diff options
| author | Pavel Zuna <pzuna@redhat.com> | 2011-02-15 14:11:27 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2011-03-03 14:04:34 -0500 |
| commit | 64575a411b27dde7919406fdaf5bdec07c6645f3 (patch) | |
| tree | ab0870adf6181f4457959f44fb936ec705f741d2 /install/tools | |
| parent | eb6b3c7afc4065f12960f09791f2a5b645abef8b (diff) | |
| download | freeipa-64575a411b27dde7919406fdaf5bdec07c6645f3.tar.gz freeipa-64575a411b27dde7919406fdaf5bdec07c6645f3.tar.xz freeipa-64575a411b27dde7919406fdaf5bdec07c6645f3.zip | |
Use ldapi: instead of unsecured ldap: in ipa core tools.
The patch also corrects exception handling in some of the tools.
Fix #874
Diffstat (limited to 'install/tools')
| -rwxr-xr-x | install/tools/ipa-compat-manage | 11 | ||||
| -rw-r--r-- | install/tools/ipa-compliance | 3 | ||||
| -rwxr-xr-x | install/tools/ipa-host-net-manage | 13 | ||||
| -rwxr-xr-x | install/tools/ipa-nis-manage | 15 | ||||
| -rwxr-xr-x | install/tools/ipa-replica-prepare | 6 | ||||
| -rwxr-xr-x | install/tools/ipa-server-certinstall | 3 | ||||
| -rwxr-xr-x | install/tools/ipa-server-install | 10 |
7 files changed, 28 insertions, 33 deletions
diff --git a/install/tools/ipa-compat-manage b/install/tools/ipa-compat-manage index c990f9d4..723950f5 100755 --- a/install/tools/ipa-compat-manage +++ b/install/tools/ipa-compat-manage @@ -93,13 +93,12 @@ def main(): conn = None try: - ldapuri = 'ldap://%s' % installutils.get_fqdn() try: - conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn='') + conn = ldap2(shared_instance=False, base_dn='') conn.connect( bind_dn='cn=directory manager', bind_pw=dirman_password ) - except errors.LDAPError, lde: + except errors.ExecutionError, lde: sys.exit("An error occurred while connecting to the server.\n%s\n" % str(lde)) except errors.ACIError, e: sys.exit("Authentication failed: %s" % e.info) @@ -122,7 +121,7 @@ def main(): retval = 2 except errors.NotFound: print "Enabling plugin" - except errors.LDAPError, lde: + except errors.ExecutionError, lde: print "An error occurred while talking to the server." print lde retval = 1 @@ -158,7 +157,7 @@ def main(): print "An error occurred while talking to the server." print dbe retval = 1 - except errors.LDAPError, lde: + except errors.ExecutionError, lde: print "An error occurred while talking to the server." print lde retval = 1 @@ -167,7 +166,7 @@ def main(): retval = 1 finally: - if conn.isconnected(): + if conn and conn.isconnected(): conn.disconnect() return retval diff --git a/install/tools/ipa-compliance b/install/tools/ipa-compliance index 8b7ad776..e1de2528 100644 --- a/install/tools/ipa-compliance +++ b/install/tools/ipa-compliance @@ -106,8 +106,7 @@ def check_compliance(tmpdir, debug=False): # Even if not registered they have some default entitlements pass - ldapuri = 'ldap://%s' % api.env.host - conn = ldap2(shared_instance=False, ldap_uri=ldapuri) + conn = ldap2(shared_instance=False) # Bind using GSSAPI conn.connect(ccache=ccache_file) diff --git a/install/tools/ipa-host-net-manage b/install/tools/ipa-host-net-manage index ae8a224a..5da7b922 100755 --- a/install/tools/ipa-host-net-manage +++ b/install/tools/ipa-host-net-manage @@ -96,13 +96,12 @@ def main(): conn = None try: - ldapuri = 'ldap://%s' % installutils.get_fqdn() try: - conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn='') + conn = ldap2(shared_instance=False, base_dn='') conn.connect( bind_dn='cn=directory manager', bind_pw=dirman_password ) - except errors.LDAPError, lde: + except errors.ExecutionError, lde: sys.exit("An error occurred while connecting to the server.\n%s\n" % str(lde)) except errors.ACIError, e: @@ -118,7 +117,7 @@ def main(): print "Plugin Disabled" except errors.NotFound: print "Plugin Disabled" - except errors.LDAPError, lde: + except errors.ExecutionError, lde: print "An error occurred while talking to the server." print lde return 0 @@ -136,7 +135,7 @@ def main(): retval = 2 except errors.NotFound: print "Enabling Plugin" - except errors.LDAPError, lde: + except errors.ExecutionError, lde: print "An error occurred while talking to the server." print lde retval = 1 @@ -184,7 +183,7 @@ def main(): print "An error occurred while talking to the server." print dbe retval = 1 - except errors.LDAPError, lde: + except errors.ExecutionError, lde: print "An error occurred while talking to the server." print lde retval = 1 @@ -193,7 +192,7 @@ def main(): retval = 1 finally: - if conn.isconnected(): + if conn and conn.isconnected(): conn.disconnect() return retval diff --git a/install/tools/ipa-nis-manage b/install/tools/ipa-nis-manage index 310ee149..d611134e 100755 --- a/install/tools/ipa-nis-manage +++ b/install/tools/ipa-nis-manage @@ -107,16 +107,15 @@ def main(): conn = None try: - ldapuri = 'ldap://%s' % installutils.get_fqdn() try: - conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn='') + conn = ldap2(shared_instance=False, base_dn='') conn.connect( bind_dn='cn=directory manager', bind_pw=dirman_password ) - except errors.ACIError: - sys.exit("Incorrect password") - except errors.LDAPError, lde: + except errors.ExecutionError, lde: sys.exit("An error occurred while connecting to the server: %s" % str(lde)) + except errors.AuthorizationError: + sys.exit("Incorrect password") if args[0] == "enable": compat = get_entry(compat_dn, conn) @@ -125,7 +124,7 @@ def main(): entry = None try: entry = get_entry(nis_config_dn, conn) - except errors.LDAPError, lde: + except errors.ExecutionError, lde: print "An error occurred while talking to the server." print lde retval = 1 @@ -149,7 +148,7 @@ def main(): entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'off'): # Already configured, just enable the plugin print "Enabling plugin" - ld = LDAPUpdate(dm_password=dirman_password, sub_dict={}) + ld = LDAPUpdate(dm_password=dirman_password, sub_dict={}, ldapi=True) if ld.update(files) != True: retval = 1 mod = {'nsslapd-pluginenabled': 'on'} @@ -186,7 +185,7 @@ def main(): print "An error occurred while talking to the server." print dbe retval = 1 - except errors.LDAPError, lde: + except errors.ExecutionError, lde: print "An error occurred while talking to the server." print lde retval = 1 diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare index f0661a37..36e34d78 100755 --- a/install/tools/ipa-replica-prepare +++ b/install/tools/ipa-replica-prepare @@ -88,9 +88,8 @@ def parse_options(): return options, args def get_subject_base(host_name, dm_password, suffix): - ldapuri = 'ldap://%s:389' % host_name try: - conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn=suffix) + conn = ldap2(shared_instance=False, base_dn=suffix) conn.connect(bind_dn='cn=directory manager', bind_pw=dm_password) except errors.ExecutionError, e: logging.critical("Could not connect to the Directory Server on %s" % host_name) @@ -285,9 +284,8 @@ def main(): sys.exit(0) # Try out the password - ldapuri = 'ldap://%s:389' % api.env.host try: - conn = ldap2(shared_instance=False, ldap_uri=ldapuri) + conn = ldap2(shared_instance=False) conn.connect(bind_dn='cn=directory manager', bind_pw=dirman_password) conn.disconnect() except errors.ACIError: diff --git a/install/tools/ipa-server-certinstall b/install/tools/ipa-server-certinstall index 5fc5811d..74ded157 100755 --- a/install/tools/ipa-server-certinstall +++ b/install/tools/ipa-server-certinstall @@ -64,8 +64,7 @@ def parse_options(): return options, args[0] def set_ds_cert_name(cert_name, dm_password): - ldapuri = 'ldap://127.0.0.1' - conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn='') + conn = ldap2(shared_instance=False, base_dn='') conn.connect(bind_dn='cn=directory manager', bind_pw=dm_password) mod = {'nssslpersonalityssl': cert_name} conn.update_entry('cn=RSA,cn=encryption,cn=config', mod) diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 6a030b97..fd202bea 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -444,13 +444,15 @@ def uninstall(): return 0 -def set_subject_in_config(host_name, dm_password, suffix, subject_base): - ldapuri = 'ldap://%s' % host_name +def set_subject_in_config(realm_name, dm_password, suffix, subject_base): + ldapuri = 'ldapi://%%2fvar%%2frun%%2fslapd-%s.socket' % ( + dsinstance.realm_to_serverid(realm_name) + ) try: conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn=suffix) conn.connect(bind_dn='cn=directory manager', bind_pw=dm_password) except errors.ExecutionError, e: - logging.critical("Could not connect to the Directory Server on %s" % host_name) + logging.critical("Could not connect to the Directory Server on %s" % realm_name) raise e (dn, entry_attrs) = conn.get_ipa_config() if 'ipacertificatesubjectbase' not in entry_attrs: @@ -851,7 +853,7 @@ def main(): http.create_instance(realm_name, host_name, domain_name, dm_password, autoconfig=True, self_signed_ca=options.selfsign, subject_base=options.subject) ipautil.run(["/sbin/restorecon", "/var/cache/ipa/sessions"]) - set_subject_in_config(host_name, dm_password, util.realm_to_suffix(realm_name), options.subject) + set_subject_in_config(realm_name, dm_password, util.realm_to_suffix(realm_name), options.subject) if not options.selfsign: service.print_msg("Setting the certificate subject base") ca.set_subject_in_config(util.realm_to_suffix(realm_name)) |