diff options
author | Jan Cholasta <jcholast@redhat.com> | 2011-07-21 16:00:27 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2011-07-22 10:38:49 +0200 |
commit | df7ee2ccf5ff12ab43b1a97385b4f28bc64ef083 (patch) | |
tree | baef94583a3c76dba7e1ea758f02d6b19a5693e3 /install/tools/ipa-compat-manage | |
parent | abb5ee22d2c842b8ba1f68ce4d2ec47c306448aa (diff) | |
download | freeipa-df7ee2ccf5ff12ab43b1a97385b4f28bc64ef083.tar.gz freeipa-df7ee2ccf5ff12ab43b1a97385b4f28bc64ef083.tar.xz freeipa-df7ee2ccf5ff12ab43b1a97385b4f28bc64ef083.zip |
Fix ipa-compat-manage not working after recent ipa-nis-manage change.
ticket 1147
Diffstat (limited to 'install/tools/ipa-compat-manage')
-rwxr-xr-x | install/tools/ipa-compat-manage | 108 |
1 files changed, 67 insertions, 41 deletions
diff --git a/install/tools/ipa-compat-manage b/install/tools/ipa-compat-manage index 1203b00aa..07531fddc 100755 --- a/install/tools/ipa-compat-manage +++ b/install/tools/ipa-compat-manage @@ -37,7 +37,8 @@ error was: """ % sys.exc_value sys.exit(1) -netgroup_compat_dn = "cn=ng,cn=Schema Compatibility,cn=plugins,cn=config" +compat_dn = "cn=Schema Compatibility,cn=plugins,cn=config" +nis_config_dn = "cn=NIS Server,cn=plugins,cn=config" def parse_options(): usage = "%prog [options] <enable|disable>\n" @@ -64,6 +65,18 @@ def get_dirman_password(): return password +def get_entry(dn, conn): + """ + Return the entry for the given DN. If the entry is not found return + None. + """ + entry = None + try: + (dn, entry) = conn.get_entry(dn, normalize=False) + except errors.NotFound: + pass + return entry + def main(): retval = 0 loglevel = logging.ERROR @@ -104,68 +117,81 @@ def main(): sys.exit("Authentication failed: %s" % e.info) if args[0] == "status": + entry = None try: - conn.get_entry('cn=Schema Compatibility,cn=plugins,cn=config', normalize=False) - print "Plugin Enabled" - except errors.NotFound: - print "Plugin Disabled" + entry = get_entry(compat_dn, conn) + if entry is not None and entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'on': + print "Plugin Enabled" + else: + print "Plugin Disabled" except errors.LDAPError, lde: print "An error occurred while talking to the server." print lde - return 0 if args[0] == "enable": + entry = None try: - conn.get_entry('cn=Schema Compatibility,cn=plugins,cn=config', normalize=False) - print "Plugin already Enabled" - retval = 2 - except errors.NotFound: - print "Enabling plugin" + entry = get_entry(compat_dn, conn) + if entry is not None and entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'on': + print "Plugin already Enabled" + retval = 2 + else: + print "Enabling plugin" + + if entry is None: + ld = LDAPUpdate(dm_password=dirman_password, sub_dict={}) + if not ld.update(files): + print "Updating Directory Server failed." + retval = 1 + else: + mod = {'nsslapd-pluginenabled': 'on'} + conn.update_entry(compat_dn, mod, normalize=False) except errors.ExecutionError, lde: print "An error occurred while talking to the server." print lde retval = 1 - if retval == 0: - ld = LDAPUpdate(dm_password=dirman_password, sub_dict={}) - rv = ld.update(files) - if rv: - print "This setting will not take effect until you restart Directory Server." - else: - print "Updating Directory Server failed." - retval = 1 - elif args[0] == "disable": - # We can't disable schema compat if the NIS plugin is enabled - try: - conn.get_entry(netgroup_compat_dn, normalize=False) - print >>sys.stderr, "The NIS plugin is configured, cannot disable compatibility." - print >>sys.stderr, "Run 'ipa-nis-manage disable' first." - sys.exit(2) - except errors.NotFound: - pass - # Make a quick hack for now, directly delete the entries by name, - # In future we should add delete capabilites to LDAPUpdate + entry = None try: - conn.delete_entry('cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config', normalize=False) - conn.delete_entry('cn=groups,cn=Schema Compatibility,cn=plugins,cn=config', normalize=False) - conn.delete_entry('cn=users,cn=Schema Compatibility,cn=plugins,cn=config', normalize=False) - conn.delete_entry('cn=Schema Compatibility,cn=plugins,cn=config', normalize=False) - except errors.NotFound: - print "Plugin is already disabled" - retval = 2 - except errors.DatabaseError, dbe: - print "An error occurred while talking to the server." - print dbe - retval = 1 + entry = get_entry(nis_config_dn, conn) + # We can't disable schema compat if the NIS plugin is enabled + if entry is not None and entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'on': + print >>sys.stderr, "The NIS plugin is configured, cannot disable compatibility." + print >>sys.stderr, "Run 'ipa-nis-manage disable' first." + retval = 2 except errors.ExecutionError, lde: print "An error occurred while talking to the server." print lde retval = 1 + if retval == 0: + entry = None + try: + entry = get_entry(compat_dn, conn) + if entry is None or entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'off': + print "Plugin is already disabled" + retval = 2 + else: + print "Disabling plugin" + + mod = {'nsslapd-pluginenabled': 'off'} + conn.update_entry(compat_dn, mod, normalize=False) + except errors.DatabaseError, dbe: + print "An error occurred while talking to the server." + print dbe + retval = 1 + except errors.ExecutionError, lde: + print "An error occurred while talking to the server." + print lde + retval = 1 + else: retval = 1 + if retval == 0: + print "This setting will not take effect until you restart Directory Server." + finally: if conn and conn.isconnected(): conn.disconnect() |