summaryrefslogtreecommitdiffstats
path: root/install
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2009-05-07 10:51:44 -0400
committerRob Crittenden <rcritten@redhat.com>2009-05-13 14:09:56 -0400
commitde88954b91f49387421f68a056a2e12cb6e94e7e (patch)
treeb08ac11d60882a2dbe1e2dc6bbc0933ae2bff5b0 /install
parenta2c99b0360b8cc327f1c11c6d3abadc415f80c43 (diff)
downloadfreeipa-de88954b91f49387421f68a056a2e12cb6e94e7e.tar.gz
freeipa-de88954b91f49387421f68a056a2e12cb6e94e7e.tar.xz
freeipa-de88954b91f49387421f68a056a2e12cb6e94e7e.zip
New tool to enable/disable DS plugin to act as NIS server
Diffstat (limited to 'install')
-rw-r--r--install/share/Makefile.am3
-rw-r--r--install/share/nis.uldif74
-rw-r--r--install/tools/Makefile.am1
-rwxr-xr-xinstall/tools/ipa-nis-manage186
-rw-r--r--install/tools/man/Makefile.am5
-rw-r--r--install/tools/man/ipa-nis-manage.145
6 files changed, 311 insertions, 3 deletions
diff --git a/install/share/Makefile.am b/install/share/Makefile.am
index 3a2ef87d5..754da8ee2 100644
--- a/install/share/Makefile.am
+++ b/install/share/Makefile.am
@@ -30,8 +30,9 @@ app_DATA = \
dna-posix.ldif \
master-entry.ldif \
memberof-task.ldif \
+ nis.uldif \
unique-attributes.ldif \
- schema_compat.uldif \
+ schema_compat.uldif \
$(NULL)
EXTRA_DIST = \
diff --git a/install/share/nis.uldif b/install/share/nis.uldif
new file mode 100644
index 000000000..78c5fa1ab
--- /dev/null
+++ b/install/share/nis.uldif
@@ -0,0 +1,74 @@
+dn: cn=NIS Server, cn=plugins, cn=config
+default:objectclass: top
+default:objectclass: nsSlapdPlugin
+default:objectclass: extensibleObject
+default:cn: NIS Server
+default:nsslapd-pluginpath: /usr/lib$LIBARCH/dirsrv/plugins/nisserver-plugin.so
+default:nsslapd-plugininitfunc: nis_plugin_init
+default:nsslapd-plugintype: object
+default:nsslapd-pluginenabled: on
+default:nsslapd-pluginid: nis-server
+default:nsslapd-pluginversion: 0.10
+default:nsslapd-pluginvendor: redhat.com
+default:nsslapd-plugindescription: NIS Server Plugin
+default:nis-tcp-wrappers-name: nis-server
+
+dn: nis-domain=$DOMAIN+nis-map=passwd.byname, cn=NIS Server, cn=plugins, cn=config
+default:objectclass: top
+default:objectclass: extensibleObject
+default:nis-domain: $DOMAIN
+default:nis-map: passwd.byname
+default:nis-base: cn=users, cn=accounts, $SUFFIX
+default:nis-secure: no
+
+dn: nis-domain=$DOMAIN+nis-map=passwd.byuid, cn=NIS Server, cn=plugins, cn=config
+default:objectclass: top
+default:objectclass: extensibleObject
+default:nis-domain: $DOMAIN
+default:nis-map: passwd.byuid
+default:nis-base: cn=users, cn=accounts, $SUFFIX
+default:nis-secure: no
+
+dn: nis-domain=$DOMAIN+nis-map=group.byname, cn=NIS Server, cn=plugins, cn=config
+default:objectclass: top
+default:objectclass: extensibleObject
+default:nis-domain: $DOMAIN
+default:nis-map: group.byname
+default:nis-base: cn=groups, cn=accounts, $SUFFIX
+default:nis-secure: no
+
+dn: nis-domain=$DOMAIN+nis-map=group.bygid, cn=NIS Server, cn=plugins, cn=config
+default:objectclass: top
+default:objectclass: extensibleObject
+default:nis-domain: $DOMAIN
+default:nis-map: group.bygid
+default:nis-base: cn=groups, cn=accounts, $SUFFIX
+default:nis-secure: no
+
+dn: nis-domain=$DOMAIN+nis-map=group.upg, cn=NIS Server, cn=plugins, cn=config
+default:objectclass: top
+default:objectclass: extensibleObject
+default:nis-domain: $DOMAIN
+default:nis-map: group.upg
+default:nis-base: cn=users, cn=accounts, $SUFFIX
+default:nis-filter: (objectclass=posixAccount)
+default:nis-key-format: %{uid}
+default:nis-value-format: %{uid}:*:%{gidNumber}:%{uid}
+default:nis-secure: no
+default:nis-disallowed-chars: :,
+
+dn: nis-domain=$DOMAIN+nis-map=netid.byname, cn=NIS Server, cn=plugins, cn=config
+default:objectclass: top
+default:objectclass: extensibleObject
+default:nis-domain: $DOMAIN
+default:nis-map: netid.byname
+default:nis-base: cn=users, cn=accounts, $SUFFIX
+default:nis-secure: no
+
+dn: nis-domain=$DOMAIN+nis-map=netgroup, cn=NIS Server, cn=plugins, cn=config
+default:objectclass: top
+default:objectclass: extensibleObject
+default:nis-domain: $DOMAIN
+default:nis-map: netgroup
+default:nis-base: cn=ng, cn=compat, cn=accounts, $SUFFIX
+default:nis-secure: no
diff --git a/install/tools/Makefile.am b/install/tools/Makefile.am
index 750ab6417..3af13dc15 100644
--- a/install/tools/Makefile.am
+++ b/install/tools/Makefile.am
@@ -12,6 +12,7 @@ sbin_SCRIPTS = \
ipa-server-certinstall \
ipactl \
ipa-compat-manage \
+ ipa-nis-manage \
ipa-fix-CVE-2008-3274 \
ipa-ldap-updater \
ipa-upgradeconfig \
diff --git a/install/tools/ipa-nis-manage b/install/tools/ipa-nis-manage
new file mode 100755
index 000000000..0325ca0ad
--- /dev/null
+++ b/install/tools/ipa-nis-manage
@@ -0,0 +1,186 @@
+#!/usr/bin/env python
+# Authors: Rob Crittenden <rcritten@redhat.com>
+# Authors: Simo Sorce <ssorce@redhat.com>
+#
+# Copyright (C) 2009 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import sys
+try:
+ from optparse import OptionParser
+ from ipaserver import ipaldap
+ from ipapython import entity, ipautil, config
+ from ipaserver.install import installutils
+ from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax, UPDATES_DIR
+ from ipalib import errors
+ import ldap
+ import logging
+except ImportError:
+ print >> sys.stderr, """\
+There was a problem importing one of the required Python modules. The
+error was:
+
+ %s
+""" % sys.exc_value
+ sys.exit(1)
+
+nis_config_dn = "cn=NIS Server, cn=plugins, cn=config"
+
+def parse_options():
+ usage = "%prog [options] <enable|disable>\n"
+ usage += "%prog [options]\n"
+ parser = OptionParser(usage=usage, formatter=config.IPAFormatter())
+
+ parser.add_option("-d", "--debug", action="store_true", dest="debug",
+ help="Display debugging information about the update(s)")
+ parser.add_option("-y", dest="password",
+ help="File containing the Directory Manager password")
+
+ config.add_standard_options(parser)
+ options, args = parser.parse_args()
+
+ config.init_config(options)
+
+ return options, args
+
+def get_dirman_password():
+ """Prompt the user for the Directory Manager password and verify its
+ correctness.
+ """
+ password = installutils.read_password("Directory Manager", confirm=False, validate=False)
+
+ return password
+
+def get_nis_config(conn):
+ entry = None
+ try:
+ entry = conn.getEntry(nis_config_dn, ldap.SCOPE_BASE, "(objectclass=*)")
+ except errors.NotFound:
+ pass
+ except ldap.LDAPError, e:
+ raise e
+
+ return entry
+
+def main():
+ retval = 0
+ loglevel = logging.NOTSET
+ files=['/usr/share/ipa/nis.uldif']
+
+ options, args = parse_options()
+ if options.debug:
+ loglevel = logging.DEBUG
+
+ if len(args) != 1:
+ print "You must specify one action, either enable or disable"
+ sys.exit(1)
+ elif args[0] != "enable" and args[0] != "disable":
+ print "Unrecognized action [" + args[0] + "]"
+ sys.exit(1)
+
+ logging.basicConfig(level=loglevel,
+ format='%(levelname)s %(message)s')
+
+ dirman_password = ""
+ if options.password:
+ pw = ipautil.template_file(options.password, [])
+ dirman_password = pw.strip()
+ else:
+ dirman_password = get_dirman_password()
+
+ try:
+ try:
+ conn = ipaldap.IPAdmin(installutils.get_fqdn())
+ conn.do_simple_bind(bindpw=dirman_password)
+ except ldap.LDAPError, e:
+ print "An error occurred while connecting to the server."
+ print "%s" % e[0]['desc']
+ return 1
+
+ if args[0] == "enable":
+ entry = None
+ try:
+ entry = get_nis_config(conn)
+ except ldap.LDAPError, e:
+ print "An error occurred while talking to the server."
+ print "%s" % e[0]['desc']
+ retval = 1
+
+ if entry is None:
+ print "Enabling plugin"
+
+ if entry is None:
+ # Load the plugin configuration
+ ld = LDAPUpdate(dm_password=dirman_password, sub_dict={})
+ retval = ld.update(files)
+ else:
+ if entry.getValue('nsslapd-pluginenabled').lower() == "off":
+ # Already configured, just enable the plugin
+ print "Enabling plugin"
+ mod = [(ldap.MOD_REPLACE, "nsslapd-pluginenabled", "on")]
+
+ conn.modify_s(nis_config_dn, mod)
+ else:
+ print "Plugin already Enabled"
+ retval = 2
+
+ elif args[0] == "disable":
+ try:
+ mod = [(ldap.MOD_REPLACE, "nsslapd-pluginenabled", "off")]
+
+ conn.modify_s(nis_config_dn, mod)
+ except errors.NotFound:
+ print "Plugin is already disabled"
+ retval = 2
+ except ldap.LDAPError, e:
+ print "An error occurred while talking to the server."
+ print "%s" % e[0]['desc']
+ retval = 1
+
+ else:
+ retval = 1
+
+ if retval == 0:
+ print "This setting will not take effect until you restart Directory Server."
+
+ finally:
+ if conn:
+ conn.unbind()
+
+ return retval
+
+try:
+ if __name__ == "__main__":
+ sys.exit(main())
+except BadSyntax, e:
+ print "There is a syntax error in this update file:"
+ print " %s" % e
+ sys.exit(1)
+except RuntimeError, e:
+ print "%s" % e
+ sys.exit(1)
+except SystemExit, e:
+ sys.exit(e)
+except KeyboardInterrupt, e:
+ sys.exit(1)
+except config.IPAConfigError, e:
+ print "An IPA server to update cannot be found. Has one been configured yet?"
+ print "The error was: %s" % e
+ sys.exit(1)
+except ldap.LDAPError, e:
+ print "An error occurred while performing operations: %s" % e
+ sys.exit(1)
diff --git a/install/tools/man/Makefile.am b/install/tools/man/Makefile.am
index b2c3fa360..bcbea81ac 100644
--- a/install/tools/man/Makefile.am
+++ b/install/tools/man/Makefile.am
@@ -10,8 +10,9 @@ man1_MANS = \
ipa-replica-prepare.1 \
ipa-server-certinstall.1 \
ipa-server-install.1 \
- ipa-ldap-updater.1 \
- ipa-compat-manage.1
+ ipa-ldap-updater.1 \
+ ipa-compat-manage.1 \
+ ipa-nis-manage.1
man8_MANS = \
ipactl.8 \
diff --git a/install/tools/man/ipa-nis-manage.1 b/install/tools/man/ipa-nis-manage.1
new file mode 100644
index 000000000..ee8ed159e
--- /dev/null
+++ b/install/tools/man/ipa-nis-manage.1
@@ -0,0 +1,45 @@
+.\" A man page for ipa-nis-manage
+.\" Copyright (C) 2009 Red Hat, Inc.
+.\"
+.\" This is free software; you can redistribute it and/or modify it under
+.\" the terms of the GNU Library General Public License as published by
+.\" the Free Software Foundation; version 2 only
+.\"
+.\" This program is distributed in the hope that it will be useful, but
+.\" WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+.\" General Public License for more details.
+.\"
+.\" You should have received a copy of the GNU Library General Public
+.\" License along with this program; if not, write to the Free Software
+.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+.\"
+.\" Author: Rob Crittenden <rcritten@redhat.com>
+.\"
+.TH "ipa-nis-manage" "1" "May 6 2009" "freeipa" ""
+.SH "NAME"
+ipa\-nis\-manage \- Enables or disables the NIS listener plugin
+.SH "SYNOPSIS"
+ipa\-nis\-manage [options] <enable|disable>
+.SH "DESCRIPTION"
+Run the command with the \fBenable\fR option to enable the NIS plugin.
+
+Run the command with the \fBdisable\fR option to disable the compat plugin.
+
+In both cases the user will be prompted to provide the Directory Manager's password unless option \fB\-y\fR is used.
+
+Directory Server will need to be restarted after the NIS listener plugin has been enabled.
+
+.SH "OPTIONS"
+.TP
+\fB\-d\fR, \fB\-\-debug\fR
+Enable debug logging when more verbose output is needed
+.TP
+\fB\-y\fR \fIfile\fR
+File containing the Directory Manager password
+.SH "EXIT STATUS"
+0 if the command was successful
+
+1 if an error occurred
+
+2 if the plugin is already in the required status (enabled or disabled)