summaryrefslogtreecommitdiffstats
path: root/install/tools
diff options
context:
space:
mode:
Diffstat (limited to 'install/tools')
-rwxr-xr-xinstall/tools/ipa-compat-manage60
-rwxr-xr-xinstall/tools/ipa-nis-manage94
2 files changed, 100 insertions, 54 deletions
diff --git a/install/tools/ipa-compat-manage b/install/tools/ipa-compat-manage
index b22ce77f9..3128ed718 100755
--- a/install/tools/ipa-compat-manage
+++ b/install/tools/ipa-compat-manage
@@ -22,18 +22,12 @@
import sys
try:
from optparse import OptionParser
- from ipapython import entity, ipautil, config
+ from ipapython import ipautil, config
from ipaserver.install import installutils
- from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax, UPDATES_DIR
+ from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax
from ipaserver.plugins.ldap2 import ldap2
- from ipalib import errors
+ from ipalib import api, errors
import logging
- import re
- import krbV
- import platform
- import shlex
- import time
- import random
except ImportError:
print >> sys.stderr, """\
There was a problem importing one of the required Python modules. The
@@ -43,6 +37,8 @@ error was:
""" % sys.exc_value
sys.exit(1)
+netgroup_compat_dn = "cn=ng,cn=Schema Compatibility,cn=plugins,cn=config"
+
def parse_options():
usage = "%prog [options] <enable|disable>\n"
usage += "%prog [options]\n"
@@ -71,7 +67,7 @@ def get_dirman_password():
def main():
retval = 0
loglevel = logging.ERROR
- files=['/usr/share/ipa/schema_compat.uldif']
+ files = ['/usr/share/ipa/schema_compat.uldif']
options, args = parse_options()
if options.debug:
@@ -94,6 +90,9 @@ def main():
else:
dirman_password = get_dirman_password()
+ api.bootstrap(context='cli', debug=options.debug)
+ api.finalize()
+
conn = None
try:
ldapuri = 'ldap://%s' % installutils.get_fqdn()
@@ -102,42 +101,57 @@ def main():
conn.connect(
bind_dn='cn=directory manager', bind_pw=dirman_password
)
- except errors.LDAPError, e:
+ except errors.LDAPError, lde:
print "An error occurred while connecting to the server."
- print e
+ print lde
return 1
if args[0] == "enable":
try:
- conn.get_entry('cn=Schema Compatibility,cn=plugins,cn=config')
+ conn.get_entry('cn=Schema Compatibility,cn=plugins,cn=config', normalize=False)
print "Plugin already Enabled"
retval = 2
except errors.NotFound:
print "Enabling plugin"
- except errors.LDAPError, e:
+ except errors.LDAPError, lde:
print "An error occurred while talking to the server."
- print e
+ print lde
retval = 1
if retval == 0:
ld = LDAPUpdate(dm_password=dirman_password, sub_dict={})
- retval = ld.update(files)
- if retval == 0:
+ rv = ld.update(files)
+ if rv:
print "This setting will not take effect until you restart Directory Server."
+ else:
+ print "Updating Directory Server failed."
+ retval = 1
elif args[0] == "disable":
- # Make a quick hack foir now, directly delete the entries by name,
+ # We can't disable schema compat if the NIS plugin is enabled
+ try:
+ conn.get_entry(netgroup_compat_dn, normalize=False)
+ print "The NIS plugin is configured, cannot disable compatibility."
+ print "Run 'ipa-nis-manage disable' first."
+ return 2
+ except errors.NotFound:
+ pass
+ # Make a quick hack for now, directly delete the entries by name,
# In future we should add delete capabilites to LDAPUpdate
try:
- conn.delete_entry('cn=groups,cn=Schema Compatibility,cn=plugins,cn=config')
- conn.delete_entry('cn=users,cn=Schema Compatibility,cn=plugins,cn=config')
- conn.delete_entry('cn=Schema Compatibility,cn=plugins,cn=config')
+ conn.delete_entry('cn=groups,cn=Schema Compatibility,cn=plugins,cn=config', normalize=False)
+ conn.delete_entry('cn=users,cn=Schema Compatibility,cn=plugins,cn=config', normalize=False)
+ conn.delete_entry('cn=Schema Compatibility,cn=plugins,cn=config', normalize=False)
except errors.NotFound:
print "Plugin is already disabled"
retval = 2
- except errors.LDAPError, e:
+ except errors.DatabaseError, dbe:
+ print "An error occurred while talking to the server."
+ print lde
+ retval = 1
+ except errors.LDAPError, lde:
print "An error occurred while talking to the server."
- print e
+ print lde
retval = 1
else:
diff --git a/install/tools/ipa-nis-manage b/install/tools/ipa-nis-manage
index 22cfd432e..706b0e630 100755
--- a/install/tools/ipa-nis-manage
+++ b/install/tools/ipa-nis-manage
@@ -22,11 +22,11 @@
import sys
try:
from optparse import OptionParser
- from ipapython import entity, ipautil, config
+ from ipapython import ipautil, config
from ipaserver.install import installutils
- from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax, UPDATES_DIR
+ from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax
from ipaserver.plugins.ldap2 import ldap2
- from ipalib import errors
+ from ipalib import api, errors
import logging
except ImportError:
print >> sys.stderr, """\
@@ -38,6 +38,7 @@ error was:
sys.exit(1)
nis_config_dn = "cn=NIS Server, cn=plugins, cn=config"
+compat_dn = "cn=Schema Compatibility,cn=plugins,cn=config"
def parse_options():
usage = "%prog [options] <enable|disable>\n"
@@ -64,10 +65,14 @@ def get_dirman_password():
return password
-def get_nis_config(conn):
+def get_entry(dn, conn):
+ """
+ Return the entry for the given DN. If the entry is not found return
+ None.
+ """
entry = None
try:
- (dn, entry) = conn.get_entry(nis_config_dn)
+ (dn, entry) = conn.get_entry(dn, normalize=False)
except errors.NotFound:
pass
return entry
@@ -75,7 +80,7 @@ def get_nis_config(conn):
def main():
retval = 0
loglevel = logging.ERROR
- files=['/usr/share/ipa/nis.uldif']
+ files = ['/usr/share/ipa/nis.uldif']
servicemsg = ""
options, args = parse_options()
@@ -99,6 +104,9 @@ def main():
else:
dirman_password = get_dirman_password()
+ api.bootstrap(context='cli', debug=options.debug)
+ api.finalize()
+
conn = None
try:
ldapuri = 'ldap://%s' % installutils.get_fqdn()
@@ -107,62 +115,86 @@ def main():
conn.connect(
bind_dn='cn=directory manager', bind_pw=dirman_password
)
- except errors.LDAPError, e:
+ except errors.LDAPError, lde:
print "An error occurred while connecting to the server."
- print e
+ print lde
return 1
if args[0] == "enable":
+ compat = get_entry(compat_dn, conn)
+ if compat is None:
+ print "The compat plugin needs to be enabled: ipa-compat-manage enable"
+ return 1
entry = None
try:
- entry = get_nis_config(conn)
- except errors.LDAPError, e:
+ entry = get_entry(nis_config_dn, conn)
+ except errors.LDAPError, lde:
print "An error occurred while talking to the server."
- print e
+ print lde
retval = 1
# Enable either the portmap or rpcbind service
try:
ipautil.run(["/sbin/chkconfig", "portmap", "on"])
servicemsg = "portmap"
- except ipautil.CalledProcessError, e:
- if e.returncode == 1:
+ except ipautil.CalledProcessError, cpe:
+ if cpe.returncode == 1:
try:
ipautil.run(["/sbin/chkconfig", "rpcbind", "on"])
servicemsg = "rpcbind"
- except ipautil.CalledProcessError, e:
+ except ipautil.CalledProcessError, cpe:
print "Unable to enable either portmap or rpcbind"
retval = 3
- if entry is None:
+ # The cn=config entry for the plugin may already exist but it
+ # could be turned off, handle both cases.
+ if (entry is None or
+ entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'off'):
+ # Already configured, just enable the plugin
print "Enabling plugin"
-
- if entry is None:
- # Load the plugin configuration
- ld = LDAPUpdate(dm_password=dirman_password, sub_dict={})
- retval = ld.update(files)
+ ld = LDAPUpdate(dm_password=dirman_password, sub_dict={})
+ if ld.update(files) != True:
+ retval = 1
+ mod = {'nsslapd-pluginenabled': 'on'}
+ try:
+ conn.update_entry(nis_config_dn, mod, normalize=False)
+ except errors.EmptyModlist:
+ # plugin is already enabled, silently continue
+ pass
else:
- if entry.get('nsslapd-pluginenabled', '').lower() == 'off':
- # Already configured, just enable the plugin
- print "Enabling plugin"
- mod = {'nsslapd-pluginenabled': 'on'}
- conn.update_entry(nis_config_dn, mod)
- else:
- print "Plugin already Enabled"
- retval = 2
+ print "Plugin already Enabled"
+ retval = 2
elif args[0] == "disable":
try:
mod = {'nsslapd-pluginenabled': 'off'}
- conn.update_entry(nis_config_dn, mod)
+ conn.update_entry(nis_config_dn, mod, normalize=False)
except errors.NotFound:
print "Plugin is already disabled"
retval = 2
- except errors.LDAPError, e:
+ except errors.EmptyModlist:
+ print "Plugin is already disabled"
+ retval = 2
+ except errors.LDAPError, lde:
print "An error occurred while talking to the server."
- print e
+ print lde
retval = 1
+ # delete the netgroups compat area.
+ try:
+ conn.delete_entry('cn=ng,cn=Schema Compatibility,cn=plugins,cn=config', normalize=False)
+ except errors.NotFound:
+ pass
+ except errors.DatabaseError, dbe:
+ print "An error occurred while talking to the server."
+ print lde
+ retval = 1
+ except errors.LDAPError, lde:
+ print "An error occurred while talking to the server."
+ print lde
+ retval = 1
+
+
else:
retval = 1