From 005b74d869ce240018985fd8abc752a5e200eb74 Mon Sep 17 00:00:00 2001
From: Ondrej Hamada <ohamada@redhat.com>
Date: Mon, 5 Dec 2011 10:19:10 +0100
Subject: Client install checks for nss_ldap

In order to check presence of nss_ldap or nss-pam-ldapd when installing
client with '--no-sssd' option there was added code into ipa-client-install.
Checking is based on existence of one of nss_ldap configuration files.
This configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or
'/etc/libnss_ldap.conf'. Optionaly the nss_ldap could cooperate with
pam_ldap module and hence the presence of it is checked by looking for
'pam_ldap.conf' file. Existence of nss-pam-ldapd is checked against
existence of 'nslcd.conf' file. All this checking is done by function
nssldap_exists(). Because both modules are maintained by two different
functions, the function returns tuple containing return code and dictionary
structure - its key is name of target function and value is list of existing
configuration files. Files to check are specified inside the
nssldap_exists() function. nssldap_exists() also returns True if any of
the mandatory files was found, otherwise returns False.

In order to fit the returned values, the functions
configure_{ldap|nslcd}_conf() were slightly modified. They accept one more
parameter which is list of existing files.  They are not checking existence
of above mentioned files anymore.

https://fedorahosted.org/freeipa/ticket/2063
---
 ipa-client/ipa-install/ipa-client-install | 62 ++++++++++++++++++++++---------
 1 file changed, 44 insertions(+), 18 deletions(-)

(limited to 'ipa-client/ipa-install')

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 0a040b8fa..e763d07a7 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -145,6 +145,27 @@ def nickname_exists(nickname):
         else:
             return False
 
+# Checks whether nss_ldap or nss-pam-ldapd is installed. If anyone of mandatory files was found returns True and list of all files found.
+def nssldap_exists():
+    files_to_check = [{'function':'configure_ldap_conf', 'mandatory':['/etc/ldap.conf','/etc/nss_ldap.conf','/etc/libnss-ldap.conf'], 'optional':['/etc/pam_ldap.conf']},
+                      {'function':'configure_nslcd_conf', 'mandatory':['/etc/nslcd.conf']}]
+    files_found = {}
+    retval = False
+
+    for function in files_to_check:
+        files_found[function['function']]=[]
+        for file_type in ['mandatory','optional']:
+            try:
+                for filename in function[file_type]:
+                    if file_exists(filename):
+                        files_found[function['function']].append(filename)
+                        if file_type == 'mandatory':
+                            retval = True
+            except KeyError:
+                pass
+
+    return (retval, files_found)
+
 def emit_quiet(quiet, message):
     if not quiet:
         print message
@@ -409,7 +430,7 @@ def configure_ipa_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server):
 
     return 0
 
-def configure_ldap_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options):
+def configure_ldap_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options, files):
     ldapconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer")
     ldapconf.setOptionAssignment(" ")
 
@@ -440,24 +461,22 @@ def configure_ldap_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, d
     opts.append({'name':'empty', 'type':'empty'})
 
     ret = (0, None, None)
-    files = []
+
     # Depending on the release and distribution this may exist in any
     # number of different file names, update what we find
-    for filename in ['/etc/ldap.conf', '/etc/nss_ldap.conf', '/etc/libnss-ldap.conf', '/etc/pam_ldap.conf']:
-        if file_exists(filename):
-            try:
-                fstore.backup_file(filename)
-                ldapconf.newConf(filename, opts)
-                files.append(filename)
-            except Exception, e:
-                print "Creation of %s: %s" % (filename, str(e))
-                return (1, 'LDAP', filename)
+    for filename in files:
+        try:
+            fstore.backup_file(filename)
+            ldapconf.newConf(filename, opts)
+        except Exception, e:
+            print "Creation of %s: %s" % (filename, str(e))
+            return (1, 'LDAP', filename)
 
     if files:
         return (0, 'LDAP', ', '.join(files))
     return ret
 
-def configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options):
+def configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options, files):
     nslcdconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer")
     nslcdconf.setOptionAssignment(" ")
 
@@ -481,12 +500,12 @@ def configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server,
 
     opts.append({'name':'empty', 'type':'empty'})
 
-    if file_exists('/etc/nslcd.conf'):
+    for filename in files:
         try:
-            fstore.backup_file('/etc/nslcd.conf')
-            nslcdconf.newConf('/etc/nslcd.conf', opts)
+            fstore.backup_file(filename)
+            nslcdconf.newConf(filename, opts)
         except Exception, e:
-            print "Creation of %s: %s" % ('/etc/nslcd.conf', str(e))
+            print "Creation of %s: %s" % (filename, str(e))
             return (1, None, None)
 
     nslcd = ipaservices.knownservices.nslcd
@@ -505,7 +524,7 @@ def configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server,
         root_logger.debug("%s daemon is not installed, skip configuration" % (nslcd.service_name))
         return (0, None, None)
 
-    return (0, 'NSLCD', '/etc/nslcd.conf')
+    return (0, 'NSLCD', ', '.join(files))
 
 def hardcode_ldap_server(cli_server):
     """
@@ -851,6 +870,13 @@ def install(options, env, fstore, statestore):
         print 'Invalid hostname \'%s\', must be lower-case.' % hostname
         return CLIENT_INSTALL_ERROR
 
+    # when installing with '--no-sssd' option, check whether nss-ldap is installed
+    if not options.sssd:
+        (nssldap_installed, nosssd_files) = nssldap_exists()
+        if not nssldap_installed:
+            print "One of these packages must be installed: nss_ldap or nss-pam-ldapd"
+            return CLIENT_INSTALL_ERROR
+
     # Create the discovery instance
     ds = ipadiscovery.IPADiscovery()
 
@@ -1183,7 +1209,7 @@ def install(options, env, fstore, statestore):
     # change its configuration otherways
     if not options.sssd:
         for configurer in [configure_ldap_conf, configure_nslcd_conf]:
-            (retcode, conf, filename) = configurer(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options)
+            (retcode, conf, filename) = configurer(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options, nosssd_files[configurer.__name__])
             if retcode:
                 return CLIENT_INSTALL_ERROR
             if conf:
-- 
cgit