summaryrefslogtreecommitdiffstats
path: root/install/tools
diff options
context:
space:
mode:
authorPavel Zuna <pzuna@redhat.com>2010-03-24 15:51:31 +0100
committerRob Crittenden <rcritten@redhat.com>2010-04-19 11:27:10 -0400
commit3620135ec97c156b84a310cd423d5df52732b3f8 (patch)
tree665eb48ad333da90acf0313e0005877954e4b9f7 /install/tools
parentcc336cf9c17283684df7b850e010d669122126a5 (diff)
downloadfreeipa-3620135ec97c156b84a310cd423d5df52732b3f8.tar.gz
freeipa-3620135ec97c156b84a310cd423d5df52732b3f8.tar.xz
freeipa-3620135ec97c156b84a310cd423d5df52732b3f8.zip
Use ldap2 instead of legacy LDAP code from v1 in installer scripts.
Diffstat (limited to 'install/tools')
-rwxr-xr-xinstall/tools/ipa-compat-manage38
-rwxr-xr-xinstall/tools/ipa-dns-install18
-rw-r--r--install/tools/ipa-fix-CVE-2008-327463
-rwxr-xr-xinstall/tools/ipa-ldap-updater2
-rwxr-xr-xinstall/tools/ipa-nis-manage44
-rwxr-xr-xinstall/tools/ipa-replica-install22
-rwxr-xr-xinstall/tools/ipa-replica-manage8
-rwxr-xr-xinstall/tools/ipa-replica-prepare33
-rwxr-xr-xinstall/tools/ipa-server-certinstall18
-rwxr-xr-xinstall/tools/ipa-server-install24
10 files changed, 135 insertions, 135 deletions
diff --git a/install/tools/ipa-compat-manage b/install/tools/ipa-compat-manage
index 09a06caa..b22ce77f 100755
--- a/install/tools/ipa-compat-manage
+++ b/install/tools/ipa-compat-manage
@@ -22,12 +22,11 @@
import sys
try:
from optparse import OptionParser
- from ipaserver import ipaldap
from ipapython import entity, ipautil, config
from ipaserver.install import installutils
from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax, UPDATES_DIR
+ from ipaserver.plugins.ldap2 import ldap2
from ipalib import errors
- import ldap
import logging
import re
import krbV
@@ -95,26 +94,29 @@ def main():
else:
dirman_password = get_dirman_password()
+ conn = None
try:
+ ldapuri = 'ldap://%s' % installutils.get_fqdn()
try:
- conn = ipaldap.IPAdmin(installutils.get_fqdn())
- conn.do_simple_bind(bindpw=dirman_password)
- except ldap.LDAPError, e:
+ conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn='')
+ conn.connect(
+ bind_dn='cn=directory manager', bind_pw=dirman_password
+ )
+ except errors.LDAPError, e:
print "An error occurred while connecting to the server."
- print "%s" % e[0]['desc']
+ print e
return 1
if args[0] == "enable":
try:
- conn.getEntry("cn=Schema Compatibility,cn=plugins,cn=config",
- ldap.SCOPE_BASE, "(objectclass=*)")
+ conn.get_entry('cn=Schema Compatibility,cn=plugins,cn=config')
print "Plugin already Enabled"
retval = 2
except errors.NotFound:
print "Enabling plugin"
- except ldap.LDAPError, e:
+ except errors.LDAPError, e:
print "An error occurred while talking to the server."
- print "%s" % e[0]['desc']
+ print e
retval = 1
if retval == 0:
@@ -127,17 +129,15 @@ def main():
# Make a quick hack foir now, directly delete the entries by name,
# In future we should add delete capabilites to LDAPUpdate
try:
- conn.getEntry("cn=Schema Compatibility,cn=plugins,cn=config",
- ldap.SCOPE_BASE, "(objectclass=*)")
- conn.deleteEntry("cn=groups,cn=Schema Compatibility,cn=plugins,cn=config")
- conn.deleteEntry("cn=users,cn=Schema Compatibility,cn=plugins,cn=config")
- conn.deleteEntry("cn=Schema Compatibility,cn=plugins,cn=config")
+ conn.delete_entry('cn=groups,cn=Schema Compatibility,cn=plugins,cn=config')
+ conn.delete_entry('cn=users,cn=Schema Compatibility,cn=plugins,cn=config')
+ conn.delete_entry('cn=Schema Compatibility,cn=plugins,cn=config')
except errors.NotFound:
print "Plugin is already disabled"
retval = 2
- except ldap.LDAPError, e:
+ except errors.LDAPError, e:
print "An error occurred while talking to the server."
- print "%s" % e[0]['desc']
+ print e
retval = 1
else:
@@ -145,7 +145,7 @@ def main():
finally:
if conn:
- conn.unbind()
+ conn.disconnect()
return retval
@@ -167,6 +167,6 @@ except config.IPAConfigError, e:
print "An IPA server to update cannot be found. Has one been configured yet?"
print "The error was: %s" % e
sys.exit(1)
-except ldap.LDAPError, e:
+except errors.LDAPError, e:
print "An error occurred while performing operations: %s" % e
sys.exit(1)
diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install
index 0656794c..3413312a 100755
--- a/install/tools/ipa-dns-install
+++ b/install/tools/ipa-dns-install
@@ -22,13 +22,12 @@
from optparse import OptionParser
import traceback
-from ipaserver import ipaldap
+from ipaserver.plugins.ldap2 import ldap2
from ipaserver.install import bindinstance, ntpinstance
from ipaserver.install.installutils import *
from ipapython import version
from ipapython import ipautil, sysrestore
-from ipalib import api, util
-import ldap
+from ipalib import api, errors, util
def parse_options():
parser = OptionParser(version=version.VERSION)
@@ -134,14 +133,15 @@ def main():
dm_password = options.dm_password
# Try out the password
+ ldapuri = 'ldap://%s' % api.env.host
try:
- conn = ipaldap.IPAdmin(api.env.host)
- conn.do_simple_bind(bindpw=dm_password)
- conn.unbind()
- except (ldap.CONNECT_ERROR, ldap.SERVER_DOWN), e:
- sys.exit("\nUnable to connect to LDAP server %s" % api.env.host)
- except ldap.INVALID_CREDENTIALS, e :
+ conn = ldap2(shared_instance=False, ldap_uri=ldapuri)
+ conn.connect(bind_dn='cn=directory manager', bind_pw=dm_password)
+ conn.disconnect()
+ except errors.ACIError:
sys.exit("\nThe password provided is incorrect for LDAP server %s" % api.env.host)
+ except errors.LDAPError:
+ sys.exit("\nUnable to connect to LDAP server %s" % api.env.host)
conf_ntp = ntpinstance.NTPInstance(fstore).is_enabled()
diff --git a/install/tools/ipa-fix-CVE-2008-3274 b/install/tools/ipa-fix-CVE-2008-3274
index 79ff904d..723d4121 100644
--- a/install/tools/ipa-fix-CVE-2008-3274
+++ b/install/tools/ipa-fix-CVE-2008-3274
@@ -25,13 +25,10 @@ try:
import ipapython.ipautil
import krbV
- import ldap
-
- from ldap import LDAPError
- from ldap import ldapobject
+ from ipalib import errors
from ipaclient import ipachangeconf
- from ipaserver import ipaldap
+ from ipaserver.plugins.ldap2 import ldap2
from pyasn1.type import univ, namedtype
import pyasn1.codec.ber.encoder
@@ -70,22 +67,24 @@ def parse_options():
def check_vuln(realm, suffix):
+ ldapuri = 'ldap://127.0.0.1'
try:
- conn = ldapobject.SimpleLDAPObject("ldap://127.0.0.1/")
- conn.simple_bind()
- msgid = conn.search("cn="+realm+",cn=kerberos,"+suffix,
- ldap.SCOPE_BASE,
- "(objectclass=krbRealmContainer)",
- ("krbmkey", "cn"))
- res = conn.result(msgid)
- conn.unbind()
-
- if len(res) != 2:
+ conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn=suffix)
+ conn.connect()
+ try:
+ (entries, truncated) = conn.find_entries(
+ filter='(objectclass=krbRealmContainer)',
+ attrs_list=('krbmkey', 'cn'), scope=ldap2.SCOPE_BASE,
+ base_dn='cn=%s,cn=kerberos' % realm
+ )
+ except errors.NotFound:
err = 'Realm Container not found, unable to proceed'
print err
raise Exception, err
+ finally:
+ conn.disconnect()
- if 'krbmkey' in res[1][0][1]:
+ if 'krbmkey' in entries[0][1]:
print 'System vulnerable'
return 1
else:
@@ -185,9 +184,10 @@ def change_mkey(password = None, quiet = False):
password = getpass.getpass("Directory Manager password: ")
# get a connection to the DS
+ ldapuri = 'ldap://%s' % ipapython.config.config.default_server[0]
try:
- conn = ipaldap.IPAdmin(ipapython.config.config.default_server[0])
- conn.do_simple_bind(bindpw=password)
+ conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn=suffix)
+ conn.connect(bind_dn='cn=directory manager', bind_pw=password)
except Exception, e:
print "ERROR: Could not connect to the Directory Server on "+ipapython.config.config.default_server[0]+" ("+str(e)+")"
return 1
@@ -298,8 +298,8 @@ def change_mkey(password = None, quiet = False):
asn1key = pyasn1.codec.ber.encoder.encode(krbMKey)
dn = "cn="+realm+",cn=kerberos,"+suffix
- mod = [(ldap.MOD_REPLACE, 'krbMKey', str(asn1key))]
- conn.modify_s(dn, mod)
+ mod = {'krbmkey': str(asn1key)}
+ conn.update_entry(dn, mod)
except Exception, e:
print "ERROR: Failed to upload the Master Key from the Stash file: "+newstashfile+" ("+str(e)+")"
return 1
@@ -459,16 +459,25 @@ def fix_main(password, realm, suffix):
krbMKey.setComponentByPosition(1, MasterKey)
asn1key = pyasn1.codec.ber.encoder.encode(krbMKey)
- dn = "cn=%s,cn=kerberos,%s" % (realm, suffix)
+ dn = 'cn=%s,cn=kerberos' % realm
sub_dict = dict(REALM=realm, SUFFIX=suffix)
#protect the master key by adding an appropriate deny rule along with the key
- mod = [(ldap.MOD_ADD, 'aci', ipapython.ipautil.template_str(KRBMKEY_DENY_ACI, sub_dict)),
- (ldap.MOD_REPLACE, 'krbMKey', str(asn1key))]
+ conn = ldap2(
+ shared_instance=False, ldap_uri='ldap://127.0.0.1',
+ base_dn=suffix
+ )
+ conn.connect(bind_dn='cn=directory manager', bind_pw=password)
+
+ (dn, entry_attrs) = conn.get_entry(dn, ['aci'])
+
+ entry_attrs['krbmkey'] = str(asn1key)
+ entry_attrs.setdefault('aci', []).append(
+ ipapython.ipautil.template_str(KRBMKEY_DENY_ACI, sub_dict)
+ )
+
+ conn.update_entry(dn, entry_attrs)
- conn = ldapobject.SimpleLDAPObject("ldap://127.0.0.1/")
- conn.simple_bind("cn=Directory Manager", password)
- conn.modify_s(dn, mod)
- conn.unbind()
+ conn.disconnect()
print "\n"
print "This server is now correctly configured and the master-key has been changed and secured."
diff --git a/install/tools/ipa-ldap-updater b/install/tools/ipa-ldap-updater
index 97d464cd..746cd421 100755
--- a/install/tools/ipa-ldap-updater
+++ b/install/tools/ipa-ldap-updater
@@ -26,11 +26,9 @@
import sys
try:
from optparse import OptionParser
- from ipaserver import ipaldap
from ipapython import entity, ipautil, config
from ipaserver.install import installutils
from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax, UPDATES_DIR
- import ldap
import logging
import re
import krbV
diff --git a/install/tools/ipa-nis-manage b/install/tools/ipa-nis-manage
index 18a14639..22cfd432 100755
--- a/install/tools/ipa-nis-manage
+++ b/install/tools/ipa-nis-manage
@@ -22,12 +22,11 @@
import sys
try:
from optparse import OptionParser
- from ipaserver import ipaldap
from ipapython import entity, ipautil, config
from ipaserver.install import installutils
from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax, UPDATES_DIR
+ from ipaserver.plugins.ldap2 import ldap2
from ipalib import errors
- import ldap
import logging
except ImportError:
print >> sys.stderr, """\
@@ -68,12 +67,9 @@ def get_dirman_password():
def get_nis_config(conn):
entry = None
try:
- entry = conn.getEntry(nis_config_dn, ldap.SCOPE_BASE, "(objectclass=*)")
+ (dn, entry) = conn.get_entry(nis_config_dn)
except errors.NotFound:
pass
- except ldap.LDAPError, e:
- raise e
-
return entry
def main():
@@ -103,22 +99,26 @@ def main():
else:
dirman_password = get_dirman_password()
+ conn = None
try:
+ ldapuri = 'ldap://%s' % installutils.get_fqdn()
try:
- conn = ipaldap.IPAdmin(installutils.get_fqdn())
- conn.do_simple_bind(bindpw=dirman_password)
- except ldap.LDAPError, e:
+ conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn='')
+ conn.connect(
+ bind_dn='cn=directory manager', bind_pw=dirman_password
+ )
+ except errors.LDAPError, e:
print "An error occurred while connecting to the server."
- print "%s" % e[0]['desc']
+ print e
return 1
if args[0] == "enable":
entry = None
try:
entry = get_nis_config(conn)
- except ldap.LDAPError, e:
+ except errors.LDAPError, e:
print "An error occurred while talking to the server."
- print "%s" % e[0]['desc']
+ print e
retval = 1
# Enable either the portmap or rpcbind service
@@ -142,27 +142,25 @@ def main():
ld = LDAPUpdate(dm_password=dirman_password, sub_dict={})
retval = ld.update(files)
else:
- if entry.getValue('nsslapd-pluginenabled').lower() == "off":
+ if entry.get('nsslapd-pluginenabled', '').lower() == 'off':
# Already configured, just enable the plugin
print "Enabling plugin"
- mod = [(ldap.MOD_REPLACE, "nsslapd-pluginenabled", "on")]
-
- conn.modify_s(nis_config_dn, mod)
+ mod = {'nsslapd-pluginenabled': 'on'}
+ conn.update_entry(nis_config_dn, mod)
else:
print "Plugin already Enabled"
retval = 2
elif args[0] == "disable":
try:
- mod = [(ldap.MOD_REPLACE, "nsslapd-pluginenabled", "off")]
-
- conn.modify_s(nis_config_dn, mod)
+ mod = {'nsslapd-pluginenabled': 'off'}
+ conn.update_entry(nis_config_dn, mod)
except errors.NotFound:
print "Plugin is already disabled"
retval = 2
- except ldap.LDAPError, e:
+ except errors.LDAPError, e:
print "An error occurred while talking to the server."
- print "%s" % e[0]['desc']
+ print e
retval = 1
else:
@@ -176,7 +174,7 @@ def main():
finally:
if conn:
- conn.unbind()
+ conn.disconnect()
return retval
@@ -198,6 +196,6 @@ except config.IPAConfigError, e:
print "An IPA server to update cannot be found. Has one been configured yet?"
print "The error was: %s" % e
sys.exit(1)
-except ldap.LDAPError, e:
+except errors.LDAPError, e:
print "An error occurred while performing operations: %s" % e
sys.exit(1)
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 4b348f64..da03809d 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -23,15 +23,14 @@ import socket
import tempfile, os, pwd, traceback, logging, shutil
from ConfigParser import SafeConfigParser
-import ldap
from ipapython import ipautil
from ipaserver.install import dsinstance, replication, installutils, krbinstance, service
from ipaserver.install import bindinstance, httpinstance, ntpinstance, certs
-from ipaserver import ipaldap
+from ipaserver.plugins.ldap2 import ldap2
from ipapython import version
-from ipalib import api, util
+from ipalib import api, errors, util
CACERT="/usr/share/ipa/html/ca.crt"
@@ -300,16 +299,17 @@ def main():
config.dir = dir
# Try out the password
+ ldapuri = 'ldap://%s' % config.master_host_name
try:
- conn = ipaldap.IPAdmin(config.master_host_name)
- conn.do_simple_bind(bindpw=config.dirman_password)
- conn.unbind()
- except ldap.CONNECT_ERROR, e:
- sys.exit("\nUnable to connect to LDAP server %s" % config.master_host_name)
- except ldap.SERVER_DOWN, e:
- sys.exit("\nUnable to connect to LDAP server %s" % config.master_host_name)
- except ldap.INVALID_CREDENTIALS, e :
+ conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn='')
+ conn.connect(
+ bind_dn='cn=directory manager', bind_pw=config.dirman_password
+ )
+ conn.disconnect()
+ except errors.ACIError:
sys.exit("\nThe password provided is incorrect for LDAP server %s" % config.master_host_name)
+ except errors.LDAPError:
+ sys.exit("\nUnable to connect to LDAP server %s" % config.master_host_name)
# Create the management framework config file
# Note: We must do this before bootstraping and finalizing ipalib.api
diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage
index b85c491e..91550bef 100755
--- a/install/tools/ipa-replica-manage
+++ b/install/tools/ipa-replica-manage
@@ -24,10 +24,9 @@ import traceback, logging
from ipapython import ipautil
from ipaserver.install import replication, dsinstance, installutils
-from ipaserver import ipaldap
+from ipaserver.plugins.ldap2 import ldap2
from ipapython import version
-from ipalib import util
-from ipalib import errors
+from ipalib import errors, util
def parse_options():
from optparse import OptionParser
@@ -73,7 +72,8 @@ def get_realm_name():
return c.default_realm
def get_suffix():
- suffix = ipaldap.IPAdmin.normalizeDN(util.realm_to_suffix(get_realm_name()))
+ l = ldap2(shared_instance=False, base_dn='')
+ suffix = l.normalize_dn(util.realm_to_suffix(get_realm_name()))
return suffix
def get_host_name():
diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare
index 11649173..87a3ae4c 100755
--- a/install/tools/ipa-replica-prepare
+++ b/install/tools/ipa-replica-prepare
@@ -29,11 +29,9 @@ from optparse import OptionParser
from ipapython import ipautil
from ipaserver.install import bindinstance, dsinstance, installutils, certs, httpinstance
from ipaserver.install.bindinstance import add_zone, add_reverze_zone, add_rr, add_ptr_rr
-from ipaserver import ipaldap
+from ipaserver.plugins.ldap2 import ldap2
from ipapython import version
-from ipalib import api
-from ipalib import util
-import ldap
+from ipalib import api, errors, util
def parse_options():
usage = "%prog [options] FQDN (e.g. replica.example.com)"
@@ -75,14 +73,16 @@ def parse_options():
return options, args
def get_subject_base(host_name, dm_password, suffix):
+ ldapuri = 'ldap://%s:389' % host_name
try:
- conn = ipaldap.IPAdmin(host_name)
- conn.do_simple_bind(bindpw=dm_password)
- except Exception, e:
+ conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn=suffix)
+ conn.connect(bind_dn='cn=directory manager', bind_pw=dm_password)
+ except errors.ExecutionError, e:
logging.critical("Could not connect to the Directory Server on %s" % host_name)
raise e
- entry = conn.getEntry("cn=ipaConfig, cn=etc, %s" % suffix, ldap.SCOPE_SUBTREE)
- return entry.getValue('ipacertificatesubjectbase')
+ (dn, entry_attrs) = conn.get_ipa_config()
+ conn.disconnect()
+ return entry_attrs.get('ipacertificatesubjectbase', [None])[0]
def check_ipa_configuration(realm_name):
config_dir = dsinstance.config_dirname(dsinstance.realm_to_serverid(realm_name))
@@ -236,16 +236,15 @@ def main():
sys.exit(0)
# Try out the password
+ ldapuri = 'ldap://%s:389' % api.env.host
try:
- conn = ipaldap.IPAdmin(api.env.host)
- conn.do_simple_bind(bindpw=dirman_password)
- conn.unbind()
- except ldap.CONNECT_ERROR, e:
- sys.exit("\nUnable to connect to LDAP server %s" % api.env.host)
- except ldap.SERVER_DOWN, e:
- sys.exit("\nUnable to connect to LDAP server %s" % api.env.host)
- except ldap.INVALID_CREDENTIALS, e :
+ conn = ldap2(shared_instance=False, ldap_uri=ldapuri)
+ conn.connect(bind_dn='cn=directory manager', bind_pw=dirman_password)
+ conn.disconnect()
+ except errors.ACIError:
sys.exit("\nThe password provided is incorrect for LDAP server %s" % api.env.host)
+ except errors.LDAPError:
+ sys.exit("\nUnable to connect to LDAP server %s" % api.env.host)
print "Preparing replica for %s from %s" % (replica_fqdn, api.env.host)
diff --git a/install/tools/ipa-server-certinstall b/install/tools/ipa-server-certinstall
index d02dbbba..d853f718 100755
--- a/install/tools/ipa-server-certinstall
+++ b/install/tools/ipa-server-certinstall
@@ -25,13 +25,13 @@ import tempfile
import traceback
-import krbV, ldap, getpass
+import krbV, getpass
from ipapython.ipautil import user_input
-from ipaserver import ipaldap
from ipaserver.install import certs, dsinstance, httpinstance, installutils
from ipalib import api
+from ipaserver.plugins.ldap2 import ldap2
def get_realm_name():
c = krbV.default_context()
@@ -64,14 +64,12 @@ def parse_options():
return options, args[0]
def set_ds_cert_name(cert_name, dm_password):
- conn = ipaldap.IPAdmin("127.0.0.1")
- conn.simple_bind_s("cn=directory manager", dm_password)
-
- mod = [(ldap.MOD_REPLACE, "nsSSLPersonalitySSL", cert_name)]
-
- conn.modify_s("cn=RSA,cn=encryption,cn=config", mod)
-
- conn.unbind()
+ ldapuri = 'ldap://127.0.0.1'
+ conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn='')
+ conn.connect(bind_dn='cn=directory manager', bind_pw=dm_password)
+ mod = {'nssslpersonalityssl': cert_name}
+ conn.update_entry('cn=RSA,cn=encryption,cn=config', mod)
+ conn.disconnect()
def choose_server_cert(server_certs):
print "Please select the certificate to use:"
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 314adf16..f0c3add0 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -35,7 +35,6 @@ import signal
import shutil
import glob
import traceback
-import ldap
from optparse import OptionParser
from ConfigParser import RawConfigParser
import random
@@ -51,11 +50,11 @@ from ipaserver.install import cainstance
from ipaserver.install import service
from ipapython import version
from ipaserver.install.installutils import *
-from ipaserver import ipaldap
+from ipaserver.plugins.ldap2 import ldap2
from ipapython import sysrestore
from ipapython.ipautil import *
-from ipalib import api, util
+from ipalib import api, errors, util
import ipawebui
@@ -411,19 +410,18 @@ def render_assets():
ui.render_assets()
def set_subject_in_config(host_name, dm_password, suffix, subject_base):
+ ldapuri = 'ldap://%s' % host_name
try:
- conn = ipaldap.IPAdmin(host_name)
- conn.do_simple_bind(bindpw=dm_password)
- except Exception, e:
+ conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn=suffix)
+ conn.connect(bind_dn='cn=directory manager', bind_pw=dm_password)
+ except errors.ExecutionError, e:
logging.critical("Could not connect to the Directory Server on %s" % host_name)
raise e
- entry = conn.getEntry("cn=ipaConfig, cn=etc, %s" % suffix, ldap.SCOPE_SUBTREE)
- if entry.getValue('ipaCertificateSubjectBase') is None:
- newentry = entry.toDict()
- newentry['ipaCertificateSubjectBase'] = subject_base
- conn.updateEntry(entry.dn, entry.toDict(), newentry)
-
- conn.unbind()
+ (dn, entry_attrs) = conn.get_ipa_config()
+ if 'ipacertificatesubjectbase' not in entry_attrs:
+ mod = {'ipacertificatesubjectbase': subject_base}
+ conn.update_entry(dn, mod)
+ conn.disconnect()
def main():
global ds