Configure a basic ldap.conf for OpenLDAP in /etc/openldap/ldap.conf

Set URI, BASE and TLS_CACERT

Also update the man page to include a list of files that the client
changes.

https://fedorahosted.org/freeipa/ticket/1810

2 files changed, 52 insertions, 1 deletions

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 604283ae..b7753f54 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -547,6 +547,22 @@ def configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server,
 
     return (0, 'NSLCD', ', '.join(files))
 
+def configure_openldap_conf(fstore, cli_basedn, cli_server):
+    ldapconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer")
+    ldapconf.setOptionAssignment(" ")
+
+    opts = [{'name':'comment', 'type':'comment', 'value':'File modified by ipa-client-install'},
+            {'name':'empty', 'type':'empty'},
+            {'name':'URI', 'type':'option', 'value':'ldaps://'+  cli_server},
+            {'name':'BASE', 'type':'option', 'value':cli_basedn},
+            {'name':'TLS_CACERT', 'type':'option', 'value':'/etc/ipa/ca.crt'},
+            {'name':'empty', 'type':'empty'}]
+
+    target_fname = '/etc/openldap/ldap.conf'
+    fstore.backup_file(target_fname)
+    ldapconf.newConf(target_fname, opts)
+    os.chmod(target_fname, 0644)
+
 def hardcode_ldap_server(cli_server):
     """
     DNS Discovery didn't return a valid IPA server, hardcode a value into
@@ -1451,6 +1467,9 @@ def install(options, env, fstore, statestore):
                 if conf:
                     print "%s configured using configuration file(s) %s" % (conf, filename)
 
+        configure_openldap_conf(fstore, cli_basedn, cli_server)
+        print "Configured /etc/openldap/ldap.conf"
+
         #Check that nss is working properly
         if not options.on_master:
             n = 0
diff --git a/ipa-client/man/ipa-client-install.1 b/ipa-client/man/ipa-client-install.1
index 7c78568e..cf3db2e6 100644
--- a/ipa-client/man/ipa-client-install.1
+++ b/ipa-client/man/ipa-client-install.1
@@ -110,7 +110,7 @@ possible due to SSSDConfig reader encountering unsupported options,
 \fBipa\-client\-install\fR will not run further and ask to fix SSSD config
 first. When this option is not specified, \fBipa\-client\-install\fR will back
 up SSSD config and create new one. The back up version will be restored during
-uninstall. 
+uninstall.
 
 .SS "UNINSTALL OPTIONS"
 .TP
@@ -120,6 +120,38 @@ Remove the IPA client software and restore the configuration to the pre\-IPA sta
 \fB\-U\fR, \fB\-\-unattended\fR
 Unattended uninstallation. The user will not be prompted.
 
+.SH "FILES"
+.TP
+Files that will be replaced if SSSD is configured (default):
+
+/etc/sssd/sssd.conf\p
+.TP
+Files that will be replaced if they exist and SSSD is not configured (\-\-no\-sssd):
+
+/etc/ldap.conf\p
+/etc/nss_ldap.conf\p
+/etc/libnss\-ldap.conf\p
+/etc/pam_ldap.conf\p
+/etc/nslcd.conf\p
+.TP
+Files replaced if NTP is enabled:
+
+/etc/ntp.conf\p
+/etc/sysconfig/ntpd\p
+/etc/ntp/step\-tickers\p
+.TP
+Files always created (replacing existing content):
+
+/etc/krb5.conf\p
+/etc/ipa/ca.crt\p
+/etc/ipa/default.conf\p
+/etc/openldap/ldap.conf\p
+.TP
+Files updated, existing content is maintained:
+
+/etc/pki/nssdb\p
+/etc/krb5.keytab\p
+/etc/sysconfig/network\p
 .SH "EXIT STATUS"
 0 if the installation was successful