diff options
author | Rob Crittenden <rcritten@redhat.com> | 2011-03-18 11:19:53 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2011-03-21 13:23:53 -0400 |
commit | ca5332951c68904b0763f79f3612209271206b2a (patch) | |
tree | d2e39143f5d1b7b78fb40fd906e0d722c1b19d3d /ipaserver/install/upgradeinstance.py | |
parent | ba5e0c43070c1ec77e45a032cd3dabbe0f7a76fc (diff) | |
download | freeipa-ca5332951c68904b0763f79f3612209271206b2a.tar.gz freeipa-ca5332951c68904b0763f79f3612209271206b2a.tar.xz freeipa-ca5332951c68904b0763f79f3612209271206b2a.zip |
Automatically update IPA LDAP on rpm upgrades
Re-enable ldapi code in ipa-ldap-updater and remove the searchbase
restriction when run in --upgrade mode. This allows us to autobind
giving root Directory Manager powers.
This also:
* corrects the ipa-ldap-updater man page
* remove automatic --realm, --server, --domain options
* handle upgrade errors properly
* saves a copy of dse.ldif before we change it so it can be recovered
* fixes an error discovered by pylint
ticket 1087
Diffstat (limited to 'ipaserver/install/upgradeinstance.py')
-rw-r--r-- | ipaserver/install/upgradeinstance.py | 31 |
1 files changed, 27 insertions, 4 deletions
diff --git a/ipaserver/install/upgradeinstance.py b/ipaserver/install/upgradeinstance.py index 156c4c2d..ad977b74 100644 --- a/ipaserver/install/upgradeinstance.py +++ b/ipaserver/install/upgradeinstance.py @@ -19,6 +19,8 @@ import os import sys +import shutil +import random from ipaserver.install import installutils from ipaserver.install import dsinstance @@ -41,12 +43,19 @@ class IPAUpgrade(service.Service): live_run: boolean that defines if we are in test or live mode. """ + ext = '' + rand = random.Random() + for i in range(8): + h = "%02x" % rand.randint(0,255) + ext += h service.Service.__init__(self, "dirsrv") serverid = dsinstance.realm_to_serverid(realm_name) self.filename = '%s%s/%s' % (DSBASE, serverid, DSE) + self.savefilename = '%s%s/%s.ipa.%s' % (DSBASE, serverid, DSE, ext) self.live_run = live_run self.files = files self.modified = False + self.badsyntax = False def create_instance(self): self.step("stopping directory server", self.stop) @@ -61,21 +70,26 @@ class IPAUpgrade(service.Service): self.start_creation("Upgrading IPA:") def __save_config(self): + shutil.copy2(self.filename, self.savefilename) port = installutils.get_directive(self.filename, 'nsslapd-port', separator=':') security = installutils.get_directive(self.filename, 'nsslapd-security', separator=':') autobind = installutils.get_directive(self.filename, 'nsslapd-ldapiautobind', separator=':') + searchbase = installutils.get_directive(self.filename, + 'nsslapd-ldapientrysearchbase', separator=':') self.backup_state('nsslapd-port', port) self.backup_state('nsslapd-security', security) self.backup_state('nsslapd-ldapiautobind', autobind) + self.backup_state('nsslapd-ldapientrysearchbase', searchbase) def __restore_config(self): port = self.restore_state('nsslapd-port') security = self.restore_state('nsslapd-security') autobind = self.restore_state('nsslapd-ldapiautobind') + searchbase = self.restore_state('nsslapd-ldapientrysearchbase') installutils.set_directive(self.filename, 'nsslapd-port', port, quotes=False, separator=':') @@ -83,6 +97,9 @@ class IPAUpgrade(service.Service): security, quotes=False, separator=':') installutils.set_directive(self.filename, 'nsslapd-ldapiautobind', autobind, quotes=False, separator=':') + installutils.set_directive(self.filename, + 'nsslapd-ldapientrysearchbase', + searchbase, quotes=False, separator=':') def __disable_listeners(self): installutils.set_directive(self.filename, 'nsslapd-port', @@ -91,12 +108,18 @@ class IPAUpgrade(service.Service): 'off', quotes=False, separator=':') installutils.set_directive(self.filename, 'nsslapd-ldapiautobind', 'on', quotes=False, separator=':') + installutils.set_directive(self.filename, 'nsslapd-ldapientrysearchbase', + '', quotes=False, separator=':') def __upgrade(self): - ld = ldapupdate.LDAPUpdate(dm_password='', ldapi=True, live_run=self.live_run) - if len(self.files) == 0: - self.files = ld.get_all_files(ldapupdate.UPDATES_DIR) - self.modified = ld.update(self.files) + try: + ld = ldapupdate.LDAPUpdate(dm_password='', ldapi=True, live_run=self.live_run) + if len(self.files) == 0: + self.files = ld.get_all_files(ldapupdate.UPDATES_DIR) + self.modified = ld.update(self.files) + except ldapupdate.BadSyntax: + self.modified = False + self.badsyntax = True def main(): if os.getegid() != 0: |