From 3beaba9b958d74f96d6a48f2bbdbadc2df8e1b39 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 23 May 2008 14:51:50 -0400 Subject: Fix the case where domain != lower(REALM) add the domain to the ipa.conf file for apps that need to know This should fix a bug in the replica setup --- ipa-client/ipa-install/ipa-client-install | 29 ++++++++------- ipa-python/config.py | 57 +++++++++++++++++++++--------- ipa-server/ipa-install/ipa-replica-install | 9 +++++ ipa-server/ipa-install/ipa-replica-prepare | 11 ++---- ipa-server/ipa-install/ipa-server-install | 1 + 5 files changed, 69 insertions(+), 38 deletions(-) diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 54d7185a..17dd15a5 100644 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -202,23 +202,26 @@ def main(): return 1 # Configure ipa.conf - ipaconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer") - ipaconf.setOptionAssignment(" = ") - ipaconf.setSectionNameDelimiters(("[","]")) + if not options.on_master: + ipaconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer") + ipaconf.setOptionAssignment(" = ") + ipaconf.setSectionNameDelimiters(("[","]")) - opts = [{'name':'comment', 'type':'comment', 'value':'File modified by ipa-client-install'}, - {'name':'empty', 'type':'empty'}] + opts = [{'name':'comment', 'type':'comment', 'value':'File modified by ipa-client-install'}, + {'name':'empty', 'type':'empty'}] - #[defaults] - defopts = [{'name':'server', 'type':'option', 'value':cli_server}, - {'name':'realm', 'type':'option', 'value':cli_realm}] + #[defaults] + defopts = [{'name':'server', 'type':'option', 'value':cli_server}, + {'name':'realm', 'type':'option', 'value':cli_realm}, + {'name':'domain', 'type':'option', 'value':cli_domain}] - opts.append({'name':'defaults', 'type':'section', 'value':defopts}) - opts.append({'name':'empty', 'type':'empty'}) + opts.append({'name':'defaults', 'type':'section', 'value':defopts}) + opts.append({'name':'empty', 'type':'empty'}) + + fstore.backup_file("/etc/ipa/ipa.conf") + ipaconf.newConf("/etc/ipa/ipa.conf", opts) + print "Created /etc/ipa/ipa.conf" - fstore.backup_file("/etc/ipa/ipa.conf") - ipaconf.newConf("/etc/ipa/ipa.conf", opts) - print "Created /etc/ipa/ipa.conf" # Configure ldap.conf ldapconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer") diff --git a/ipa-python/config.py b/ipa-python/config.py index c760bb6e..4671faf9 100644 --- a/ipa-python/config.py +++ b/ipa-python/config.py @@ -39,6 +39,7 @@ class IPAConfig: def __init__(self): self.default_realm = None self.default_server = [] + self.default_domain = None def get_realm(self): if self.default_realm: @@ -52,6 +53,12 @@ class IPAConfig: else: raise IPAConfigError("no default server") + def get_domain(self): + if self.default_domain: + return self.default_domain + else: + raise IPAConfigError("no default domain") + # Global library config config = IPAConfig() @@ -65,6 +72,8 @@ def __parse_config(): if not len(config.default_server): s = p.get("defaults", "server") config.default_server = re.sub("\s+", "", s).split(',') + if not config.default_domain: + config.default_domain = p.get("defaults", "domain") except: pass @@ -76,22 +85,29 @@ def __discover_config(): if not config.default_realm: return False - #try once with REALM -> domain - name = "_ldap._tcp."+config.default_realm+"." - rs = ipa.dnsclient.query(name, ipa.dnsclient.DNS_C_IN, ipa.dnsclient.DNS_T_SRV) - rl = len(rs) + if not config.default_domain: + #try once with REALM -> domain + dom_name = config.default_realm.lower() + name = "_ldap._tcp."+dom_name+"." + rs = ipa.dnsclient.query(name, ipa.dnsclient.DNS_C_IN, ipa.dnsclient.DNS_T_SRV) + rl = len(rs) + if rl == 0: + #try cycling on domain components of FQDN + dom_name = socket.getfqdn() + while rl == 0: + tok = dom_name.find(".") + if tok == -1: + return False + dom_name = dom_name[tok+1:] + name = "_ldap._tcp." + dom_name + "." + rs = ipa.dnsclient.query(name, ipa.dnsclient.DNS_C_IN, ipa.dnsclient.DNS_T_SRV) + rl = len(rs) + + config.default_domain = dom_name - #try cycling on domain components of FQDN if rl == 0: - name = socket.getfqdn() - while rl == 0: - tok = name.find(".") - if tok == -1: - return False - name = name[tok+1:] - q = "_ldap._tcp." + name + "." - rs = ipa.dnsclient.query(q, ipa.dnsclient.DNS_C_IN, ipa.dnsclient.DNS_T_SRV) - rl = len(rs) + name = "_ldap._tcp."+config.default_domain+"." + rs = ipa.dnsclient.query(name, ipa.dnsclient.DNS_C_IN, ipa.dnsclient.DNS_T_SRV) for r in rs: if r.dns_type == ipa.dnsclient.DNS_T_SRV: @@ -104,6 +120,7 @@ def __discover_config(): def usage(): return """ --realm\tset the IPA realm --server\tset the IPA server + --domain\tset the IPA dns domain """ def __parse_args(args): @@ -126,11 +143,17 @@ def __parse_args(args): config.default_server.append(args[i + 1]) i = i + 2 continue + if args[i] == "--domain": + if i == len(args) - 1: + raise IPAConfigError("missing argument to --domain") + config.default_domain = args[i + 1] + i = i + 2 + continue out_args.append(args[i]) i = i + 1 - + return out_args - + def init_config(args=None): out_args = None @@ -144,6 +167,8 @@ def init_config(args=None): raise IPAConfigError("IPA realm not found in DNS, in the config file (/etc/ipa/ipa.conf) or on the command line.") if not config.default_server: raise IPAConfigError("IPA server not found in DNS, in the config file (/etc/ipa/ipa.conf) or on the command line.") + if not config.default_domain: + raise IPAConfigError("IPA domain not found in the config file (/etc/ipa/ipa.conf) or on the command line.") if out_args: return out_args diff --git a/ipa-server/ipa-install/ipa-replica-install b/ipa-server/ipa-install/ipa-replica-install index a42c970a..2b375165 100644 --- a/ipa-server/ipa-install/ipa-replica-install +++ b/ipa-server/ipa-install/ipa-replica-install @@ -33,6 +33,7 @@ from ipaserver import version class ReplicaConfig: def __init__(self): self.realm_name = "" + self.domain_name = "" self.master_host_name = "" self.dirman_password = "" self.ds_user = "" @@ -232,6 +233,14 @@ def main(): install_krb(config) install_http(config) + # Create the config file + fd = open("/etc/ipa/ipa.conf", "w") + fd.write("[defaults]\n") + fd.write("server=" + config.host_name + "\n") + fd.write("realm=" + config.realm_name + "\n") + fd.write("domain=" + config.domain_name + "\n") + fd.close() + # Create a Web Gui instance webgui = httpinstance.WebGuiInstance() webgui.create_instance() diff --git a/ipa-server/ipa-install/ipa-replica-prepare b/ipa-server/ipa-install/ipa-replica-prepare index 4090ad8a..914557dc 100644 --- a/ipa-server/ipa-install/ipa-replica-prepare +++ b/ipa-server/ipa-install/ipa-replica-prepare @@ -66,18 +66,11 @@ def get_realm_name(): def get_domain_name(): try: - conn = ipaldap.IPAdmin("127.0.0.1") - conn.simple_bind_s("", "") - - context = conn.getEntry("", ldap.SCOPE_BASE, '(objectclass=*)', [ 'namingContexts' ]) - conn.unbind() + ipa.config.init_config() + domain_name = ipa.config.config.get_domain() except Exception, e: return None - domain_name = context.getValue('namingContexts') - domain_name = domain_name.replace('dc=','') - domain_name = domain_name.replace(',','.') - return domain_name def check_ipa_configuration(realm_name): diff --git a/ipa-server/ipa-install/ipa-server-install b/ipa-server/ipa-install/ipa-server-install index b979e995..9b0baa24 100644 --- a/ipa-server/ipa-install/ipa-server-install +++ b/ipa-server/ipa-install/ipa-server-install @@ -495,6 +495,7 @@ def main(): fd.write("[defaults]\n") fd.write("server=" + host_name + "\n") fd.write("realm=" + realm_name + "\n") + fd.write("domain=" + domain_name + "\n") fd.close() # Create a Web Gui instance -- cgit