#!/usr/bin/python2 # Authors: Rob Crittenden # Authors: Simo Sorce # # Copyright (C) 2008-2016 Red Hat, Inc. # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # from __future__ import print_function import sys from ipaplatform.paths import paths try: from optparse import OptionParser from ipapython import ipautil, config from ipaserver.install import installutils from ipaserver.install.ldapupdate import LDAPUpdate from ipaserver.plugins.ldap2 import ldap2 from ipalib import api, errors from ipapython.ipa_log_manager import standard_logging_setup from ipapython.dn import DN except ImportError as e: print("""\ There was a problem importing one of the required Python modules. The error was: %s """ % e, file=sys.stderr) sys.exit(1) compat_dn = DN(('cn', 'Schema Compatibility'), ('cn', 'plugins'), ('cn', 'config')) nis_config_dn = DN(('cn', 'NIS Server'), ('cn', 'plugins'), ('cn', 'config')) def parse_options(): usage = "%prog [options] \n" usage += "%prog [options]\n" parser = OptionParser(usage=usage, formatter=config.IPAFormatter()) parser.add_option("-d", "--debug", action="store_true", dest="debug", help="Display debugging information about the update(s)") parser.add_option("-y", dest="password", help="File containing the Directory Manager password") config.add_standard_options(parser) options, args = parser.parse_args() config.init_config(options) return options, args def get_dirman_password(): """Prompt the user for the Directory Manager password and verify its correctness. """ password = installutils.read_password("Directory Manager", confirm=False, validate=False) return password def get_entry(dn, conn): """ Return the entry for the given DN. If the entry is not found return None. """ entry = None try: entry = conn.get_entry(dn) except errors.NotFound: pass return entry def main(): retval = 0 files = [paths.SCHEMA_COMPAT_ULDIF] options, args = parse_options() if len(args) != 1: sys.exit("You must specify one action: enable | disable | status") elif args[0] != "enable" and args[0] != "disable" and args[0] != "status": sys.exit("Unrecognized action [" + args[0] + "]") standard_logging_setup(None, debug=options.debug) dirman_password = "" if options.password: pw = ipautil.template_file(options.password, []) dirman_password = pw.strip() else: dirman_password = get_dirman_password() if dirman_password is None: sys.exit("Directory Manager password required") api.bootstrap(context='cli', debug=options.debug) api.finalize() conn = None try: try: conn = ldap2(api) conn.connect( bind_dn=DN(('cn', 'directory manager')), bind_pw=dirman_password ) except errors.ExecutionError as lde: sys.exit("An error occurred while connecting to the server.\n%s\n" % str(lde)) except errors.ACIError as e: sys.exit("Authentication failed: %s" % e.info) if args[0] == "status": entry = None try: entry = get_entry(compat_dn, conn) if entry is not None and entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'on': print("Plugin Enabled") else: print("Plugin Disabled") except errors.LDAPError as lde: print("An error occurred while talking to the server.") print(lde) if args[0] == "enable": entry = None try: entry = get_entry(compat_dn, conn) if entry is not None and entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'on': print("Plugin already Enabled") retval = 2 else: print("Enabling plugin") if entry is None: ld = LDAPUpdate(dm_password=dirman_password, sub_dict={}) if not ld.update(files): print("Updating Directory Server failed.") retval = 1 else: entry['nsslapd-pluginenabled'] = ['on'] conn.update_entry(entry) except errors.ExecutionError as lde: print("An error occurred while talking to the server.") print(lde) retval = 1 elif args[0] == "disable": entry = None try: entry = get_entry(nis_config_dn, conn) # We can't disable schema compat if the NIS plugin is enabled if entry is not None and entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'on': print("The NIS plugin is configured, cannot disable compatibility.", file=sys.stderr) print("Run 'ipa-nis-manage disable' first.", file=sys.stderr) retval = 2 except errors.ExecutionError as lde: print("An error occurred while talking to the server.") print(lde) retval = 1 if retval == 0: entry = None try: entry = get_entry(compat_dn, conn) if entry is None or entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'off': print("Plugin is already disabled") retval = 2 else: print("Disabling plugin") entry['nsslapd-pluginenabled'] = ['off'] conn.update_entry(entry) except errors.DatabaseError as dbe: print("An error occurred while talking to the server.") print(dbe) retval = 1 except errors.ExecutionError as lde: print("An error occurred while talking to the server.") print(lde) retval = 1 else: retval = 1 if retval == 0: print("This setting will not take effect until you restart Directory Server.") finally: if conn and conn.isconnected(): conn.disconnect() return retval if __name__ == '__main__': installutils.run_script(main, operation_name='ipa-compat-manage')