diff options
| -rw-r--r-- | install/share/bootstrap-template.ldif | 10 | ||||
| -rw-r--r-- | install/share/dna-posix.ldif | 4 | ||||
| -rwxr-xr-x | install/tools/ipa-server-install | 11 | ||||
| -rw-r--r-- | install/tools/man/ipa-server-install.1 | 6 | ||||
| -rw-r--r-- | ipapython/ipautil.py | 10 | ||||
| -rw-r--r-- | ipaserver/install/dsinstance.py | 7 |
6 files changed, 37 insertions, 11 deletions
diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif index 5c716f6a..e98c73b0 100644 --- a/install/share/bootstrap-template.ldif +++ b/install/share/bootstrap-template.ldif @@ -69,8 +69,8 @@ uid: admin krbPrincipalName: admin@$REALM cn: Administrator sn: Administrator -uidNumber: 999 -gidNumber: 1001 +uidNumber: $UIDSTART +gidNumber: $GIDSTART homeDirectory: /home/admin loginShell: /bin/bash gecos: Administrator @@ -107,7 +107,7 @@ objectClass: groupofnames objectClass: posixgroup cn: admins description: Account administrators group -gidNumber: 1001 +gidNumber: $GIDSTART member: uid=admin,cn=users,cn=accounts,$SUFFIX nsAccountLock: False @@ -118,7 +118,7 @@ objectClass: groupofnames objectClass: nestedgroup objectClass: ipausergroup objectClass: posixgroup -gidNumber: 1002 +gidNumber: eval($GIDSTART+1) description: Default group for all users cn: ipausers @@ -127,7 +127,7 @@ changetype: add objectClass: top objectClass: groupofnames objectClass: posixgroup -gidNumber: 1003 +gidNumber: eval($GIDSTART+2) description: Limited admins who can edit other users cn: editors diff --git a/install/share/dna-posix.ldif b/install/share/dna-posix.ldif index 6b5cef8c..e255bb27 100644 --- a/install/share/dna-posix.ldif +++ b/install/share/dna-posix.ldif @@ -6,7 +6,7 @@ objectclass: top objectclass: extensibleObject cn: Posix Accounts dnaType: uidNumber -dnaNextValue: 1100 +dnaNextValue: eval($UIDSTART+1) dnaInterval: 1 dnaMaxValue: 1000000000 dnaMagicRegen: 999 @@ -21,7 +21,7 @@ objectclass: top objectclass: extensibleObject cn: Posix Groups dnaType: gidNumber -dnaNextValue: 1100 +dnaNextValue: eval($GIDSTART+3) dnaInterval: 1 dnaMaxValue: 1000000000 dnaMagicRegen: 999 diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index c09b24de..d0e93979 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -36,6 +36,7 @@ import shutil import glob import traceback from optparse import OptionParser +import random from ipaserver.install import dsinstance from ipaserver.install import krbinstance @@ -54,7 +55,11 @@ from ipalib import util pw_name = None +# Used to determine the the highest possible uid/gid +MAXINT_32BIT = 2147483648 + def parse_options(): + namespace = random.randint(1000000, (MAXINT_32BIT - 1000000)) parser = OptionParser(version=version.VERSION) parser.add_option("-u", "--user", dest="ds_user", help="ds user") @@ -97,6 +102,10 @@ def parse_options(): default=False, help="Do not use DNS for hostname lookup during installation") + parser.add_option("--uidstart", dest="uidstart", default=namespace, type=int, + help="The starting uid value (default random)") + parser.add_option("--gidstart", dest="gidstart", default=namespace, type=int, + help="The starting gid value (default random)") options, args = parser.parse_args() if options.uninstall: @@ -537,7 +546,7 @@ def main(): finally: os.remove(pw_name) else: - ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, self_signed_ca=not options.ca) + ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, self_signed_ca=not options.ca, uidstart=options.uidstart, gidstart=options.gidstart) # Create a kerberos instance krb = krbinstance.KrbInstance(fstore) diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1 index bf533af8..df977c2f 100644 --- a/install/tools/man/ipa-server-install.1 +++ b/install/tools/man/ipa-server-install.1 @@ -75,6 +75,12 @@ The password of the Directory Server PKCS#12 file \fB\-\-http_pin\fR=\fIHTTP_PIN\fR The password of the Apache Server PKCS#12 file .PP +\fB\-\-uidstart\fR=\fIUIDSTART\fR +The starting user id number (default random) +.PP +\fB\-\-gidstart\fR=\fIGIDSTART\fR +The starting group id number (default random) +.PP .SH "EXIT STATUS" 0 if the installation was successful diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index 240e0d87..47b651c1 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -68,7 +68,15 @@ def realm_to_suffix(realm_name): return ",".join(terms) def template_str(txt, vars): - return string.Template(txt).substitute(vars) + val = string.Template(txt).substitute(vars) + + # eval() is a special string one can insert into a template to have the + # Python interpreter evaluate the string. This is intended to allow + # math to be performed in templates. + pattern = re.compile('(eval\s*\(([^()]*)\))') + val = pattern.sub(lambda x: str(eval(x.group(2))), val) + + return val def template_file(infilename, vars): txt = open(infilename).read() diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 061b827b..90d64b11 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -151,7 +151,7 @@ class DsInstance(service.Service): else: self.suffix = None - def create_instance(self, ds_user, realm_name, host_name, domain_name, dm_password, pkcs12_info=None, self_signed_ca=False): + def create_instance(self, ds_user, realm_name, host_name, domain_name, dm_password, pkcs12_info=None, self_signed_ca=False, uidstart=1100, gidstart=1100): self.ds_user = ds_user self.realm_name = realm_name.upper() self.serverid = realm_to_serverid(self.realm_name) @@ -161,6 +161,8 @@ class DsInstance(service.Service): self.domain = domain_name self.pkcs12_info = pkcs12_info self.self_signed_ca = self_signed_ca + self.uidstart = uidstart + self.gidstart = gidstart self.__setup_sub_dict() self.step("creating directory server user", self.__create_ds_user) @@ -198,7 +200,8 @@ class DsInstance(service.Service): PASSWORD=self.dm_password, SUFFIX=self.suffix.lower(), REALM=self.realm_name, USER=self.ds_user, SERVER_ROOT=server_root, DOMAIN=self.domain, - TIME=int(time.time())) + TIME=int(time.time()), UIDSTART=self.uidstart, + GIDSTART=self.gidstart) def __create_ds_user(self): user_exists = True |