diff options
| author | Simo Sorce <simo@redhat.com> | 2015-07-05 07:18:25 -0400 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2015-08-27 07:55:51 +0200 |
| commit | 20dc3a4c3f2d5c3c85495002e118fffce27cd982 (patch) | |
| tree | 4632fc5b1d1a9c4ee3ebe86eec47814be9bc04e4 | |
| parent | 23b91dddd922f1479859dc3c3f1d35e6c302707d (diff) | |
| download | freeipa-20dc3a4c3f2d5c3c85495002e118fffce27cd982.tar.gz freeipa-20dc3a4c3f2d5c3c85495002e118fffce27cd982.tar.xz freeipa-20dc3a4c3f2d5c3c85495002e118fffce27cd982.zip | |
Move sasl mappings creation to dsinstance
Sasl mappings can be created directly by the DS Instance, there is
no reason to create them in the krbinstance as they do not depend on
the kdc to be configured just to be created.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
| -rw-r--r-- | ipaserver/install/dsinstance.py | 51 | ||||
| -rw-r--r-- | ipaserver/install/krbinstance.py | 48 |
2 files changed, 51 insertions, 48 deletions
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 6089dd85a..075c70f12 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -354,6 +354,7 @@ class DsInstance(service.Service): self.__common_setup(True) self.step("setting up initial replication", self.__setup_replica) + self.step("adding sasl mappings to the directory", self.__configure_sasl_mappings) self.step("updating schema", self.__update_schema) # See LDIFs for automember configuration during replica install self.step("setting Auto Member configuration", self.__add_replica_automember_config) @@ -378,6 +379,56 @@ class DsInstance(service.Service): r_bindpw=self.dm_password) self.run_init_memberof = repl.needs_memberof_fixup() + + def __configure_sasl_mappings(self): + # we need to remove any existing SASL mappings in the directory as otherwise they + # they may conflict. + + if not self.admin_conn: + self.ldap_connect() + + try: + res = self.admin_conn.get_entries( + DN(('cn', 'mapping'), ('cn', 'sasl'), ('cn', 'config')), + self.admin_conn.SCOPE_ONELEVEL, + "(objectclass=nsSaslMapping)") + for r in res: + try: + self.admin_conn.delete_entry(r) + except Exception, e: + root_logger.critical( + "Error during SASL mapping removal: %s", e) + raise + except Exception, e: + root_logger.critical("Error while enumerating SASL mappings %s", e) + raise + + entry = self.admin_conn.make_entry( + DN( + ('cn', 'Full Principal'), ('cn', 'mapping'), ('cn', 'sasl'), + ('cn', 'config')), + objectclass=["top", "nsSaslMapping"], + cn=["Full Principal"], + nsSaslMapRegexString=['\(.*\)@\(.*\)'], + nsSaslMapBaseDNTemplate=[self.suffix], + nsSaslMapFilterTemplate=['(krbPrincipalName=\\1@\\2)'], + nsSaslMapPriority=['10'], + ) + self.admin_conn.add_entry(entry) + + entry = self.admin_conn.make_entry( + DN( + ('cn', 'Name Only'), ('cn', 'mapping'), ('cn', 'sasl'), + ('cn', 'config')), + objectclass=["top", "nsSaslMapping"], + cn=["Name Only"], + nsSaslMapRegexString=['^[^:@]+$'], + nsSaslMapBaseDNTemplate=[self.suffix], + nsSaslMapFilterTemplate=['(krbPrincipalName=&@%s)' % self.realm], + nsSaslMapPriority=['10'], + ) + self.admin_conn.add_entry(entry) + def __update_schema(self): # FIXME: https://fedorahosted.org/389/ticket/47490 self._ldap_mod("schema-update.ldif") diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index 9f5ddcd2c..5670cc264 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -150,7 +150,6 @@ class KrbInstance(service.Service): self.__common_setup(realm_name, host_name, domain_name, admin_password) - self.step("adding sasl mappings to the directory", self.__configure_sasl_mappings) self.step("adding kerberos container to the directory", self.__add_krb_container) self.step("configuring KDC", self.__configure_instance) self.step("initialize kerberos container", self.__init_ipa_kdb) @@ -180,7 +179,6 @@ class KrbInstance(service.Service): self.__common_setup(realm_name, host_name, domain_name, admin_password) - self.step("adding sasl mappings to the directory", self.__configure_sasl_mappings) self.step("configuring KDC", self.__configure_instance) self.step("creating a keytab for the directory", self.__create_ds_keytab) self.step("creating a keytab for the machine", self.__create_host_keytab) @@ -245,52 +243,6 @@ class KrbInstance(service.Service): root_logger.debug("Persistent keyring CCACHE is not enabled") self.sub_dict['OTHER_LIBDEFAULTS'] = '' - def __configure_sasl_mappings(self): - # we need to remove any existing SASL mappings in the directory as otherwise they - # they may conflict. - - try: - res = self.admin_conn.get_entries( - DN(('cn', 'mapping'), ('cn', 'sasl'), ('cn', 'config')), - self.admin_conn.SCOPE_ONELEVEL, - "(objectclass=nsSaslMapping)") - for r in res: - try: - self.admin_conn.delete_entry(r) - except Exception as e: - root_logger.critical( - "Error during SASL mapping removal: %s", e) - raise - except Exception as e: - root_logger.critical("Error while enumerating SASL mappings %s", e) - raise - - entry = self.admin_conn.make_entry( - DN( - ('cn', 'Full Principal'), ('cn', 'mapping'), ('cn', 'sasl'), - ('cn', 'config')), - objectclass=["top", "nsSaslMapping"], - cn=["Full Principal"], - nsSaslMapRegexString=['\(.*\)@\(.*\)'], - nsSaslMapBaseDNTemplate=[self.suffix], - nsSaslMapFilterTemplate=['(krbPrincipalName=\\1@\\2)'], - nsSaslMapPriority=['10'], - ) - self.admin_conn.add_entry(entry) - - entry = self.admin_conn.make_entry( - DN( - ('cn', 'Name Only'), ('cn', 'mapping'), ('cn', 'sasl'), - ('cn', 'config')), - objectclass=["top", "nsSaslMapping"], - cn=["Name Only"], - nsSaslMapRegexString=['^[^:@]+$'], - nsSaslMapBaseDNTemplate=[self.suffix], - nsSaslMapFilterTemplate=['(krbPrincipalName=&@%s)' % self.realm], - nsSaslMapPriority=['10'], - ) - self.admin_conn.add_entry(entry) - def __add_krb_container(self): self._ldap_mod("kerberos.ldif", self.sub_dict) |