diff options
author | Rob Crittenden <rcritten@redhat.com> | 2010-07-14 13:56:46 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2010-07-15 11:18:11 -0400 |
commit | ed488c63496b3a99169c3f84282bf943c6b36b5a (patch) | |
tree | 7a4a51346a9013823ea752cb1b3130cc00496c6a /install/tools/ipa-compat-manage | |
parent | 18476c95384ef242923398bbf1985a002dcc87b6 (diff) | |
download | freeipa-ed488c63496b3a99169c3f84282bf943c6b36b5a.tar.gz freeipa-ed488c63496b3a99169c3f84282bf943c6b36b5a.tar.xz freeipa-ed488c63496b3a99169c3f84282bf943c6b36b5a.zip |
Fix ipa-compat-manage and ipa-nis-manage
Neither of these was working properly, I assume due to changes in the ldap
backend. The normalizer now appends the basedn if it isn't included and
this was causing havoc with these utilities.
After fixing the basics I found a few corner cases that I also addressed:
- you can't/shouldn't disable compat if the nis plugin is enabled
- we always want to load the nis LDAP update so we get the netgroup config
- LDAPupdate.update() returns True/False, not an integer
I took some time and fixed up some things pylint complained about too.
Ticket #83
Diffstat (limited to 'install/tools/ipa-compat-manage')
-rwxr-xr-x | install/tools/ipa-compat-manage | 60 |
1 files changed, 37 insertions, 23 deletions
diff --git a/install/tools/ipa-compat-manage b/install/tools/ipa-compat-manage index b22ce77f9..3128ed718 100755 --- a/install/tools/ipa-compat-manage +++ b/install/tools/ipa-compat-manage @@ -22,18 +22,12 @@ import sys try: from optparse import OptionParser - from ipapython import entity, ipautil, config + from ipapython import ipautil, config from ipaserver.install import installutils - from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax, UPDATES_DIR + from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax from ipaserver.plugins.ldap2 import ldap2 - from ipalib import errors + from ipalib import api, errors import logging - import re - import krbV - import platform - import shlex - import time - import random except ImportError: print >> sys.stderr, """\ There was a problem importing one of the required Python modules. The @@ -43,6 +37,8 @@ error was: """ % sys.exc_value sys.exit(1) +netgroup_compat_dn = "cn=ng,cn=Schema Compatibility,cn=plugins,cn=config" + def parse_options(): usage = "%prog [options] <enable|disable>\n" usage += "%prog [options]\n" @@ -71,7 +67,7 @@ def get_dirman_password(): def main(): retval = 0 loglevel = logging.ERROR - files=['/usr/share/ipa/schema_compat.uldif'] + files = ['/usr/share/ipa/schema_compat.uldif'] options, args = parse_options() if options.debug: @@ -94,6 +90,9 @@ def main(): else: dirman_password = get_dirman_password() + api.bootstrap(context='cli', debug=options.debug) + api.finalize() + conn = None try: ldapuri = 'ldap://%s' % installutils.get_fqdn() @@ -102,42 +101,57 @@ def main(): conn.connect( bind_dn='cn=directory manager', bind_pw=dirman_password ) - except errors.LDAPError, e: + except errors.LDAPError, lde: print "An error occurred while connecting to the server." - print e + print lde return 1 if args[0] == "enable": try: - conn.get_entry('cn=Schema Compatibility,cn=plugins,cn=config') + conn.get_entry('cn=Schema Compatibility,cn=plugins,cn=config', normalize=False) print "Plugin already Enabled" retval = 2 except errors.NotFound: print "Enabling plugin" - except errors.LDAPError, e: + except errors.LDAPError, lde: print "An error occurred while talking to the server." - print e + print lde retval = 1 if retval == 0: ld = LDAPUpdate(dm_password=dirman_password, sub_dict={}) - retval = ld.update(files) - if retval == 0: + rv = ld.update(files) + if rv: print "This setting will not take effect until you restart Directory Server." + else: + print "Updating Directory Server failed." + retval = 1 elif args[0] == "disable": - # Make a quick hack foir now, directly delete the entries by name, + # We can't disable schema compat if the NIS plugin is enabled + try: + conn.get_entry(netgroup_compat_dn, normalize=False) + print "The NIS plugin is configured, cannot disable compatibility." + print "Run 'ipa-nis-manage disable' first." + return 2 + except errors.NotFound: + pass + # Make a quick hack for now, directly delete the entries by name, # In future we should add delete capabilites to LDAPUpdate try: - conn.delete_entry('cn=groups,cn=Schema Compatibility,cn=plugins,cn=config') - conn.delete_entry('cn=users,cn=Schema Compatibility,cn=plugins,cn=config') - conn.delete_entry('cn=Schema Compatibility,cn=plugins,cn=config') + conn.delete_entry('cn=groups,cn=Schema Compatibility,cn=plugins,cn=config', normalize=False) + conn.delete_entry('cn=users,cn=Schema Compatibility,cn=plugins,cn=config', normalize=False) + conn.delete_entry('cn=Schema Compatibility,cn=plugins,cn=config', normalize=False) except errors.NotFound: print "Plugin is already disabled" retval = 2 - except errors.LDAPError, e: + except errors.DatabaseError, dbe: + print "An error occurred while talking to the server." + print lde + retval = 1 + except errors.LDAPError, lde: print "An error occurred while talking to the server." - print e + print lde retval = 1 else: |