diff options
| author | Martin Babinsky <mbabinsk@redhat.com> | 2016-01-14 17:15:31 +0100 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2016-02-01 15:14:13 +0100 |
| commit | 23f5edb4be08b359c6acd8a18a5e23c3dd784136 (patch) | |
| tree | 8808d943322deab0d3f84ebd9a36b306efa80263 /ipaserver | |
| parent | 465ce82a4d098c4c419913f30a1a028afc7ae445 (diff) | |
| download | freeipa-23f5edb4be08b359c6acd8a18a5e23c3dd784136.tar.gz freeipa-23f5edb4be08b359c6acd8a18a5e23c3dd784136.tar.xz freeipa-23f5edb4be08b359c6acd8a18a5e23c3dd784136.zip | |
reset ldap.conf to point to newly installer replica after promotion
When promoting a client to replica reset openldap client config so that it no
longer uses remote master as default LDAP hosts but uses local connection to
replica. Also make sure that the behavior regarding editing of user-customized
config is consistent with the client installer.
https://fedorahosted.org/freeipa/ticket/5488
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/install/server/replicainstall.py | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index d110a1977..3a3bbc092 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -448,6 +448,49 @@ def promote_sssd(host_name): root_logger.warning("SSSD service restart was unsuccessful.") +def promote_openldap_conf(hostname, master): + """ + Reset the URI directive in openldap-client configuration file to point to + newly promoted replica. If this directive was set by third party, then + replace the added comment with the one pointing to replica + + :param hostname: replica FQDN + :param master: FQDN of remote master + """ + + ldap_conf = paths.OPENLDAP_LDAP_CONF + + ldap_change_conf = ipaclient.ipachangeconf.IPAChangeConf( + "IPA replica installer") + ldap_change_conf.setOptionAssignment((" ", "\t")) + + new_opts = [] + + with open(ldap_conf, 'r') as f: + old_opts = ldap_change_conf.parse(f) + + for opt in old_opts: + if opt['type'] == 'comment' and master in opt['value']: + continue + elif (opt['type'] == 'option' and opt['name'] == 'URI' and + master in opt['value']): + continue + new_opts.append(opt) + + change_opts = [ + {'action': 'addifnotset', + 'name': 'URI', + 'type': 'option', + 'value': 'ldaps://' + hostname} + ] + + try: + ldap_change_conf.newConf(ldap_conf, new_opts) + ldap_change_conf.changeConf(ldap_conf, change_opts) + except Exception as e: + root_logger.info("Failed to update {}: {}".format(ldap_conf, e)) + + @common_cleanup def install_check(installer): options = installer @@ -1417,6 +1460,7 @@ def promote(installer): custodia.import_dm_password(config.master_host_name) promote_sssd(config.host_name) + promote_openldap_conf(config.host_name, config.master_host_name) # Switch API so that it uses the new servr configuration server_api = create_api(mode=None) |