diff options
| author | Tomas Babej <tbabej@redhat.com> | 2013-10-30 17:17:19 +0100 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2013-10-31 09:22:34 +0100 |
| commit | 57ccee4eae97baab94a8cd4d6846ac161d4fd439 (patch) | |
| tree | e535c89651b32df6e56af17c648d6574b94ffc01 /ipaserver | |
| parent | 21137ab63c83c8f75823daa9a6f9b5d7885ebe59 (diff) | |
| download | freeipa-57ccee4eae97baab94a8cd4d6846ac161d4fd439.tar.gz freeipa-57ccee4eae97baab94a8cd4d6846ac161d4fd439.tar.xz freeipa-57ccee4eae97baab94a8cd4d6846ac161d4fd439.zip | |
advice: Add legacy client configuration script using nss-ldap
Part of: https://fedorahosted.org/freeipa/ticket/3833
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/advise/plugins/legacy_clients.py | 37 |
1 files changed, 36 insertions, 1 deletions
diff --git a/ipaserver/advise/plugins/legacy_clients.py b/ipaserver/advise/plugins/legacy_clients.py index c81fcf8b..1e076bf6 100644 --- a/ipaserver/advise/plugins/legacy_clients.py +++ b/ipaserver/advise/plugins/legacy_clients.py @@ -343,5 +343,40 @@ class config_freebsd_nss_pam_ldapd(config_base_legacy_client): self.log.command('curl -k https://%s/ipa/config/ca.crt > ' '%s' % (api.env.host, cacrt)) - api.register(config_freebsd_nss_pam_ldapd) + + +class config_redhat_nss_ldap(config_base_legacy_client): + """ + Legacy client configuration for Red Hat based systems, + using nss-ldap. + """ + description = ('Instructions for configuring a system with nss-ldap ' + 'as a FreeIPA client. This set of instructions is targeted ' + 'for platforms that include the authconfig utility, which ' + 'are all Red Hat based platforms.') + + def get_info(self): + uri, base = self.get_uri_and_base() + self.check_compat_plugin() + + self.log.comment('Install required packages via yum') + self.log.command('yum install -y wget openssl nss_ldap ' + 'authconfig which\n') + + self.configure_ca_cert() + + self.log.comment('Use the authconfig to configure nsswitch.conf ' + 'and the PAM stack') + self.log.command('authconfig --updateall --enableldap ' + '--enableldapauth --ldapserver=%s --ldapbasedn=%s\n' + % (uri, base)) + + def configure_ca_cert(self): + self.log.comment('NOTE: IPA certificate uses the SHA-256 hash ' + 'function. SHA-256 was introduced in RHEL5.2. ' + 'Therefore, clients older than RHEL5.2 will not be ' + 'able to interoperate with IPA server 3.x.') + super(config_redhat_nss_ldap, self).configure_ca_cert() + +api.register(config_redhat_nss_ldap) |