diff options
| -rw-r--r-- | install/share/ldapi.ldif | 6 | ||||
| -rwxr-xr-x | install/tools/ipa-replica-install | 1 | ||||
| -rwxr-xr-x | install/tools/ipa-server-install | 1 | ||||
| -rw-r--r-- | ipalib/constants.py | 2 | ||||
| -rw-r--r-- | ipaserver/install/dsinstance.py | 4 | ||||
| -rw-r--r-- | ipaserver/plugins/ldap2.py | 31 |
6 files changed, 23 insertions, 22 deletions
diff --git a/install/share/ldapi.ldif b/install/share/ldapi.ldif new file mode 100644 index 000000000..607506fd1 --- /dev/null +++ b/install/share/ldapi.ldif @@ -0,0 +1,6 @@ +# Enable the ldapi listener +dn: cn=config +changetype: modify +replace: nsslapd-ldapilisten +nsslapd-ldapilisten: on + diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index f56ff7a6b..d76ec0551 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -332,6 +332,7 @@ def main(): fd.write("realm=" + config.realm_name + "\n") fd.write("domain=" + config.domain_name + "\n") fd.write("xmlrpc_uri=https://%s/ipa/xml\n" % config.host_name) + fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % dsinstance.realm_to_serverid(realm_name)) if ipautil.file_exists(config.dir + "/ca.p12"): fd.write("enable_ra=True\n") fd.close() diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index e364db592..c09b24de5 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -575,6 +575,7 @@ def main(): fd.write("realm=" + realm_name + "\n") fd.write("domain=" + domain_name + "\n") fd.write("xmlrpc_uri=https://%s/ipa/xml\n" % host_name) + fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % dsinstance.realm_to_serverid(realm_name)) if options.ca: fd.write("enable_ra=True\n") fd.close() diff --git a/ipalib/constants.py b/ipalib/constants.py index 6927cf22f..ed396de0a 100644 --- a/ipalib/constants.py +++ b/ipalib/constants.py @@ -103,8 +103,6 @@ DEFAULT_CONFIG = ( ('lite_webui_port', 9999), ('xmlrpc_uri', 'http://localhost:8888'), ('ldap_uri', 'ldap://localhost:389'), - ('ldap_host', 'localhost'), - ('ldap_port', 389), # Debugging: ('verbose', False), diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index d7394e561..061b827bc 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -169,6 +169,7 @@ class DsInstance(service.Service): self.step("enabling memberof plugin", self.__add_memberof_module) self.step("enabling referential integrity plugin", self.__add_referint_module) self.step("enabling winsync plugin", self.__add_winsync_module) + self.step("enabling ldapi", self.__enable_ldapi) self.step("configuring uniqueness plugin", self.__set_unique_attrs) self.step("creating indices", self.__create_indices) self.step("configuring ssl for ds instance", self.__enable_ssl) @@ -374,6 +375,9 @@ class DsInstance(service.Service): shutil.copyfile(ipautil.SHARE_DIR + "certmap.conf.template", config_dirname(self.serverid) + "certmap.conf") + def __enable_ldapi(self): + self._ldap_mod("ldapi.ldif", self.sub_dict) + def change_admin_password(self, password): logging.debug("Changing admin password") dirname = config_dirname(self.serverid) diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index 9587cbe2e..6e3c86946 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -115,9 +115,7 @@ def _get_url(host, port, using_cacert=False): return 'ldap://%s:%d' % (host, port) # retrieves LDAP schema from server -def _load_schema(host, port): - url = _get_url(host, port) - +def _load_schema(url): try: conn = _ldap.initialize(url) # assume anonymous access is enabled @@ -136,7 +134,7 @@ def _load_schema(host, port): return _ldap.schema.SubSchema(schema_entry[1]) # cache schema when importing module -_schema = _load_schema(api.env.ldap_host, api.env.ldap_port) +_schema = _load_schema(api.env.ldap_uri) def _get_syntax(attr, value): schema = api.Backend.ldap2._schema @@ -164,28 +162,25 @@ class ldap2(CrudBackend, Encoder): self.encoder_settings.decode_dict_vals_table = _syntax_mapping self.encoder_settings.decode_dict_vals_table_keygen = _get_syntax self.encoder_settings.decode_postprocessor = lambda x: string.lower(x) - self._host = api.env.ldap_host - self._port = api.env.ldap_port + self._ldapuri = api.env.ldap_uri self._schema = _schema - self._ssl = False CrudBackend.__init__(self) def __del__(self): self.disconnect() def __str__(self): - return _get_url(self._host, self._port, self._ssl) + return self._ldapuri @encode_args(3, 4, 'bind_dn', 'bind_pw') - def create_connection(self, host=None, port=None, ccache=None, + def create_connection(self, ldapuri=None, ccache=None, bind_dn='', bind_pw='', debug_level=255, tls_cacertfile=None, tls_certfile=None, tls_keyfile=None): """ Connect to LDAP server. Keyword arguments: - host -- hostname or IP of the server. - port -- port number + ldapuri -- the LDAP server to connect to ccache -- Kerberos V5 ccache name bind_dn -- dn used to bind to the server bind_pw -- password used to bind to the server @@ -196,25 +191,21 @@ class ldap2(CrudBackend, Encoder): Extends backend.Connectible.create_connection. """ - if host is not None: - self._host = host - if port is not None: - self._port = port + if ldapuri is not None: + self._ldapuri = ldapuri # if we don't have this server's schema cached, do it now - if self._host != api.env.ldap_host or self._port != api.env.ldap_port: - self._schema = _load_schema(self._host, self._port) + if self._ldapuri != api.env.ldap_uri: + self._schema = _load_schema(self._ldapuri) if tls_cacertfile is not None: _ldap.set_option(_ldap.OPT_X_TLS_CACERTFILE, tls_cacertfile) - self._ssl = True if tls_certfile is not None: _ldap.set_option(_ldap.OPT_X_TLS_CERTFILE, tls_certfile) - self._ssl = True if tls_keyfile is not None: _ldap.set_option(_ldap.OPT_X_TLS_KEYFILE, tls_keyfile) - conn = _ldap.initialize(str(self)) + conn = _ldap.initialize(self._ldapuri) if ccache is not None: os.environ['KRB5CCNAME'] = ccache conn.sasl_interactive_bind_s('', _sasl_auth) |