#!/usr/bin/python2 # Authors: Rob Crittenden # Authors: Simo Sorce # # Copyright (C) 2008 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import sys from ipaplatform.paths import paths try: from optparse import OptionParser from ipapython import ipautil, config from ipaserver.install import installutils from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax from ipaserver.plugins.ldap2 import ldap2 from ipalib import api, errors from ipapython.ipa_log_manager import * from ipapython.dn import DN except ImportError: print >> sys.stderr, """\ There was a problem importing one of the required Python modules. The error was: %s """ % sys.exc_value sys.exit(1) compat_dn = DN(('cn', 'Schema Compatibility'), ('cn', 'plugins'), ('cn', 'config')) nis_config_dn = DN(('cn', 'NIS Server'), ('cn', 'plugins'), ('cn', 'config')) def parse_options(): usage = "%prog [options] \n" usage += "%prog [options]\n" parser = OptionParser(usage=usage, formatter=config.IPAFormatter()) parser.add_option("-d", "--debug", action="store_true", dest="debug", help="Display debugging information about the update(s)") parser.add_option("-y", dest="password", help="File containing the Directory Manager password") config.add_standard_options(parser) options, args = parser.parse_args() config.init_config(options) return options, args def get_dirman_password(): """Prompt the user for the Directory Manager password and verify its correctness. """ password = installutils.read_password("Directory Manager", confirm=False, validate=False) return password def get_entry(dn, conn): """ Return the entry for the given DN. If the entry is not found return None. """ entry = None try: entry = conn.get_entry(dn) except errors.NotFound: pass return entry def main(): retval = 0 files = [paths.SCHEMA_COMPAT_ULDIF] options, args = parse_options() if len(args) != 1: sys.exit("You must specify one action, either enable or disable") elif args[0] != "enable" and args[0] != "disable" and args[0] != "status": sys.exit("Unrecognized action [" + args[0] + "]") standard_logging_setup(None, debug=options.debug) dirman_password = "" if options.password: pw = ipautil.template_file(options.password, []) dirman_password = pw.strip() else: dirman_password = get_dirman_password() if dirman_password is None: sys.exit("Directory Manager password required") api.bootstrap(context='cli', debug=options.debug) api.finalize() conn = None try: try: conn = ldap2(api) conn.connect( bind_dn=DN(('cn', 'directory manager')), bind_pw=dirman_password ) except errors.ExecutionError, lde: sys.exit("An error occurred while connecting to the server.\n%s\n" % str(lde)) except errors.ACIError, e: sys.exit("Authentication failed: %s" % e.info) if args[0] == "status": entry = None try: entry = get_entry(compat_dn, conn) if entry is not None and entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'on': print "Plugin Enabled" else: print "Plugin Disabled" except errors.LDAPError, lde: print "An error occurred while talking to the server." print lde if args[0] == "enable": entry = None try: entry = get_entry(compat_dn, conn) if entry is not None and entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'on': print "Plugin already Enabled" retval = 2 else: print "Enabling plugin" if entry is None: ld = LDAPUpdate(dm_password=dirman_password, sub_dict={}) if not ld.update(files): print "Updating Directory Server failed." retval = 1 else: entry['nsslapd-pluginenabled'] = ['on'] conn.update_entry(entry) except errors.ExecutionError, lde: print "An error occurred while talking to the server." print lde retval = 1 elif args[0] == "disable": entry = None try: entry = get_entry(nis_config_dn, conn) # We can't disable schema compat if the NIS plugin is enabled if entry is not None and entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'on': print >>sys.stderr, "The NIS plugin is configured, cannot disable compatibility." print >>sys.stderr, "Run 'ipa-nis-manage disable' first." retval = 2 except errors.ExecutionError, lde: print "An error occurred while talking to the server." print lde retval = 1 if retval == 0: entry = None try: entry = get_entry(compat_dn, conn) if entry is None or entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'off': print "Plugin is already disabled" retval = 2 else: print "Disabling plugin" entry['nsslapd-pluginenabled'] = ['off'] conn.update_entry(entry) except errors.DatabaseError, dbe: print "An error occurred while talking to the server." print dbe retval = 1 except errors.ExecutionError, lde: print "An error occurred while talking to the server." print lde retval = 1 else: retval = 1 if retval == 0: print "This setting will not take effect until you restart Directory Server." finally: if conn and conn.isconnected(): conn.disconnect() return retval if __name__ == '__main__': installutils.run_script(main, operation_name='ipa-compat-manage')