diff options
| author | Ludwig Krispenz <lkrispen@redhat.com> | 2015-05-20 17:12:04 +0200 |
|---|---|---|
| committer | Petr Vobornik <pvoborni@redhat.com> | 2015-05-26 10:43:50 +0200 |
| commit | 4bcc2546d59041f0d09960d6f9d44ca68bd424e1 (patch) | |
| tree | 4827c2d4654eddd56788a94ed11150d31a3e6709 /ipaserver | |
| parent | 25bf0c6e78dca62e7fa11cd654ed0d8675408176 (diff) | |
| download | freeipa-4bcc2546d59041f0d09960d6f9d44ca68bd424e1.tar.gz freeipa-4bcc2546d59041f0d09960d6f9d44ca68bd424e1.tar.xz freeipa-4bcc2546d59041f0d09960d6f9d44ca68bd424e1.zip | |
install part - manage topology in shared tree
https://fedorahosted.org/freeipa/ticket/4302
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/install/dsinstance.py | 9 | ||||
| -rw-r--r-- | ipaserver/install/plugins/fix_replica_agreements.py | 3 | ||||
| -rw-r--r-- | ipaserver/install/replication.py | 16 |
3 files changed, 27 insertions, 1 deletions
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index f1d24e49d..09139405d 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -60,6 +60,7 @@ IPA_SCHEMA_FILES = ("60kerberos.ldif", "65ipacertstore.ldif", "65ipasudo.ldif", "70ipaotp.ldif", + "70topology.ldif", "71idviews.ldif", "15rfc2307bis.ldif", "15rfc4876.ldif") @@ -238,6 +239,7 @@ class DsInstance(service.Service): self.step("configuring DNS plugin", self.__config_dns_module) self.step("enabling entryUSN plugin", self.__enable_entryusn) self.step("configuring lockout plugin", self.__config_lockout_module) + self.step("configuring topology plugin", self.__config_topology_module) self.step("creating indices", self.__create_indices) self.step("enabling referential integrity plugin", self.__add_referint_module) if enable_ssl: @@ -300,6 +302,7 @@ class DsInstance(service.Service): self.step("adding range check plugin", self.__add_range_check_plugin) if hbac_allow: self.step("creating default HBAC rule allow_all", self.add_hbac) + self.step("adding entries for topology management", self.__add_topology_entries) self.__common_post_setup() @@ -526,6 +529,9 @@ class DsInstance(service.Service): def __add_master_entry(self): self._ldap_mod("master-entry.ldif", self.sub_dict) + def __add_topology_entries(self): + self._ldap_mod("topology-entries.ldif", self.sub_dict) + def __add_winsync_module(self): self._ldap_mod("ipa-winsync-conf.ldif") @@ -554,6 +560,9 @@ class DsInstance(service.Service): def __config_lockout_module(self): self._ldap_mod("lockout-conf.ldif") + def __config_topology_module(self): + self._ldap_mod("ipa-topology-conf.ldif", self.sub_dict) + def __repoint_managed_entries(self): self._ldap_mod("repoint-managed-entries.ldif", self.sub_dict) diff --git a/ipaserver/install/plugins/fix_replica_agreements.py b/ipaserver/install/plugins/fix_replica_agreements.py index a2aa4bce4..1381c7cce 100644 --- a/ipaserver/install/plugins/fix_replica_agreements.py +++ b/ipaserver/install/plugins/fix_replica_agreements.py @@ -49,7 +49,8 @@ class update_replica_attribute_lists(Updater): self.log.debug("Found %d agreement(s)", len(ipa_replicas)) for replica in ipa_replicas: - self.log.debug(replica.single_value.get('description')) + for desc in replica.get('description', []): + self.log.debug(desc) self._update_attr(repl, replica, 'nsDS5ReplicatedAttributeList', diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index 8ac024308..643639ef4 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -416,6 +416,7 @@ class ReplicationManager(object): assert isinstance(replica_binddn, DN) dn = self.replica_dn() assert isinstance(dn, DN) + replica_groupdn = DN(('cn', 'replication managers'), ('cn', 'etc'), self.suffix) try: entry = conn.get_entry(dn) @@ -443,6 +444,8 @@ class ReplicationManager(object): nsds5replicatype=[replica_type], nsds5flags=["1"], nsds5replicabinddn=[replica_binddn], + nsds5replicabinddngroup=[replica_groupdn], + nsds5replicabinddngroupcheckinterval=["60"], nsds5replicalegacyconsumer=["off"], ) conn.add_entry(entry) @@ -756,6 +759,7 @@ class ReplicationManager(object): """ rep_dn = self.replica_dn() + group_dn = DN(('cn', 'replication managers'), ('cn', 'etc'), self.suffix) assert isinstance(rep_dn, DN) (a_dn, b_dn) = self.get_replica_principal_dns(a, b, retries=100) assert isinstance(a_dn, DN) @@ -772,6 +776,18 @@ class ReplicationManager(object): b.modify_s(rep_dn, mod) except ldap.TYPE_OR_VALUE_EXISTS: pass + # Add kerberos principal DNs as valid bindDNs to bindDN group + try: + mod = [(ldap.MOD_ADD, "member", b_dn)] + a.modify_s(group_dn, mod) + except ldap.TYPE_OR_VALUE_EXISTS: + pass + try: + mod = [(ldap.MOD_ADD, "member", a_dn)] + b.modify_s(group_dn, mod) + except ldap.TYPE_OR_VALUE_EXISTS: + pass + def gssapi_update_agreements(self, a, b): |