summaryrefslogtreecommitdiffstats
path: root/ipaserver/install/upgradeinstance.py
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2011-03-18 11:19:53 -0400
committerRob Crittenden <rcritten@redhat.com>2011-03-21 13:23:53 -0400
commitca5332951c68904b0763f79f3612209271206b2a (patch)
treed2e39143f5d1b7b78fb40fd906e0d722c1b19d3d /ipaserver/install/upgradeinstance.py
parentba5e0c43070c1ec77e45a032cd3dabbe0f7a76fc (diff)
downloadfreeipa-ca5332951c68904b0763f79f3612209271206b2a.tar.gz
freeipa-ca5332951c68904b0763f79f3612209271206b2a.tar.xz
freeipa-ca5332951c68904b0763f79f3612209271206b2a.zip
Automatically update IPA LDAP on rpm upgrades
Re-enable ldapi code in ipa-ldap-updater and remove the searchbase restriction when run in --upgrade mode. This allows us to autobind giving root Directory Manager powers. This also: * corrects the ipa-ldap-updater man page * remove automatic --realm, --server, --domain options * handle upgrade errors properly * saves a copy of dse.ldif before we change it so it can be recovered * fixes an error discovered by pylint ticket 1087
Diffstat (limited to 'ipaserver/install/upgradeinstance.py')
-rw-r--r--ipaserver/install/upgradeinstance.py31
1 files changed, 27 insertions, 4 deletions
diff --git a/ipaserver/install/upgradeinstance.py b/ipaserver/install/upgradeinstance.py
index 156c4c2d..ad977b74 100644
--- a/ipaserver/install/upgradeinstance.py
+++ b/ipaserver/install/upgradeinstance.py
@@ -19,6 +19,8 @@
import os
import sys
+import shutil
+import random
from ipaserver.install import installutils
from ipaserver.install import dsinstance
@@ -41,12 +43,19 @@ class IPAUpgrade(service.Service):
live_run: boolean that defines if we are in test or live mode.
"""
+ ext = ''
+ rand = random.Random()
+ for i in range(8):
+ h = "%02x" % rand.randint(0,255)
+ ext += h
service.Service.__init__(self, "dirsrv")
serverid = dsinstance.realm_to_serverid(realm_name)
self.filename = '%s%s/%s' % (DSBASE, serverid, DSE)
+ self.savefilename = '%s%s/%s.ipa.%s' % (DSBASE, serverid, DSE, ext)
self.live_run = live_run
self.files = files
self.modified = False
+ self.badsyntax = False
def create_instance(self):
self.step("stopping directory server", self.stop)
@@ -61,21 +70,26 @@ class IPAUpgrade(service.Service):
self.start_creation("Upgrading IPA:")
def __save_config(self):
+ shutil.copy2(self.filename, self.savefilename)
port = installutils.get_directive(self.filename, 'nsslapd-port',
separator=':')
security = installutils.get_directive(self.filename, 'nsslapd-security',
separator=':')
autobind = installutils.get_directive(self.filename,
'nsslapd-ldapiautobind', separator=':')
+ searchbase = installutils.get_directive(self.filename,
+ 'nsslapd-ldapientrysearchbase', separator=':')
self.backup_state('nsslapd-port', port)
self.backup_state('nsslapd-security', security)
self.backup_state('nsslapd-ldapiautobind', autobind)
+ self.backup_state('nsslapd-ldapientrysearchbase', searchbase)
def __restore_config(self):
port = self.restore_state('nsslapd-port')
security = self.restore_state('nsslapd-security')
autobind = self.restore_state('nsslapd-ldapiautobind')
+ searchbase = self.restore_state('nsslapd-ldapientrysearchbase')
installutils.set_directive(self.filename, 'nsslapd-port',
port, quotes=False, separator=':')
@@ -83,6 +97,9 @@ class IPAUpgrade(service.Service):
security, quotes=False, separator=':')
installutils.set_directive(self.filename, 'nsslapd-ldapiautobind',
autobind, quotes=False, separator=':')
+ installutils.set_directive(self.filename,
+ 'nsslapd-ldapientrysearchbase',
+ searchbase, quotes=False, separator=':')
def __disable_listeners(self):
installutils.set_directive(self.filename, 'nsslapd-port',
@@ -91,12 +108,18 @@ class IPAUpgrade(service.Service):
'off', quotes=False, separator=':')
installutils.set_directive(self.filename, 'nsslapd-ldapiautobind',
'on', quotes=False, separator=':')
+ installutils.set_directive(self.filename, 'nsslapd-ldapientrysearchbase',
+ '', quotes=False, separator=':')
def __upgrade(self):
- ld = ldapupdate.LDAPUpdate(dm_password='', ldapi=True, live_run=self.live_run)
- if len(self.files) == 0:
- self.files = ld.get_all_files(ldapupdate.UPDATES_DIR)
- self.modified = ld.update(self.files)
+ try:
+ ld = ldapupdate.LDAPUpdate(dm_password='', ldapi=True, live_run=self.live_run)
+ if len(self.files) == 0:
+ self.files = ld.get_all_files(ldapupdate.UPDATES_DIR)
+ self.modified = ld.update(self.files)
+ except ldapupdate.BadSyntax:
+ self.modified = False
+ self.badsyntax = True
def main():
if os.getegid() != 0: