diff options
author | Tomas Babej <tbabej@redhat.com> | 2014-09-22 12:19:26 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-09-30 10:42:06 +0200 |
commit | b9425751b421484c97375df956ccda3cb9dc0e70 (patch) | |
tree | 13d088a4eedaf374031096601267c05e95b7b5d5 /ipaserver | |
parent | 2131187ea9e05a739553df7cfc87a688df569d8c (diff) | |
download | freeipa-b9425751b421484c97375df956ccda3cb9dc0e70.tar.gz freeipa-b9425751b421484c97375df956ccda3cb9dc0e70.tar.xz freeipa-b9425751b421484c97375df956ccda3cb9dc0e70.zip |
idviews: Add Default Trust View as part of adtrustinstall
Add a Default Trust View, which is used by SSSD as default mapping for AD users.
Part of: https://fedorahosted.org/freeipa/ticket/3979
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/adtrustinstance.py | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/ipaserver/install/adtrustinstance.py b/ipaserver/install/adtrustinstance.py index 4ba14d4a4..b4d644fdb 100644 --- a/ipaserver/install/adtrustinstance.py +++ b/ipaserver/install/adtrustinstance.py @@ -237,6 +237,27 @@ class ADTRUSTInstance(service.Service): except: self.print_msg("Failed to modify IPA admin group object") + def __add_default_trust_view(self): + default_view_dn = DN(('cn', 'Default Trust View'), + api.env.container_views, self.suffix) + + try: + self.admin_conn.get_entry(default_view_dn) + except errors.NotFound: + try: + self._ldap_mod('default-trust-view.ldif', self.sub_dict) + except Exception, e: + self.print_msg("Failed to add default trust view.") + raise e + else: + self.print_msg("Default Trust View already exists.") + + # _ldap_mod does not return useful error codes, so we must check again + # if the default trust view was created properly. + try: + self.admin_conn.get_entry(default_view_dn) + except errors.NotFound: + self.print_msg("Failed to add Default Trust View.") def __add_fallback_group(self): """ @@ -847,6 +868,7 @@ class ADTRUSTInstance(service.Service): self.step("restarting Directory Server to take MS PAC and LDAP plugins changes into account", \ self.__restart_dirsrv) self.step("adding fallback group", self.__add_fallback_group) + self.step("adding Default Trust View", self.__add_default_trust_view) self.step("setting SELinux booleans", \ self.__configure_selinux_for_smbd) self.step("starting CIFS services", self.__start) |