Add DS migration plugin and password migration page.

author: Pavel Zuna <pzuna@redhat.com> 2010-01-12 16:40:09 +0100
committer: Rob Crittenden <rcritten@redhat.com> 2010-01-20 16:54:17 -0500
commit: c15c1eee729e912f4f55c90861d4dd0be0bdd601 (patch)
tree: d6f7897fec77a6be50daa7d33b81812ad73576aa /install
parent: 41a7a8d3d4d79cf15dac5583fc5aa8c301282c98 (diff)
download: freeipa.git-c15c1eee729e912f4f55c90861d4dd0be0bdd601.tar.gz
freeipa.git-c15c1eee729e912f4f55c90861d4dd0be0bdd601.tar.xz
freeipa.git-c15c1eee729e912f4f55c90861d4dd0be0bdd601.zip
9 files changed, 257 insertions, 0 deletions
diff --git a/install/Makefile.am b/install/Makefile.am
index 19665856..68a3c265 100644
--- a/install/Makefile.am
+++ b/install/Makefile.am
@@ -7,6 +7,7 @@ NULL =
 SUBDIRS =			\
         conf			\
         html			\
+        migration		\
         share			\
         tools			\
         updates			\
diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf
index 81a6bc69..b9562936 100644
--- a/install/conf/ipa.conf
+++ b/install/conf/ipa.conf
@@ -100,6 +100,18 @@ Alias /ipa-assets/ "/var/cache/ipa/assets/"
   ErrorDocument 401 /ipa/errors/unauthorized.html
 </Directory>
 
+# migration related pages
+Alias /ipa/migration "/usr/share/ipa/migration"
+
+<Directory "/usr/share/ipa/migration">
+    AllowOverride None
+    Satisfy Any
+    Allow from all
+
+    AddHandler mod_python .py
+    PythonHandler mod_python.publisher
+</Directory>
+
 #Alias /ipatest "/usr/share/ipa/ipatest"
 
 #<Directory "/usr/share/ipa/ipatest">
diff --git a/install/configure.ac b/install/configure.ac
index 7f96812f..826eeb04 100644
--- a/install/configure.ac
+++ b/install/configure.ac
@@ -34,6 +34,7 @@ AC_CONFIG_FILES([
     Makefile
     conf/Makefile
     html/Makefile
+    migration/Makefile
     share/Makefile
     tools/Makefile
     tools/man/Makefile
diff --git a/install/migration/Makefile.am b/install/migration/Makefile.am
new file mode 100644
index 00000000..201a807c
--- /dev/null
+++ b/install/migration/Makefile.am
@@ -0,0 +1,18 @@
+NULL =
+
+appdir = $(IPA_DATA_DIR)/migration
+app_DATA =                              \
+	error.html			\
+	index.html			\
+	invalid.html			\
+	migration.css			\
+	migration.py			\
+	$(NULL)
+
+EXTRA_DIST =                            \
+        $(app_DATA)                     \
+        $(NULL)
+
+MAINTAINERCLEANFILES =                  \
+        *~                              \
+        Makefile.in
diff --git a/install/migration/error.html b/install/migration/error.html
new file mode 100644
index 00000000..93ca8d29
--- /dev/null
+++ b/install/migration/error.html
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
+    "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <link rel="stylesheet" href="migration.css" type="text/css">
+    <title>IPA Password Migration Page: Error</title>
+</head>
+
+<body>
+<p>
+There was a problem with your request. Please, try again later.
+</p>
+<p>
+If the problem persists, contact your administrator.
+</p>
+</body>
+
diff --git a/install/migration/index.html b/install/migration/index.html
new file mode 100644
index 00000000..b3ea46b2
--- /dev/null
+++ b/install/migration/index.html
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
+    "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <link rel="stylesheet" href="migration.css" type="text/css">
+    <title>IPA Password Migration Page</title>
+</head>
+
+<body>
+<p>
+If you have been sent here by your administrator, your personal
+information is being migrated to a new Identity management solution (IPA).
+</p>
+<p>
+Please, enter your credentials in the form below to complete the process.
+</p>
+<p>
+Upon successful login your Kerberos account will be activated.
+</p>
+<div class="migration_form">
+<div class="migration_form_inner">
+<form action="migration.py/bind" method="post">
+    <div class="migration_form_title">
+        <span>Password Migration</span>
+    </div>
+    <div class="migration_form_input">
+        <label><em>U</em>sername:</label>
+        <input name="username" value="" type="text" accesskey="u" />
+    </div>
+    <div class="migration_form_input">
+        <label><em>P</em>assword:</label>
+        <input name="password" value="" type="password" accesskey="p" />
+    </div>
+    <div class="migration_form_submit">
+        <input name="submit" value="Migrate!" type="submit" />
+    </div>
+</form>
+</div>
+</div>
+</body>
+
+</html>
+
diff --git a/install/migration/invalid.html b/install/migration/invalid.html
new file mode 100644
index 00000000..70aa90da
--- /dev/null
+++ b/install/migration/invalid.html
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
+    "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <link rel="stylesheet" href="migration.css" type="text/css">
+    <title>IPA Password Migration Page: Invalid credentials</title>
+</head>
+
+<body>
+<p>
+Invalid username or password.
+</p>
+<p>
+<a href="index.html">Let me try again!</a>
+</p>
+</body>
+
diff --git a/install/migration/migration.css b/install/migration/migration.css
new file mode 100644
index 00000000..c32b1525
--- /dev/null
+++ b/install/migration/migration.css
@@ -0,0 +1,69 @@
+/* migration page CSS; author: Pavel Zuna <pzuna@redhat.com> */
+
+body
+{
+    font-family: Verdana;
+    text-align: center;
+}
+
+p
+{
+    font-size: 0.8em;
+    font-weight: bold;
+}
+
+.migration_form
+{
+    margin-left: auto;
+    margin-right: auto;
+    text-align: center;
+    width: 18em;
+}
+
+.migration_form_inner
+{
+    border: solid 1px #284775;
+    font-size: 0.8em;
+    padding: 4px;
+}
+
+.migration_form_title
+{
+    background: #5d7b9d;
+    color: #f7f6f3;
+    font-weight: bold;
+    height: 1.7em;
+    margin-bottom: 0.3em;
+    padding-top: 0.4em;
+    text-align: center;
+}
+
+.migration_form_input
+{
+    color: #5d7b9d;
+    font-size: 1em;
+    text-align: right;
+}
+
+.migration_form_input em
+{
+    font-style: normal;
+    text-decoration: underline;
+}
+
+.migration_form_submit
+{
+    text-align: center;
+}
+
+.migration_form_submit input
+{
+    background: #5d7b9d;
+    border: solid 1px #284775;
+    color: #f7f6f3;
+    height: 1.7em;
+    margin-top: 0.3em;
+}
+
+/* end of file */
+
diff --git a/install/migration/migration.py b/install/migration/migration.py
new file mode 100644
index 00000000..bf12c5ce
--- /dev/null
+++ b/install/migration/migration.py
@@ -0,0 +1,67 @@
+# Authors:
+#   Pavel Zuna <pzuna@redhat.com>
+#
+# Copyright (C) 2009  Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+"""
+Password migration script
+"""
+
+import ldap
+from mod_python import apache, util
+
+
+BASE_DN = ''
+LDAP_URI = 'ldap://localhost:389'
+
+
+def get_base_dn():
+    """
+    Retrieve LDAP server base DN.
+    """
+    if BASE_DN:
+        return BASE_DN
+    try:
+        conn = ldap.initialize(LDAP_URI)
+        conn.simple_bind_s('', '')
+        entries = conn.search_ext_s(
+            '', scope=ldap.SCOPE_BASE, attrlist=['namingcontexts']
+        )
+    except ldap.LDAPError:
+        return ''
+    conn.unbind_s()
+    try:
+        return entries[0][1]['namingcontexts'][0]
+    except (IndexError, KeyError):
+        return ''
+
+
+def bind(req, username, password):
+    base_dn = get_base_dn()
+    if not base_dn:
+        util.redirect(req, '/ipa/migration/error.html')
+    bind_dn = 'uid=%s,cn=users,cn=accounts,%s' % (username, base_dn)
+    try:
+        conn = ldap.initialize(LDAP_URI)
+        conn.simple_bind_s(bind_dn, password)
+    except (ldap.INVALID_CREDENTIALS, ldap.UNWILLING_TO_PERFORM,
+            ldap.NO_SUCH_OBJECT):
+        util.redirect(req, '/ipa/migration/invalid.html')
+    except ldap.LDAPError:
+        util.redirect(req, '/ipa/migration/error.html')
+    conn.unbind_s()
+    util.redirect(req, '/ipa/ui')
+
author	Pavel Zuna <pzuna@redhat.com>	2010-01-12 16:40:09 +0100
committer	Rob Crittenden <rcritten@redhat.com>	2010-01-20 16:54:17 -0500
commit	c15c1eee729e912f4f55c90861d4dd0be0bdd601 (patch)
tree	d6f7897fec77a6be50daa7d33b81812ad73576aa /install
parent	41a7a8d3d4d79cf15dac5583fc5aa8c301282c98 (diff)
download	freeipa.git-c15c1eee729e912f4f55c90861d4dd0be0bdd601.tar.gz freeipa.git-c15c1eee729e912f4f55c90861d4dd0be0bdd601.tar.xz freeipa.git-c15c1eee729e912f4f55c90861d4dd0be0bdd601.zip