diff options
Diffstat (limited to 'ipaserver/install/dsinstance.py')
| -rw-r--r-- | ipaserver/install/dsinstance.py | 102 |
1 files changed, 0 insertions, 102 deletions
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 49289d483..a7d1b6474 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -1282,105 +1282,3 @@ class DsInstance(service.Service): # check for open secure port 636 from now on self.open_ports.append(636) - - def update_dna_shared_config(self, method="SASL/GSSAPI", protocol="LDAP"): - - dna_bind_method = "dnaRemoteBindMethod" - dna_conn_protocol = "dnaRemoteConnProtocol" - dna_plugin = DN(('cn', 'Distributed Numeric Assignment Plugin'), - ('cn', 'plugins'), - ('cn', 'config')) - dna_config_base = DN(('cn', 'posix IDs'), dna_plugin) - - conn = self.admin_conn - - # Check the plugin is enabled else it is useless to update - # the shared entry - try: - entry = conn.get_entry(dna_plugin) - if entry.single_value.get('nsslapd-pluginenabled') == 'off': - return - except errors.NotFound: - root_logger.error("Could not find DNA plugin entry: %s" % - dna_config_base) - return - - try: - entry = conn.get_entry(dna_config_base) - except errors.NotFound: - root_logger.error("Could not find DNA config entry: %s" % - dna_config_base) - return - - sharedcfgdn = entry.single_value.get("dnaSharedCfgDN") - if sharedcfgdn is not None: - sharedcfgdn = DN(sharedcfgdn) - else: - root_logger.error( - "Could not find DNA shared config DN in entry: %s" % - dna_config_base) - return - - # - # Update the shared config entry related to that host - # - # If the shared config entry already exists (like upgrade) - # the update occurs immediately without sleep. - # - # If the shared config entry does not exist (fresh install) - # DS server waits for 30s after its startup to create it. - # Startup likely occurred few sec before this function is - # called so this loop will wait for 30s max. - # - # In case the server is not able to create the entry - # The loop gives a grace period of 60s before logging - # the failure to update the shared config entry and return - # - max_wait = 30 - for _i in range(0, max_wait + 1): - try: - entries = conn.get_entries( - sharedcfgdn, scope=ldap.SCOPE_ONELEVEL, - filter='dnaHostname=%s' % self.fqdn - ) - break - except errors.NotFound: - root_logger.debug( - "Unable to find DNA shared config entry for " - "dnaHostname=%s (under %s) so far. Retry in 2 sec." % - (self.fqdn, sharedcfgdn) - ) - time.sleep(2) - else: - root_logger.error( - "Could not get dnaHostname entries in {} seconds".format( - max_wait * 2) - ) - return - - # If there are several entries, all of them will be updated - # just log a debug msg. This is likely the result of #5510 - if len(entries) != 1: - root_logger.debug( - "%d entries dnaHostname=%s under %s. One expected" % - (len(entries), self.fqdn, sharedcfgdn) - ) - - # time to set the bind method and the protocol in the - # shared config entries - for entry in entries: - mod = [] - if entry.single_value.get(dna_bind_method) != method: - mod.append((ldap.MOD_REPLACE, dna_bind_method, method)) - - if entry.single_value.get(dna_conn_protocol) != method: - mod.append((ldap.MOD_REPLACE, dna_conn_protocol, protocol)) - - if mod: - try: - conn.modify_s(entry.dn, mod) - except Exception as e: - root_logger.error( - "Failed to set SASL/GSSAPI bind method/protocol " - "in entry {}: {}".format(entry, e) - ) |