#!/usr/bin/python2 # Authors: Rob Crittenden # Authors: Simo Sorce # # Copyright (C) 2009 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import sys import os from ipaplatform.paths import paths try: from optparse import OptionParser from ipapython import ipautil, config from ipaserver.install import installutils from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax from ipaserver.plugins.ldap2 import ldap2 from ipalib import api, errors from ipapython.ipa_log_manager import * from ipapython.dn import DN from ipaplatform import services except ImportError: print >> sys.stderr, """\ There was a problem importing one of the required Python modules. The error was: %s """ % sys.exc_value sys.exit(1) nis_config_dn = DN(('cn', 'NIS Server'), ('cn', 'plugins'), ('cn', 'config')) compat_dn = DN(('cn', 'Schema Compatibility'), ('cn', 'plugins'), ('cn', 'config')) def parse_options(): usage = "%prog [options] \n" usage += "%prog [options]\n" parser = OptionParser(usage=usage, formatter=config.IPAFormatter()) parser.add_option("-d", "--debug", action="store_true", dest="debug", help="Display debugging information about the update(s)") parser.add_option("-y", dest="password", help="File containing the Directory Manager password") config.add_standard_options(parser) options, args = parser.parse_args() config.init_config(options) return options, args def get_dirman_password(): """Prompt the user for the Directory Manager password and verify its correctness. """ password = installutils.read_password("Directory Manager", confirm=False, validate=False, retry=False) return password def get_entry(dn, conn): """ Return the entry for the given DN. If the entry is not found return None. """ entry = None try: entry = conn.get_entry(dn) except errors.NotFound: pass return entry def main(): retval = 0 files = [paths.NIS_ULDIF] servicemsg = "" if os.getegid() != 0: sys.exit('Must be root to use this tool.') installutils.check_server_configuration() options, args = parse_options() if len(args) != 1: sys.exit("You must specify one action, either enable or disable") elif args[0] != "enable" and args[0] != "disable": sys.exit("Unrecognized action [" + args[0] + "]") standard_logging_setup(None, debug=options.debug) dirman_password = "" if options.password: try: pw = ipautil.template_file(options.password, []) except IOError: sys.exit("File \"%s\" not found or not readable" % options.password) dirman_password = pw.strip() else: dirman_password = get_dirman_password() if dirman_password is None: sys.exit("Directory Manager password required") if not dirman_password: sys.exit("No password supplied") api.bootstrap(context='cli', debug=options.debug) api.finalize() conn = None try: try: conn = ldap2(api) conn.connect( bind_dn=DN(('cn', 'directory manager')), bind_pw=dirman_password ) except errors.ExecutionError, lde: sys.exit("An error occurred while connecting to the server: %s" % str(lde)) except errors.AuthorizationError: sys.exit("Incorrect password") if args[0] == "enable": compat = get_entry(compat_dn, conn) if compat is None or compat.get('nsslapd-pluginenabled', [''])[0].lower() == 'off': sys.exit("The compat plugin needs to be enabled: ipa-compat-manage enable") entry = None try: entry = get_entry(nis_config_dn, conn) except errors.ExecutionError, lde: print "An error occurred while talking to the server." print lde retval = 1 # Enable either the portmap or rpcbind service try: portmap = services.knownservices.portmap portmap.enable() servicemsg = portmap.service_name except ipautil.CalledProcessError, cpe: if cpe.returncode == 1: try: rpcbind = services.knownservices.rpcbind rpcbind.enable() servicemsg = rpcbind.service_name except ipautil.CalledProcessError, cpe: print "Unable to enable either %s or %s" % (portmap.service_name, rpcbind.service_name) retval = 3 # The cn=config entry for the plugin may already exist but it # could be turned off, handle both cases. if entry is None: print "Enabling plugin" ld = LDAPUpdate(dm_password=dirman_password, sub_dict={}, ldapi=True) if ld.update(files) != True: retval = 1 elif entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'off': print "Enabling plugin" # Already configured, just enable the plugin entry['nsslapd-pluginenabled'] = ['on'] conn.update_entry(entry) else: print "Plugin already Enabled" retval = 2 elif args[0] == "disable": try: entry = conn.get_entry(nis_config_dn, ['nsslapd-pluginenabled']) entry['nsslapd-pluginenabled'] = ['off'] conn.update_entry(entry) except (errors.NotFound, errors.EmptyModlist): print "Plugin is already disabled" retval = 2 except errors.LDAPError, lde: print "An error occurred while talking to the server." print lde retval = 1 else: retval = 1 if retval == 0: print "This setting will not take effect until you restart Directory Server." if args[0] == "enable": print "The %s service may need to be started." % servicemsg finally: if conn and conn.isconnected(): conn.disconnect() return retval if __name__ == '__main__': installutils.run_script(main, operation_name='ipa-nis-manage')