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Thu, 21 Jul 2011 16:00:27 +0200 Subject: Fix ipa-compat-manage not working after recent ipa-nis-manage change. ticket 1147 --- install/tools/ipa-compat-manage | 108 +++++++++++++++++++++++++--------------- install/tools/ipa-nis-manage | 2 +- 2 files changed, 68 insertions(+), 42 deletions(-) (limited to 'install') diff --git a/install/tools/ipa-compat-manage b/install/tools/ipa-compat-manage index 1203b00aa..07531fddc 100755 --- a/install/tools/ipa-compat-manage +++ b/install/tools/ipa-compat-manage @@ -37,7 +37,8 @@ error was: """ % sys.exc_value sys.exit(1) -netgroup_compat_dn = "cn=ng,cn=Schema Compatibility,cn=plugins,cn=config" +compat_dn = "cn=Schema Compatibility,cn=plugins,cn=config" +nis_config_dn = "cn=NIS Server,cn=plugins,cn=config" def parse_options(): usage = "%prog [options] \n" @@ -64,6 +65,18 @@ def get_dirman_password(): return password +def get_entry(dn, conn): + """ + Return the entry for the given DN. If the entry is not found return + None. + """ + entry = None + try: + (dn, entry) = conn.get_entry(dn, normalize=False) + except errors.NotFound: + pass + return entry + def main(): retval = 0 loglevel = logging.ERROR @@ -104,68 +117,81 @@ def main(): sys.exit("Authentication failed: %s" % e.info) if args[0] == "status": + entry = None try: - conn.get_entry('cn=Schema Compatibility,cn=plugins,cn=config', normalize=False) - print "Plugin Enabled" - except errors.NotFound: - print "Plugin Disabled" + entry = get_entry(compat_dn, conn) + if entry is not None and entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'on': + print "Plugin Enabled" + else: + print "Plugin Disabled" except errors.LDAPError, lde: print "An error occurred while talking to the server." print lde - return 0 if args[0] == "enable": + entry = None try: - conn.get_entry('cn=Schema Compatibility,cn=plugins,cn=config', normalize=False) - print "Plugin already Enabled" - retval = 2 - except errors.NotFound: - print "Enabling plugin" + entry = get_entry(compat_dn, conn) + if entry is not None and entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'on': + print "Plugin already Enabled" + retval = 2 + else: + print "Enabling plugin" + + if entry is None: + ld = LDAPUpdate(dm_password=dirman_password, sub_dict={}) + if not ld.update(files): + print "Updating Directory Server failed." + retval = 1 + else: + mod = {'nsslapd-pluginenabled': 'on'} + conn.update_entry(compat_dn, mod, normalize=False) except errors.ExecutionError, lde: print "An error occurred while talking to the server." print lde retval = 1 - if retval == 0: - ld = LDAPUpdate(dm_password=dirman_password, sub_dict={}) - rv = ld.update(files) - if rv: - print "This setting will not take effect until you restart Directory Server." - else: - print "Updating Directory Server failed." - retval = 1 - elif args[0] == "disable": - # We can't disable schema compat if the NIS plugin is enabled - try: - conn.get_entry(netgroup_compat_dn, normalize=False) - print >>sys.stderr, "The NIS plugin is configured, cannot disable compatibility." - print >>sys.stderr, "Run 'ipa-nis-manage disable' first." - sys.exit(2) - except errors.NotFound: - pass - # Make a quick hack for now, directly delete the entries by name, - # In future we should add delete capabilites to LDAPUpdate + entry = None try: - conn.delete_entry('cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config', normalize=False) - conn.delete_entry('cn=groups,cn=Schema Compatibility,cn=plugins,cn=config', normalize=False) - conn.delete_entry('cn=users,cn=Schema Compatibility,cn=plugins,cn=config', normalize=False) - conn.delete_entry('cn=Schema Compatibility,cn=plugins,cn=config', normalize=False) - except errors.NotFound: - print "Plugin is already disabled" - retval = 2 - except errors.DatabaseError, dbe: - print "An error occurred while talking to the server." - print dbe - retval = 1 + entry = get_entry(nis_config_dn, conn) + # We can't disable schema compat if the NIS plugin is enabled + if entry is not None and entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'on': + print >>sys.stderr, "The NIS plugin is configured, cannot disable compatibility." + print >>sys.stderr, "Run 'ipa-nis-manage disable' first." + retval = 2 except errors.ExecutionError, lde: print "An error occurred while talking to the server." print lde retval = 1 + if retval == 0: + entry = None + try: + entry = get_entry(compat_dn, conn) + if entry is None or entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'off': + print "Plugin is already disabled" + retval = 2 + else: + print "Disabling plugin" + + mod = {'nsslapd-pluginenabled': 'off'} + conn.update_entry(compat_dn, mod, normalize=False) + except errors.DatabaseError, dbe: + print "An error occurred while talking to the server." + print dbe + retval = 1 + except errors.ExecutionError, lde: + print "An error occurred while talking to the server." + print lde + retval = 1 + else: retval = 1 + if retval == 0: + print "This setting will not take effect until you restart Directory Server." + finally: if conn and conn.isconnected(): conn.disconnect() diff --git a/install/tools/ipa-nis-manage b/install/tools/ipa-nis-manage index 3625ae03a..d875f96de 100755 --- a/install/tools/ipa-nis-manage +++ b/install/tools/ipa-nis-manage @@ -131,7 +131,7 @@ def main(): if args[0] == "enable": compat = get_entry(compat_dn, conn) - if compat is None: + if compat is None or compat.get('nsslapd-pluginenabled', [''])[0].lower() == 'off': sys.exit("The compat plugin needs to be enabled: ipa-compat-manage enable") entry = None try: -- cgit