From e7731244749028b11d89e8ac745a5d16f7d470e2 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mkosek@redhat.com>
Date: Wed, 18 May 2011 17:06:15 +0200
Subject: Fix support for nss-pam-ldapd

Client installation with --no-sssd option was broken if the client
was based on a nss-pam-ldap instead of nss_ldap. The main issue is
with authconfig rewriting the nslcd.conf after it has been
configured by ipa-client-install.

This has been fixed by changing an order of installation steps.
Additionally, nslcd daemon needed for nss-pam-ldap function is
correctly started.

https://fedorahosted.org/freeipa/ticket/1235
---
 ipa-client/ipa-install/ipa-client-install | 59 +++++++++++++++++++++++--------
 1 file changed, 45 insertions(+), 14 deletions(-)

(limited to 'ipa-client/ipa-install/ipa-client-install')

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 67196022a..3b6385ef2 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -240,7 +240,7 @@ def uninstall(options, env):
             ipautil.service_restart('nscd')
         except:
             print "Failed to restart start the NSCD daemon"
-    
+
         try:
             ipautil.chkconfig_on('nscd')
         except:
@@ -249,6 +249,20 @@ def uninstall(options, env):
         # this is optional service, just log
         logging.info("NSCD daemon is not installed, skip configuration")
 
+    if ipautil.service_is_installed('nslcd'):
+        try:
+            ipautil.service_stop('nslcd')
+        except:
+            print "Failed to stop the NSLCD daemon"
+
+        try:
+            ipautil.chkconfig_off('nslcd')
+        except:
+            print "Failed to disable automatic startup of the NSLCD daemon"
+    else:
+        # this is optional service, just log
+        logging.info("NSLCD daemon is not installed, skip configuration")
+
     if not options.unattended:
         print "The original nsswitch.conf configuration has been restored."
         print "You may need to restart services or reboot the machine."
@@ -365,6 +379,20 @@ def configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server,
             print "Creation of %s: %s" % ('/etc/nslcd.conf', str(e))
             return 1
 
+    if ipautil.service_is_installed('nslcd'):
+        try:
+            ipautil.service_restart('nslcd')
+        except Exception, e:
+            logging.error("nslcd failed to restart: %s" % str(e))
+
+        try:
+            ipautil.chkconfig_on('nslcd')
+        except Exception, e:
+            print "Failed to configure automatic startup of the NSLCD daemon"
+            logging.error("Failed to enable automatic startup of the NSLCD daemon: %s" % str(e))
+    else:
+        logging.debug("NSLCD daemon is not installed, skip configuration")
+
     return 0
 
 def hardcode_ldap_server(cli_server):
@@ -667,7 +695,7 @@ def main():
     ds = ipaclient.ipadiscovery.IPADiscovery()
 
     ret = ds.search(domain=options.domain, server=options.server)
-    
+
     if ret == -10:
         print >>sys.stderr, "Can't get the fully qualified name of this host"
         print >>sys.stderr, "Please check that the client is properly configured"
@@ -684,7 +712,7 @@ def main():
             cli_domain = user_input("Please provide the domain name of your IPA server (ex: example.com)", allow_empty = False)
             logging.debug("will use domain: %s\n", cli_domain)
         ret = ds.search(domain=cli_domain, server=options.server)
-        
+
     if not cli_domain:
         if ds.getDomainName():
             cli_domain = ds.getDomainName()
@@ -856,12 +884,6 @@ def main():
         if configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options):
             return 1
         print "Configured /etc/sssd/sssd.conf"
-    else:
-        if configure_ldap_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options):
-            return 1
-        if configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options):
-            return 1
-        print "Configured LDAP"
 
     # Add the CA to the default NSS database and trust it
     run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", "/etc/ipa/ca.crt"])
@@ -898,7 +920,7 @@ def main():
             print >>sys.stderr, "Failed to %s the NSCD daemon" % nscd_service_action
             if not options.sssd:
                 print >>sys.stderr, "Caching of users/groups will not be available"
-    
+
         try:
             nscd_chkconfig_cmd('nscd')
         except:
@@ -922,6 +944,19 @@ def main():
     run(cmd)
     print message
 
+    #Modify pam to add pam_krb5
+    run(["/usr/sbin/authconfig", "--enablekrb5", "--update", "--nostart"])
+    print "Kerberos 5 enabled"
+
+    # Update non-SSSD LDAP configuration after authconfig calls as it would
+    # change its configuration otherways
+    if not options.sssd:
+        if configure_ldap_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options):
+            return 1
+        if configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options):
+            return 1
+        print "LDAP configured"
+
     #Check that nss is working properly
     if not options.on_master:
         n = 0
@@ -946,10 +981,6 @@ def main():
             except Exception, e:
                 sys.exit("Adding hardcoded server name to /etc/ldap.conf failed: " + str(e))
 
-    #Modify pam to add pam_krb5
-    run(["/usr/sbin/authconfig", "--enablekrb5", "--update", "--nostart"])
-    print "Kerberos 5 enabled"
-
     if options.conf_ntp and not options.on_master:
         if options.ntp_server:
             ntp_server = options.ntp_server
-- 
cgit