From ea76d8c59af338f6a79ec87d7a931d2c8643e747 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Wed, 4 Aug 2010 10:09:35 -0400
Subject: Configure nslcd and a host of possible systems that use LDAP.

We will update any/all of /etc/ldap.conf, /etc/nss_ldap.conf,
/etc/libnss-ldap.conf and /etc/pam_ldap.conf.

nslcd is the replacement for nss_ldap.

ticket 50
---
 ipa-client/ipa-install/ipa-client-install | 62 ++++++++++++++++++++++++++-----
 1 file changed, 53 insertions(+), 9 deletions(-)

(limited to 'ipa-client/ipa-install/ipa-client-install')

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 5952c941b..e0abfd67a 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -31,7 +31,7 @@ try:
     import ipaclient.ipadiscovery
     import ipaclient.ipachangeconf
     import ipaclient.ntpconf
-    from ipapython.ipautil import run, user_input, CalledProcessError
+    from ipapython.ipautil import run, user_input, CalledProcessError, file_exists
     from ipapython import sysrestore
     from ipapython import version
     import SSSDConfig
@@ -303,12 +303,51 @@ def configure_ldap_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, d
         opts.append({'name':'nss_srv_domain', 'type':'option', 'value':cli_domain})
 
     opts.append({'name':'empty', 'type':'empty'})
-    try:
-        fstore.backup_file("/etc/ldap.conf")
-        ldapconf.newConf("/etc/ldap.conf", opts)
-    except Exception, e:
-        print "Creation of /etc/ldap.conf: " + str(e)
-        return 1
+
+    # Depending on the release and distribution this may exist in any
+    # number of different file names, update what we find
+    for filename in ['/etc/ldap.conf', '/etc/nss_ldap.conf', '/etc/libnss-ldap.conf', '/etc/pam_ldap.conf']:
+        if file_exists(filename):
+            try:
+                fstore.backup_file(filename)
+                ldapconf.newConf(filename, opts)
+            except Exception, e:
+                print "Creation of %s: %s" % (filename, str(e))
+                return 1
+
+    return 0
+
+def configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options):
+    nslcdconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer")
+    nslcdconf.setOptionAssignment(" ")
+
+    opts = [{'name':'comment', 'type':'comment', 'value':'File modified by ipa-client-install'},
+            {'name':'empty', 'type':'empty'},
+            {'name':'ldap_version', 'type':'option', 'value':'3'},
+            {'name':'base', 'type':'option', 'value':cli_basedn},
+            {'name':'empty', 'type':'empty'},
+            {'name':'base passwd', 'type':'option', 'value':'cn=users,cn=accounts,'+cli_basedn},
+            {'name':'base group', 'type':'option', 'value':'cn=groups,cn=accounts,'+cli_basedn},
+            {'name':'map group', 'type':'option', 'value':'uniqueMember member'},
+            {'name':'timelimit', 'type':'option', 'value':'15'},
+            {'name':'empty', 'type':'empty'}]
+    if not dnsok or options.force or options.on_master:
+        if options.on_master:
+            opts.append({'name':'uri', 'type':'option', 'value':'ldap://localhost'})
+        else:
+            opts.append({'name':'uri', 'type':'option', 'value':'ldap://'+cli_server})
+    else:
+        opts.append({'name':'uri', 'type':'option', 'value':'DNS'})
+
+    opts.append({'name':'empty', 'type':'empty'})
+
+    if file_exists('/etc/nslcd.conf'):
+        try:
+            fstore.backup_file('/etc/nslcd.conf')
+            nslcdconf.newConf('/etc/nslcd.conf', opts)
+        except Exception, e:
+            print "Creation of %s: %s" % ('/etc/nslcd.conf', str(e))
+            return 1
 
     return 0
 
@@ -317,6 +356,9 @@ def hardcode_ldap_server(cli_server):
     DNS Discovery didn't return a valid IPA server, hardcode a value into
     the file instead.
     """
+    if not file_exists('/etc/ldap.conf'):
+        return
+
     ldapconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer")
     ldapconf.setOptionAssignment(" ")
 
@@ -537,7 +579,7 @@ def main():
 
     if not options.unattended:
         if options.principal is None and options.password is None and options.prompt_password is False:
-            options.principal = user_input("Principal", allow_empty=False)
+            options.principal = user_input("Enrollment principal", allow_empty=False)
 
     # Get the CA certificate
     try:
@@ -628,7 +670,9 @@ def main():
     else:
         if configure_ldap_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options):
             return 1
-        print "Configured /etc/ldap.conf"
+        if configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options):
+            return 1
+        print "Configured LDAP"
 
     # Add the CA to the default NSS database and trust it
     run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", "/etc/ipa/ca.crt"])
-- 
cgit