summaryrefslogtreecommitdiffstats
path: root/ipaserver/plugins
diff options
context:
space:
mode:
authorTomas Babej <tbabej@redhat.com>2013-03-13 14:47:03 +0100
committerMartin Kosek <mkosek@redhat.com>2013-03-25 10:58:23 +0100
commit2f0c7d6e233f3f9ed5559bf760f274c33c42be3d (patch)
tree0fee1a6e2f073188e079d50cc657bb4707005471 /ipaserver/plugins
parenta7ccc198a731d0e48319a73bcb2dd98c34de262a (diff)
downloadfreeipa-2f0c7d6e233f3f9ed5559bf760f274c33c42be3d.tar.gz
freeipa-2f0c7d6e233f3f9ed5559bf760f274c33c42be3d.tar.xz
freeipa-2f0c7d6e233f3f9ed5559bf760f274c33c42be3d.zip
Add logging to join command
The following is mentioned in the log now: - existence of host entry (if it already does exist) - missing krbprincipalname and its new value (if there was no principal name set) https://fedorahosted.org/freeipa/ticket/3481
Diffstat (limited to 'ipaserver/plugins')
-rw-r--r--ipaserver/plugins/join.py26
1 files changed, 20 insertions, 6 deletions
diff --git a/ipaserver/plugins/join.py b/ipaserver/plugins/join.py
index 6ea02b2e1..3b668053c 100644
--- a/ipaserver/plugins/join.py
+++ b/ipaserver/plugins/join.py
@@ -23,12 +23,13 @@ Joining an IPA domain
import krbV
-from ipalib import api, util
+from ipalib import api
from ipalib import Command, Str
from ipalib import errors
from ipalib import _
from ipaserver.install import installutils
+
def get_realm():
"""
Returns the default kerberos realm configured for this server.
@@ -37,6 +38,7 @@ def get_realm():
return unicode(krbctx.default_realm)
+
def validate_host(ugettext, cn):
"""
Require at least one dot in the hostname (to support localhost.localdomain)
@@ -46,6 +48,7 @@ def validate_host(ugettext, cn):
return 'Fully-qualified hostname required'
return None
+
class join(Command):
"""Join an IPA domain"""
@@ -59,7 +62,8 @@ class join(Command):
#normalizer=lamda value: value.lower(),
),
)
- takes_options= (
+
+ takes_options = (
Str('realm',
doc=_("The IPA realm"),
default_from=lambda: get_realm(),
@@ -90,33 +94,43 @@ class join(Command):
assert 'cn' not in kw
ldap = self.api.Backend.ldap2
- host = None
try:
# First see if the host exists
kw = {'fqdn': hostname, 'all': True}
attrs_list = api.Command['host_show'](**kw)['result']
dn = attrs_list['dn']
+ # No error raised so far means that host entry exists
+ self.log.info('Host entry for %s already exists, '
+ 'joining may fail on the client side '
+ 'if not forced', hostname)
+
# If no principal name is set yet we need to try to add
# one.
if 'krbprincipalname' not in attrs_list:
service = "host/%s@%s" % (hostname, api.env.realm)
api.Command['host_mod'](hostname, krbprincipalname=service)
+ self.log.info('No principal set, setting to %s', service)
# It exists, can we write the password attributes?
allowed = ldap.can_write(dn, 'krblastpwdchange')
if not allowed:
- raise errors.ACIError(info=_("Insufficient 'write' privilege to the 'krbLastPwdChange' attribute of entry '%s'.") % dn)
+ raise errors.ACIError(info=_("Insufficient 'write' privilege "
+ "to the 'krbLastPwdChange' attribute of entry '%s'.") % dn)
+ # Reload the attrs_list and dn so that we return update values
kw = {'fqdn': hostname, 'all': True}
attrs_list = api.Command['host_show'](**kw)['result']
dn = attrs_list['dn']
+
except errors.NotFound:
- attrs_list = api.Command['host_add'](hostname, force=True)['result']
+ attrs_list = api.Command['host_add'](hostname,
+ force=True)['result']
dn = attrs_list['dn']
config = api.Command['config_show']()['result']
- attrs_list['ipacertificatesubjectbase'] = config['ipacertificatesubjectbase']
+ attrs_list['ipacertificatesubjectbase'] =\
+ config['ipacertificatesubjectbase']
return (dn, attrs_list)