diff options
author | Tomas Babej <tbabej@redhat.com> | 2013-03-13 14:47:03 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2013-03-25 10:58:23 +0100 |
commit | 2f0c7d6e233f3f9ed5559bf760f274c33c42be3d (patch) | |
tree | 0fee1a6e2f073188e079d50cc657bb4707005471 /ipaserver/plugins | |
parent | a7ccc198a731d0e48319a73bcb2dd98c34de262a (diff) | |
download | freeipa-2f0c7d6e233f3f9ed5559bf760f274c33c42be3d.tar.gz freeipa-2f0c7d6e233f3f9ed5559bf760f274c33c42be3d.tar.xz freeipa-2f0c7d6e233f3f9ed5559bf760f274c33c42be3d.zip |
Add logging to join command
The following is mentioned in the log now:
- existence of host entry (if it already does exist)
- missing krbprincipalname and its new value (if there was no
principal name set)
https://fedorahosted.org/freeipa/ticket/3481
Diffstat (limited to 'ipaserver/plugins')
-rw-r--r-- | ipaserver/plugins/join.py | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/ipaserver/plugins/join.py b/ipaserver/plugins/join.py index 6ea02b2e1..3b668053c 100644 --- a/ipaserver/plugins/join.py +++ b/ipaserver/plugins/join.py @@ -23,12 +23,13 @@ Joining an IPA domain import krbV -from ipalib import api, util +from ipalib import api from ipalib import Command, Str from ipalib import errors from ipalib import _ from ipaserver.install import installutils + def get_realm(): """ Returns the default kerberos realm configured for this server. @@ -37,6 +38,7 @@ def get_realm(): return unicode(krbctx.default_realm) + def validate_host(ugettext, cn): """ Require at least one dot in the hostname (to support localhost.localdomain) @@ -46,6 +48,7 @@ def validate_host(ugettext, cn): return 'Fully-qualified hostname required' return None + class join(Command): """Join an IPA domain""" @@ -59,7 +62,8 @@ class join(Command): #normalizer=lamda value: value.lower(), ), ) - takes_options= ( + + takes_options = ( Str('realm', doc=_("The IPA realm"), default_from=lambda: get_realm(), @@ -90,33 +94,43 @@ class join(Command): assert 'cn' not in kw ldap = self.api.Backend.ldap2 - host = None try: # First see if the host exists kw = {'fqdn': hostname, 'all': True} attrs_list = api.Command['host_show'](**kw)['result'] dn = attrs_list['dn'] + # No error raised so far means that host entry exists + self.log.info('Host entry for %s already exists, ' + 'joining may fail on the client side ' + 'if not forced', hostname) + # If no principal name is set yet we need to try to add # one. if 'krbprincipalname' not in attrs_list: service = "host/%s@%s" % (hostname, api.env.realm) api.Command['host_mod'](hostname, krbprincipalname=service) + self.log.info('No principal set, setting to %s', service) # It exists, can we write the password attributes? allowed = ldap.can_write(dn, 'krblastpwdchange') if not allowed: - raise errors.ACIError(info=_("Insufficient 'write' privilege to the 'krbLastPwdChange' attribute of entry '%s'.") % dn) + raise errors.ACIError(info=_("Insufficient 'write' privilege " + "to the 'krbLastPwdChange' attribute of entry '%s'.") % dn) + # Reload the attrs_list and dn so that we return update values kw = {'fqdn': hostname, 'all': True} attrs_list = api.Command['host_show'](**kw)['result'] dn = attrs_list['dn'] + except errors.NotFound: - attrs_list = api.Command['host_add'](hostname, force=True)['result'] + attrs_list = api.Command['host_add'](hostname, + force=True)['result'] dn = attrs_list['dn'] config = api.Command['config_show']()['result'] - attrs_list['ipacertificatesubjectbase'] = config['ipacertificatesubjectbase'] + attrs_list['ipacertificatesubjectbase'] =\ + config['ipacertificatesubjectbase'] return (dn, attrs_list) |