From 13c4631813b7e8ac4afc8d5f350ef136c7107d89 Mon Sep 17 00:00:00 2001
From: Martin Basti <mbasti@redhat.com>
Date: Tue, 17 Mar 2015 16:11:48 +0100
Subject: Server Upgrade: use only LDAPI connection

Use only ldapi connection to execute upgrade

https://fedorahosted.org/freeipa/ticket/4904

Reviewed-By: David Kupka <dkupka@redhat.com>
---
 install/tools/man/ipa-ldap-updater.1  |  9 ---------
 ipaserver/install/ipa_ldap_updater.py | 33 ++-------------------------------
 ipaserver/install/ldapupdate.py       |  2 +-
 3 files changed, 3 insertions(+), 41 deletions(-)

diff --git a/install/tools/man/ipa-ldap-updater.1 b/install/tools/man/ipa-ldap-updater.1
index 5ab77e047..83da26d5d 100644
--- a/install/tools/man/ipa-ldap-updater.1
+++ b/install/tools/man/ipa-ldap-updater.1
@@ -81,21 +81,12 @@ Schema files should be in LDIF format, and may only specify attributeTypes and o
 \fB\-d\fR, \fB\-\-debug\fR
 Enable debug logging when more verbose output is needed
 .TP
-\fB\-y\fR
-File containing the Directory Manager password
-.TP
-\fB\-l\fR, \fB\-\-ldapi\fR
-Connect to the LDAP server using the ldapi socket
-.TP
 \fB\-p\fR, \fB\-\-plugins\fR
 Execute update plugins as well as any update files. There is no way to execute only the plugins.
 .TP
 \fB\-u\fR, \fB\-\-upgrade\fR
 Upgrade an installed server in offline mode (implies \-\-ldapi, \-\-plugins, and \-\-schema)
 .TP
-\fB\-W\fR, \fB\-\-password\fR
-Prompt for the Directory Manager password
-.TP
 \fB\-s\fR, \fB\-\-schema\fR
 Also update the LDAP schema. If no \-\-schema-file is specified, update to the built-in IPA schema.
 .TP
diff --git a/ipaserver/install/ipa_ldap_updater.py b/ipaserver/install/ipa_ldap_updater.py
index 3d6c80437..95688c591 100644
--- a/ipaserver/install/ipa_ldap_updater.py
+++ b/ipaserver/install/ipa_ldap_updater.py
@@ -45,12 +45,6 @@ class LDAPUpdater(admintool.AdminTool):
     @classmethod
     def add_options(cls, parser):
         super(LDAPUpdater, cls).add_options(parser, debug_option=True)
-
-        parser.add_option("-y", dest="password",
-            help="file containing the Directory Manager password")
-        parser.add_option("-l", '--ldapi', action="store_true", dest="ldapi",
-            default=False,
-            help="connect to the LDAP server using the ldapi socket")
         parser.add_option("-u", '--upgrade', action="store_true",
             dest="upgrade", default=False,
             help="upgrade an installed server in offline mode")
@@ -65,9 +59,6 @@ class LDAPUpdater(admintool.AdminTool):
         parser.add_option("-S", '--schema-file', action="append",
             dest="schema_files",
             help="custom schema ldif file to use (implies -s)")
-        parser.add_option("-W", '--password', action="store_true",
-            dest="ask_password",
-            help="prompt for the Directory Manager password")
 
     @classmethod
     def get_command_class(cls, options, args):
@@ -96,12 +87,6 @@ class LDAPUpdater(admintool.AdminTool):
             print "IPA is not configured on this system."
             sys.exit(1)
 
-        if options.password:
-            pw = ipautil.template_file(options.password, [])
-            self.dirman_password = pw.strip()
-        else:
-            self.dirman_password = None
-
         if options.schema_files or not self.files:
             options.update_schema = True
         if not options.schema_files:
@@ -171,18 +156,6 @@ class LDAPUpdater_NonUpgrade(LDAPUpdater):
                 # Can't log to the default file as non-root
                 self.log_file_name = None
 
-    def ask_for_options(self):
-        super(LDAPUpdater_NonUpgrade, self).ask_for_options()
-        options = self.options
-        if not self.dirman_password:
-            if options.ask_password or not options.ldapi:
-                password = installutils.read_password("Directory Manager",
-                    confirm=False, validate=False)
-                if password is None:
-                    raise admintool.ScriptError(
-                        "Directory Manager password required")
-                self.dirman_password = password
-
     def run(self):
         super(LDAPUpdater_NonUpgrade, self).run()
         options = self.options
@@ -192,13 +165,11 @@ class LDAPUpdater_NonUpgrade(LDAPUpdater):
         if options.update_schema:
             modified = schemaupdate.update_schema(
                 options.schema_files,
-                dm_password=self.dirman_password,
-                ldapi=options.ldapi) or modified
+                ldapi=True) or modified
 
         ld = LDAPUpdate(
-            dm_password=self.dirman_password,
             sub_dict={},
-            ldapi=options.ldapi,
+            ldapi=True,
             plugins=options.plugins or self.run_plugins)
 
         if not self.files:
diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py
index 199b23ba8..077de3bd6 100644
--- a/ipaserver/install/ldapupdate.py
+++ b/ipaserver/install/ldapupdate.py
@@ -112,7 +112,7 @@ def safe_output(attr, values):
 class LDAPUpdate:
     action_keywords = ["default", "add", "remove", "only", "onlyifexist", "deleteentry", "replace", "addifnew", "addifexist"]
 
-    def __init__(self, dm_password, sub_dict={},
+    def __init__(self, dm_password=None, sub_dict={},
                  online=True, ldapi=False, plugins=False):
         '''
         :parameters:
-- 
cgit