diff options
Diffstat (limited to 'ipa-server/ipaserver')
| -rw-r--r-- | ipa-server/ipaserver/dsinstance.py | 34 | ||||
| -rw-r--r-- | ipa-server/ipaserver/radiusinstance.py | 15 |
2 files changed, 49 insertions, 0 deletions
diff --git a/ipa-server/ipaserver/dsinstance.py b/ipa-server/ipaserver/dsinstance.py index 284ad3a6..9a539470 100644 --- a/ipa-server/ipaserver/dsinstance.py +++ b/ipa-server/ipaserver/dsinstance.py @@ -84,6 +84,7 @@ class DsInstance(service.Service): self.__add_default_schemas() self.__add_memberof_module() self.__add_referint_module() + self.__add_dna_module() self.__create_indeces() self.__enable_ssl() self.__certmap_conf() @@ -93,7 +94,10 @@ class DsInstance(service.Service): except: # TODO: roll back here? logging.critical("Failed to restart the ds instance") + self.__config_uidgid_gen_first_master() self.__add_default_layout() + self.__add_master_entry_first_master() + self.step("configuring directoy to start on boot") self.chkconfig_on() @@ -183,6 +187,36 @@ class DsInstance(service.Service): print "Failed to load referint-conf.ldif", e referint_fd.close() + def __add_dna_module(self): + self.step("enabling distributed numeric assignment plugin") + dna_txt = template_file(SHARE_DIR + "dna-conf.ldif", self.sub_dict) + dna_fd = write_tmp_file(dna_txt) + try: + ldap_mod(dna_fd, "cn=Directory Manager", self.dm_password) + except subprocess.CalledProcessError, e: + print "Failed to load dna-conf.ldif", e + dna_fd.close() + + def __config_uidgid_gen_first_master(self): + self.step("configuring Posix uid/gid generation as first master") + dna_txt = template_file(SHARE_DIR + "dna-posix.ldif", self.sub_dict) + dna_fd = write_tmp_file(dna_txt) + try: + ldap_mod(dna_fd, "cn=Directory Manager", self.dm_password) + except subprocess.CalledProcessError, e: + print "Failed to configure Posix uid/gid generation with dna-posix.ldif", e + dna_fd.close() + + def __add_master_entry_first_master(self): + self.step("adding master entry as first master") + master_txt = template_file(SHARE_DIR + "master-entry.ldif", self.sub_dict) + master_fd = write_tmp_file(master_txt) + try: + ldap_mod(master_fd, "cn=Directory Manager", self.dm_password) + except subprocess.CalledProcessError, e: + print "Failed to add master-entry.ldif", e + master_fd.close() + def __enable_ssl(self): self.step("configuring ssl for ds instance") dirname = self.config_dirname() diff --git a/ipa-server/ipaserver/radiusinstance.py b/ipa-server/ipaserver/radiusinstance.py index 90727758..38091d69 100644 --- a/ipa-server/ipaserver/radiusinstance.py +++ b/ipa-server/ipaserver/radiusinstance.py @@ -51,6 +51,10 @@ from ipaserver.funcs import DefaultUserContainer, DefaultGroupContainer #------------------------------------------------------------------------------- +def ldap_mod(fd, dn, pwd): + args = ["/usr/bin/ldapmodify", "-h", "127.0.0.1", "-xv", "-D", dn, "-w", pwd, "-f", fd.name] + run(args) + def get_radius_version(): version = None try: @@ -160,6 +164,17 @@ class RadiusInstance(service.Service): except Exception, e: logging.error("could not chown on %s to %s: %s", IPA_KEYTAB_FILEPATH, RADIUS_USER, e) + def __set_ldap_encrypted_attributes(self): + ldif_file = 'encrypted_attribute.ldif' + self.step("setting ldap encrypted attributes") + ldif_txt = template_file(SHARE_DIR + ldif_file, {'ENCRYPTED_ATTRIBUTE':'radiusClientSecret') + ldif_fd = write_tmp_file(ldif_txt) + try: + ldap_mod(ldif_fd, "cn=Directory Manager", self.dm_password) + except subprocess.CalledProcessError, e: + logging.critical("Failed to load %s: %s" % (ldif_file, str(e))) + ldif_fd.close() + #------------------------------------------------------------------------------- # FIXME: this should be in a common area so it can be shared |