diff options
author | Tomas Babej <tbabej@redhat.com> | 2014-09-30 08:49:54 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-09-30 10:42:06 +0200 |
commit | 2a230b6cc16037fbf56d79bfde2fb4d1ab386ef6 (patch) | |
tree | 46ba855898f72a0899168ff5335bf41054fba56d /ipaserver | |
parent | 51816930a662e0312589cca2981e8ae4d32da779 (diff) | |
download | freeipa-2a230b6cc16037fbf56d79bfde2fb4d1ab386ef6.tar.gz freeipa-2a230b6cc16037fbf56d79bfde2fb4d1ab386ef6.tar.xz freeipa-2a230b6cc16037fbf56d79bfde2fb4d1ab386ef6.zip |
idviews: Create Default Trust View for upgraded servers
For upgraded servers with enabled AD trust support, we want to
ensure that Default Trust View entry is created.
Part of: https://fedorahosted.org/freeipa/ticket/3979
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/plugins/adtrust.py | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/ipaserver/install/plugins/adtrust.py b/ipaserver/install/plugins/adtrust.py index d567aea8e..e5082fe04 100644 --- a/ipaserver/install/plugins/adtrust.py +++ b/ipaserver/install/plugins/adtrust.py @@ -117,4 +117,52 @@ class update_default_range(PostUpdate): return (False, True, [updates]) + +class update_default_trust_view(PostUpdate): + """ + Create Default Trust View for upgraded servers. + """ + order = MIDDLE + + def execute(self, **options): + ldap = self.obj.backend + + default_trust_view_dn = DN(('cn', 'Default Trust View'), + api.env.container_views, + api.env.basedn) + + default_trust_view_entry = [ + 'objectclass: top', + 'objectclass: ipaIDView' + 'cn: Default Trust View', + 'description: Default Trust View for AD users. ' + 'Should not be deleted.' + ] + + # First, see if trusts are enabled on the server + if not self.api.Command.adtrust_is_enabled()['result']: + self.log.info('AD Trusts are not enabled on this server') + return (False, False, []) + + # Second, make sure the Default Trust View does not exist yet + try: + ldap.get_entry(default_trust_view_dn) + except errors.NotFound: + pass + else: + self.log.info('Default Trust View already present on this server') + return (False, False, []) + + # We have a server with AD trust support without Default Trust View. + # Create the Default Trust View entry. + + updates = {} + updates[default_trust_view_dn] = { + 'dn': default_trust_view_dn, + 'default': default_trust_view_entry + } + + return (False, True, [updates]) + api.register(update_default_range) +api.register(update_default_trust_view) |