Allow ipa-dns-install to install with just admin credentials

Do this by creating a common way to attach to the ldap server for each instance. Fixes: https://fedorahosted.org/freeipa/ticket/686
author: Simo Sorce <ssorce@redhat.com> 2011-01-05 07:46:30 -0500
committer: Simo Sorce <ssorce@redhat.com> 2011-01-07 04:54:17 -0500
commit: 21bf175e0c10b087deb10b8e328a6a6bd549c0f9 (patch)
tree: 83c43dc5630268fce968fbecd15c754b60d98372 /install/tools
parent: 56f000e9a9330598c5768aee0697c4423500a4fe (diff)
download: freeipa-21bf175e0c10b087deb10b8e328a6a6bd549c0f9.tar.gz
freeipa-21bf175e0c10b087deb10b8e328a6a6bd549c0f9.tar.xz
freeipa-21bf175e0c10b087deb10b8e328a6a6bd549c0f9.zip
2 files changed, 31 insertions, 21 deletions
diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install
index 01967c17..25aeb610 100755
--- a/install/tools/ipa-dns-install
+++ b/install/tools/ipa-dns-install
@@ -28,6 +28,8 @@ from ipapython import version
 from ipapython import ipautil, sysrestore
 from ipalib import api, errors, util
 from ipapython.config import IPAOptionParser
+import krbV
+import ldap
 
 def parse_options():
     parser = IPAOptionParser(version=version.VERSION)
@@ -52,8 +54,6 @@ def parse_options():
         parser.error("You cannot specify a --forwarder option together with --no-forwarders")
 
     if options.unattended:
-        if not options.dm_password:
-            parser.error("In unattended mode you need to provide at least the -p option")
         if not options.forwarders and not options.no_forwarders:
             parser.error("You must specify at least one --forwarder option or --no-forwarders option")
 
@@ -138,22 +138,6 @@ def main():
         dns_forwarders = read_dns_forwarders()
     logging.debug("will use dns_forwarders: %s\n", str(dns_forwarders))
 
-    if not options.dm_password:
-        dm_password = read_password("Directory Manager", confirm=False, validate=False)
-    else:
-        dm_password = options.dm_password
-
-    # Try out the password
-    ldapuri = 'ldap://%s' % api.env.host
-    try:
-        conn = ldap2(shared_instance=False, ldap_uri=ldapuri)
-        conn.connect(bind_dn='cn=directory manager', bind_pw=dm_password)
-        conn.disconnect()
-    except errors.ACIError:
-        sys.exit("\nThe password provided is incorrect for LDAP server %s" % api.env.host)
-    except errors.LDAPError:
-        sys.exit("\nUnable to connect to LDAP server %s" % api.env.host)
-
     conf_ntp = ntpinstance.NTPInstance(fstore).is_enabled()
 
     if not options.unattended:
@@ -163,12 +147,39 @@ def main():
         print ""
 
     # Create a BIND instance
-    bind = bindinstance.BindInstance(fstore, dm_password)
+    bind = bindinstance.BindInstance(fstore, options.dm_password)
+
+    valid_password = False
+    while not valid_password:
+        # try the connection
+        try:
+            bind.ldap_connect()
+            bind.ldap_disconnect()
+            valid_password = True
+        except ldap.LOCAL_ERROR, e:
+            if not bind.dm_password:
+                if options.unattended:
+                    sys.exit("\nIn unattended mode you need to provide at least the -p option")
+                else:
+                    bind.dm_password = read_password("Directory Manager", confirm=False, validate=False)
+        except ldap.INVALID_CREDENTIALS, e:
+            if options.unattended:
+                sys.exit("\nPassword is not valid!")
+            bind.dm_password = read_password("Directory Manager", confirm=False, validate=False)
+
     create_reverse = bindinstance.create_reverse(options.unattended)
     bind.setup(api.env.host, ip_address, api.env.realm, api.env.domain, dns_forwarders, conf_ntp, create_reverse, zonemgr=options.zonemgr)
-    api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=dm_password)
+
+    if bind.dm_password:
+        api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=bind.dm_password)
+    else:
+        # See if our LDAP server is up and we can talk to it over GSSAPI
+        ccache = krbV.default_context().default_ccache().name
+        api.Backend.ldap2.connect(ccache)
+
     bind.create_instance()
 
+
     print "=============================================================================="
     print "Setup complete"
     print ""
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 2bbf4817..19f80a79 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -797,7 +797,6 @@ def main():
     # generated
     ds.add_cert_to_service()
 
-
     # Create a HTTP instance
 
     if options.http_pin:
author	Simo Sorce <ssorce@redhat.com>	2011-01-05 07:46:30 -0500
committer	Simo Sorce <ssorce@redhat.com>	2011-01-07 04:54:17 -0500
commit	21bf175e0c10b087deb10b8e328a6a6bd549c0f9 (patch)
tree	83c43dc5630268fce968fbecd15c754b60d98372 /install/tools
parent	56f000e9a9330598c5768aee0697c4423500a4fe (diff)
download	freeipa-21bf175e0c10b087deb10b8e328a6a6bd549c0f9.tar.gz freeipa-21bf175e0c10b087deb10b8e328a6a6bd549c0f9.tar.xz freeipa-21bf175e0c10b087deb10b8e328a6a6bd549c0f9.zip