diff options
| author | Simo Sorce <ssorce@redhat.com> | 2007-07-02 15:51:04 -0400 |
|---|---|---|
| committer | Simo Sorce <ssorce@redhat.com> | 2007-07-02 15:51:04 -0400 |
| commit | 89c85f06d9a428bb0590cba3ebf2b3830802931e (patch) | |
| tree | 3987c8ce8ebb7b8098cb415d9bf264c16f5cfc09 | |
| parent | 2d2471d9f2fb385dfb5ec16502cc48de8def345f (diff) | |
| download | freeipa.git-89c85f06d9a428bb0590cba3ebf2b3830802931e.tar.gz freeipa.git-89c85f06d9a428bb0590cba3ebf2b3830802931e.tar.xz freeipa.git-89c85f06d9a428bb0590cba3ebf2b3830802931e.zip | |
Manage to create a spcific DS user for the ldap instance
Add uncalled code to load and configure the password extop plugin
| -rw-r--r-- | ipa-install/src/ipa-server-install | 6 | ||||
| -rw-r--r-- | ipa-install/src/ipa/dsinstance.py | 20 | ||||
| -rw-r--r-- | ipa-install/src/ipa/krbinstance.py | 16 |
3 files changed, 32 insertions, 10 deletions
diff --git a/ipa-install/src/ipa-server-install b/ipa-install/src/ipa-server-install index ad49d44d..5a611468 100644 --- a/ipa-install/src/ipa-server-install +++ b/ipa-install/src/ipa-server-install @@ -33,6 +33,8 @@ import ipa.krbinstance def parse_options(): parser = OptionParser(version=VERSION) + parser.add_option("-u", "--user", dest="ds_user", + help="ds user") parser.add_option("-r", "--realm", dest="realm_name", help="realm name") parser.add_option("-a", "--host-address", dest="host_name", @@ -56,10 +58,10 @@ def main(): filemode='w') options = parse_options() ds = ipa.dsinstance.DsInstance() - ds.create_instance(options.realm_name, options.host_name, options.password) + ds.create_instance(options.ds_user, options.realm_name, options.host_name, options.password) krb = ipa.krbinstance.KrbInstance() - krb.create_instance(options.realm_name, options.host_name, options.password, options.master_password) + krb.create_instance(options.ds_user, options.realm_name, options.host_name, options.password, options.master_password) #restart ds after the krb instance have add the sasl map ds.restart() diff --git a/ipa-install/src/ipa/dsinstance.py b/ipa-install/src/ipa/dsinstance.py index 8a2296c0..a275bf40 100644 --- a/ipa-install/src/ipa/dsinstance.py +++ b/ipa-install/src/ipa/dsinstance.py @@ -23,6 +23,7 @@ import string import tempfile import shutil import logging +import pwd SHARE_DIR = "/usr/share/ipa/" @@ -73,7 +74,7 @@ def run(args, stdin=None): INF_TEMPLATE = """ [General] FullMachineName= $FQHN -SuiteSpotUserID= nobody +SuiteSpotUserID= $USER ServerRoot= /usr/lib/fedora-ds-base [slapd] ServerPort= 389 @@ -91,13 +92,15 @@ class DsInstance: self.admin_password = None self.sub_dict = None - def create_instance(self, realm_name, host_name, admin_password): + def create_instance(self, ds_user, realm_name, host_name, admin_password): + self.ds_user = ds_user self.serverid = generate_serverid() self.realm_name = realm_name.upper() self.host_name = host_name self.admin_password = admin_password self.__setup_sub_dict() + self.__create_ds_user() self.__create_instance() self.__add_default_schemas() self.__enable_ssl() @@ -125,7 +128,14 @@ class DsInstance: suffix = realm_to_suffix(self.realm_name) self.sub_dict = dict(FQHN=self.host_name, SERVERID=self.serverid, PASSWORD=self.admin_password, SUFFIX=suffix, - REALM=self.realm_name) + REALM=self.realm_name, USER=self.ds_user) + + def __create_ds_user(self): + try: + pwd.getpwnam(self.ds_user) + except KeyError: + args = ["/usr/sbin/useradd", "-c", "DS System User", "-d", "/var/lib/fedora-ds", "-M", "-r", "-s", "/sbin/nologin", self.ds_user] + run(args) def __create_instance(self): inf_txt = template_str(INF_TEMPLATE, self.sub_dict) @@ -151,7 +161,3 @@ class DsInstance: args = ["/usr/bin/ldapmodify", "-xv", "-D", "cn=Directory Manager", "-w", self.admin_password, "-f", inf_fd.name] run(args) - - - - diff --git a/ipa-install/src/ipa/krbinstance.py b/ipa-install/src/ipa/krbinstance.py index d93c0a04..498f0506 100644 --- a/ipa-install/src/ipa/krbinstance.py +++ b/ipa-install/src/ipa/krbinstance.py @@ -74,6 +74,7 @@ def run(args, stdin=None): class KrbInstance: def __init__(self): + self.ds_user = None self.realm_name = None self.host_name = None self.admin_password = None @@ -82,7 +83,8 @@ class KrbInstance: self.kdc_password = None self.sub_dict = None - def create_instance(self, realm_name, host_name, admin_password, master_password): + def create_instance(self, ds_user, realm_name, host_name, admin_password, master_password): + self.ds_user = ds_user self.realm_name = realm_name.upper() self.host_name = host_name self.admin_password = admin_password @@ -153,3 +155,15 @@ class KrbInstance: #populate the directory with the realm structure args = ["/usr/kerberos/sbin/kdb5_ldap_util", "-D", "uid=kdc,cn=kerberos,"+self.suffix, "-w", self.kdc_password, "create", "-s", "-r", self.realm_name, "-subtrees", self.suffix, "-sscope", "sub"] run(args) + + # TODO: NOT called yet, need to find out how to make sure the plugin is available first + def __add_pwd_extop_module(self): + #add the password extop module + extop_txt = template_file(SHARE_DIR + "ipapwd_extop_plugin.ldif", self.sub_dict) + extop_fd = write_tmp_file(extop_txt) + ldap_mod(extop_fd, "cn=Directory Manager", self.admin_password) + extop_fd.close() + + #add an ACL to let the DS user read the master key + args = ["/usr/bin/setfacl", "-m", "u:"+self.ds_user+":r", "/var/kerberos/krb5kdc/.k5."+self.realm_name] + run(args) |