diff options
Diffstat (limited to 'install')
-rw-r--r-- | install/certmonger/dogtag-ipa-retrieve-agent-submit | 4 | ||||
-rw-r--r-- | install/migration/migration.py | 5 | ||||
-rw-r--r-- | install/restart_scripts/renew_ca_cert | 4 | ||||
-rw-r--r-- | install/restart_scripts/renew_ra_cert | 8 | ||||
-rwxr-xr-x | install/tools/ipa-adtrust-install | 1 | ||||
-rwxr-xr-x | install/tools/ipa-compat-manage | 7 | ||||
-rw-r--r-- | install/tools/ipa-compliance | 5 | ||||
-rwxr-xr-x | install/tools/ipa-csreplica-manage | 41 | ||||
-rwxr-xr-x | install/tools/ipa-dns-install | 2 | ||||
-rwxr-xr-x | install/tools/ipa-managed-entries | 19 | ||||
-rwxr-xr-x | install/tools/ipa-nis-manage | 7 | ||||
-rwxr-xr-x | install/tools/ipa-replica-install | 19 | ||||
-rwxr-xr-x | install/tools/ipa-replica-manage | 69 | ||||
-rwxr-xr-x | install/tools/ipa-replica-prepare | 14 | ||||
-rwxr-xr-x | install/tools/ipa-server-certinstall | 5 | ||||
-rwxr-xr-x | install/tools/ipa-server-install | 18 | ||||
-rw-r--r-- | install/tools/ipa-upgradeconfig | 2 | ||||
-rwxr-xr-x | install/tools/ipactl | 15 |
18 files changed, 126 insertions, 119 deletions
diff --git a/install/certmonger/dogtag-ipa-retrieve-agent-submit b/install/certmonger/dogtag-ipa-retrieve-agent-submit index 24e1844a5..6d54000d6 100644 --- a/install/certmonger/dogtag-ipa-retrieve-agent-submit +++ b/install/certmonger/dogtag-ipa-retrieve-agent-submit @@ -29,7 +29,7 @@ import tempfile import krbV import syslog from ipalib import api -from ipalib.dn import DN +from ipapython.dn import DN from ipalib import errors from ipalib import x509 from ipapython import services as ipaservices @@ -52,7 +52,7 @@ api.finalize() # Update or add it tmpdir = tempfile.mkdtemp(prefix = "tmp-") try: - dn = str(DN(('cn',nickname),('cn=ca_renewal,cn=ipa,cn=etc'),(api.env.basedn))) + dn = DN(('cn', nickname), ('cn', 'ca_renewal'), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn) principal = str('host/%s@%s' % (api.env.host, api.env.realm)) ccache = ipautil.kinit_hostprincipal('/etc/krb5.keytab', tmpdir, principal) conn = ldap2(shared_instance=False, ldap_uri=api.env.ldap_uri) diff --git a/install/migration/migration.py b/install/migration/migration.py index 449d35c66..e0ada1310 100644 --- a/install/migration/migration.py +++ b/install/migration/migration.py @@ -27,6 +27,7 @@ import ldap import wsgiref from ipapython.ipa_log_manager import * from ipapython.ipautil import get_ipa_basedn +from ipapython.dn import DN BASE_DN = '' LDAP_URI = 'ldaps://localhost:636' @@ -80,10 +81,10 @@ def bind(username, password): if not base_dn: root_logger.error('migration unable to get base dn') raise IOError(errno.EIO, 'Cannot get Base DN') - bind_dn = 'uid=%s,cn=users,cn=accounts,%s' % (username, base_dn) + bind_dn = DN(('uid', username), ('cn', 'users'), ('cn', 'accounts'), base_dn) try: conn = ldap.initialize(LDAP_URI) - conn.simple_bind_s(bind_dn, password) + conn.simple_bind_s(str(bind_dn), password) except (ldap.INVALID_CREDENTIALS, ldap.UNWILLING_TO_PERFORM, ldap.NO_SUCH_OBJECT), e: root_logger.error('migration invalid credentials for %s: %s' % (bind_dn, convert_exception(e))) diff --git a/install/restart_scripts/renew_ca_cert b/install/restart_scripts/renew_ca_cert index d3b756042..e4374eca5 100644 --- a/install/restart_scripts/renew_ca_cert +++ b/install/restart_scripts/renew_ca_cert @@ -26,7 +26,7 @@ import tempfile import krbV import syslog from ipalib import api -from ipalib.dn import DN +from ipapython.dn import DN from ipalib import errors from ipapython import services as ipaservices from ipapython import ipautil @@ -50,7 +50,7 @@ if not cert: # Update or add it tmpdir = tempfile.mkdtemp(prefix = "tmp-") try: - dn = str(DN(('cn',nickname),('cn=ca_renewal,cn=ipa,cn=etc'),(api.env.basedn))) + dn = DN(('cn',nickname), ('cn', 'ca_renewal'), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn) principal = str('host/%s@%s' % (api.env.host, api.env.realm)) ccache = ipautil.kinit_hostprincipal('/etc/krb5.keytab', tmpdir, principal) conn = ldap2(shared_instance=False, ldap_uri=api.env.ldap_uri) diff --git a/install/restart_scripts/renew_ra_cert b/install/restart_scripts/renew_ra_cert index 2fcf1a79b..14cbc114c 100644 --- a/install/restart_scripts/renew_ra_cert +++ b/install/restart_scripts/renew_ra_cert @@ -29,7 +29,7 @@ from ipapython import ipautil from ipaserver.install import certs from ipaserver.install.cainstance import DEFAULT_DSPORT from ipalib import api -from ipalib.dn import DN +from ipapython.dn import DN from ipalib import x509 from ipalib import errors from ipaserver.plugins.ldap2 import ldap2 @@ -45,7 +45,7 @@ subject = x509.get_subject(cert, datatype=x509.DER) issuer = x509.get_issuer(cert, datatype=x509.DER) # Load it into dogtag -dn = str(DN(('uid','ipara'),('ou','People'),('o','ipaca'))) +dn = DN(('uid','ipara'),('ou','People'),('o','ipaca')) try: dm_password = get_pin('internaldb') @@ -55,7 +55,7 @@ except IOError, e: try: conn = ldap2(shared_instance=False, ldap_uri='ldap://localhost:%d' % DEFAULT_DSPORT) - conn.connect(bind_dn='cn=directory manager', bind_pw=dm_password) + conn.connect(bind_dn=DN(('cn', 'directory manager')), bind_pw=dm_password) (entry_dn, entry_attrs) = conn.get_entry(dn, ['usercertificate'], normalize=False) entry_attrs['usercertificate'].append(cert) entry_attrs['description'] = '2;%d;%s;%s' % (serial_number, issuer, subject) @@ -68,7 +68,7 @@ except Exception, e: # Store it in the IPA LDAP server tmpdir = tempfile.mkdtemp(prefix = "tmp-") try: - dn = str(DN(('cn','ipaCert'),('cn=ca_renewal,cn=ipa,cn=etc'),(api.env.basedn))) + dn = DN(('cn','ipaCert'), ('cn', 'ca_renewal'), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn) principal = str('host/%s@%s' % (api.env.host, api.env.realm)) ccache = ipautil.kinit_hostprincipal('/etc/krb5.keytab', tmpdir, principal) conn = ldap2(shared_instance=False, ldap_uri=api.env.ldap_uri) diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install index 02a309306..8cea077cc 100755 --- a/install/tools/ipa-adtrust-install +++ b/install/tools/ipa-adtrust-install @@ -32,6 +32,7 @@ from ipapython.config import IPAOptionParser import krbV import ldap from ipapython.ipa_log_manager import * +from ipapython.dn import DN log_file_name = "/var/log/ipaserver-install.log" diff --git a/install/tools/ipa-compat-manage b/install/tools/ipa-compat-manage index f7564e0c5..e88d92286 100755 --- a/install/tools/ipa-compat-manage +++ b/install/tools/ipa-compat-manage @@ -28,6 +28,7 @@ try: from ipaserver.plugins.ldap2 import ldap2 from ipalib import api, errors from ipapython.ipa_log_manager import * + from ipapython.dn import DN except ImportError: print >> sys.stderr, """\ There was a problem importing one of the required Python modules. The @@ -37,8 +38,8 @@ error was: """ % sys.exc_value sys.exit(1) -compat_dn = "cn=Schema Compatibility,cn=plugins,cn=config" -nis_config_dn = "cn=NIS Server,cn=plugins,cn=config" +compat_dn = DN(('cn', 'Schema Compatibility'), ('cn', 'plugins'), ('cn', 'config')) +nis_config_dn = DN(('cn', 'NIS Server'), ('cn', 'plugins'), ('cn', 'config')) def parse_options(): usage = "%prog [options] <enable|disable>\n" @@ -107,7 +108,7 @@ def main(): try: conn = ldap2(shared_instance=False, base_dn='') conn.connect( - bind_dn='cn=directory manager', bind_pw=dirman_password + bind_dn=DN(('cn', 'directory manager')), bind_pw=dirman_password ) except errors.ExecutionError, lde: sys.exit("An error occurred while connecting to the server.\n%s\n" % str(lde)) diff --git a/install/tools/ipa-compliance b/install/tools/ipa-compliance index 8ae91b777..c82e4151f 100644 --- a/install/tools/ipa-compliance +++ b/install/tools/ipa-compliance @@ -36,6 +36,7 @@ try: from ipaserver.plugins.ldap2 import ldap2 from ipalib import api, errors, backend from ipaserver.install import installutils + from ipapython.dn import DN except ImportError, e: # If python-rhsm isn't installed exit gracefully and quietly. if e.args[0] == 'No module named rhsm.certificate': @@ -116,7 +117,7 @@ def check_compliance(tmpdir, debug=False): # Get the hosts first try: (entries, truncated) = conn.find_entries('(krblastpwdchange=*)', ['dn'], - '%s,%s' % (api.env.container_host, api.env.basedn), + DN(api.env.container_host, api.env.basedn), conn.SCOPE_ONELEVEL, size_limit = -1) except errors.NotFound: @@ -136,7 +137,7 @@ def check_compliance(tmpdir, debug=False): try: (entries, truncated) = conn.find_entries('(objectclass=ipaentitlement)', ['dn', 'userCertificate'], - '%s,%s' % (api.env.container_entitlements, api.env.basedn), + DN(api.env.container_entitlements, api.env.basedn), conn.SCOPE_ONELEVEL, size_limit = -1) diff --git a/install/tools/ipa-csreplica-manage b/install/tools/ipa-csreplica-manage index 938201fed..6eefe8d6d 100755 --- a/install/tools/ipa-csreplica-manage +++ b/install/tools/ipa-csreplica-manage @@ -30,7 +30,7 @@ from ipaserver.install import replication, installutils from ipaserver import ipaldap from ipapython import version from ipalib import api, errors, util -from ipalib.dn import DN +from ipapython.dn import DN CACERT = "/etc/ipa/ca.crt" PORT = 7389 @@ -63,7 +63,7 @@ class CSReplicationManager(replication.ReplicationManager): def __init__(self, realm, hostname, dirman_passwd, port=PORT, starttls=True): super(CSReplicationManager, self).__init__(realm, hostname, dirman_passwd, port, starttls) - self.suffix = 'o=ipaca' + self.suffix = DN(('o', 'ipaca')) self.hostnames = [] # set before calling or agreement_dn() will fail def agreement_dn(self, hostname, master=None): @@ -89,14 +89,14 @@ class CSReplicationManager(replication.ReplicationManager): else: name = "clone" cn="%sAgreement1-%s-%s" % (name, hostname, instance_name) - dn = str(DN("cn=%s, %s" % (cn, self.replica_dn()))) + dn = DN(('cn', cn), self.replica_dn()) return (cn, dn) for host in self.hostnames: for master in ["master", "clone"]: try: cn="%sAgreement1-%s-%s" % (master, host, instance_name) - dn = "cn=%s, %s" % (cn, self.replica_dn()) + dn = DN(('cn', cn), self.replica_dn()) self.conn.getEntry(dn, ldap.SCOPE_BASE) return (cn, dn) except errors.NotFound: @@ -106,12 +106,10 @@ class CSReplicationManager(replication.ReplicationManager): raise errors.NotFound(reason='No agreement found for %s' % hostname) def delete_referral(self, hostname): - esc1_suffix = self.suffix.replace('=', '\\3D').replace(',', '\\2C') - esc2_suffix = self.suffix.replace('=', '%3D').replace(',', '%2C') - dn = 'cn=%s,cn=mapping tree,cn=config' % esc1_suffix + dn = DN(('cn', self.suffix), ('cn', 'mapping tree'), ('cn', 'config')) # TODO: should we detect proto/port somehow ? mod = [(ldap.MOD_DELETE, 'nsslapd-referral', - 'ldap://%s/%s' % (ipautil.format_netloc(hostname, PORT), esc2_suffix))] + 'ldap://%s/%s' % (ipautil.format_netloc(hostname, PORT), self.suffix))] try: self.conn.modify_s(dn, mod) @@ -165,16 +163,16 @@ def list_replicas(realm, host, replica, dirman_passwd, verbose): conn = ipaldap.IPAdmin(host, 636, cacert=CACERT) conn.do_simple_bind(bindpw=dirman_passwd) - dn = str(DN('cn=masters,cn=ipa,cn=etc,%s' % ipautil.realm_to_suffix(realm))) - entries = conn.search_s(dn, ldap.SCOPE_ONELEVEL) + dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), ipautil.realm_to_suffix(realm)) + entries = conn.getList(dn, ldap.SCOPE_ONELEVEL) for ent in entries: try: cadn = DN(('cn', 'CA'), DN(ent.dn)) - entry = conn.getEntry(str(cadn), ldap.SCOPE_BASE) - peers[ent.cn] = ['master', ''] + entry = conn.getEntry(cadn, ldap.SCOPE_BASE) + peers[ent.getValue('cn')] = ['master', ''] except errors.NotFound: - peers[ent.cn] = ['CA not configured', ''] + peers[ent.getValue('cn')] = ['CA not configured', ''] except Exception, e: sys.exit("Failed to get data from '%s': %s" % (host, convert_error(e))) @@ -190,13 +188,13 @@ def list_replicas(realm, host, replica, dirman_passwd, verbose): entries = repl.find_replication_agreements() for entry in entries: - print '%s' % entry.nsds5replicahost + print '%s' % entry.getValue('nsds5replicahost') if verbose: - print " last init status: %s" % entry.nsds5replicalastinitstatus - print " last init ended: %s" % str(ipautil.parse_generalized_time(entry.nsds5replicalastinitend)) - print " last update status: %s" % entry.nsds5replicalastupdatestatus - print " last update ended: %s" % str(ipautil.parse_generalized_time(entry.nsds5replicalastupdateend)) + print " last init status: %s" % entry.getValue('nsds5replicalastinitstatus') + print " last init ended: %s" % str(ipautil.parse_generalized_time(entry.getValue('nsds5replicalastinitend'))) + print " last update status: %s" % entry.getValue('nsds5replicalastupdatestatus') + print " last update ended: %s" % str(ipautil.parse_generalized_time(entry.getValue('nsds5replicalastupdateend'))) def del_link(realm, replica1, replica2, dirman_passwd, force=False): @@ -316,7 +314,8 @@ def add_link(realm, replica1, replica2, dirman_passwd, options): conn = ipaldap.IPAdmin(replica2, 636, cacert=CACERT) conn.do_simple_bind(bindpw=dirman_passwd) - dn = str(DN('cn=CA,cn=%s,cn=masters,cn=ipa,cn=etc,%s' % (replica2, ipautil.realm_to_suffix(realm)))) + dn = DN(('cn', 'CA'), ('cn', replica2), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), + ipautil.realm_to_suffix(realm)) conn.search_s(dn, ldap.SCOPE_ONELEVEL) conn.unbind_s() except ldap.NO_SUCH_OBJECT: @@ -341,7 +340,7 @@ def add_link(realm, replica1, replica2, dirman_passwd, options): except Exception, e: sys.exit("Failed to get data from '%s': %s" % (replica1, convert_error(e))) - repl1.setup_replication(replica2, PORT, 0, "cn=Directory Manager", dirman_passwd, True, True) + repl1.setup_replication(replica2, PORT, 0, DN(('cn', 'Directory Manager')), dirman_passwd, True, True) print "Connected '%s' to '%s'" % (replica1, replica2) def re_initialize(realm, options): @@ -355,7 +354,7 @@ def re_initialize(realm, options): thishost = installutils.get_fqdn() filter = "(&(nsDS5ReplicaHost=%s)(|(objectclass=nsDSWindowsReplicationAgreement)(objectclass=nsds5ReplicationAgreement)))" % thishost - entry = repl.conn.search_s("cn=config", ldap.SCOPE_SUBTREE, filter) + entry = repl.conn.search_s(DN(('cn', 'config')), ldap.SCOPE_SUBTREE, filter) if len(entry) == 0: root_logger.error("Unable to find %s -> %s replication agreement" % (options.fromhost, thishost)) sys.exit(1) diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install index 47bffdf83..d4795f72e 100755 --- a/install/tools/ipa-dns-install +++ b/install/tools/ipa-dns-install @@ -202,7 +202,7 @@ def main(): root_logger.debug("will use dns_forwarders: %s\n", str(dns_forwarders)) if bind.dm_password: - api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=bind.dm_password) + api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')), bind_pw=bind.dm_password) else: # See if our LDAP server is up and we can talk to it over GSSAPI ccache = krbV.default_context().default_ccache().name diff --git a/install/tools/ipa-managed-entries b/install/tools/ipa-managed-entries index b9a492e48..e68d4d360 100755 --- a/install/tools/ipa-managed-entries +++ b/install/tools/ipa-managed-entries @@ -28,8 +28,8 @@ try: from ipaserver import ipaldap from ipaserver.plugins.ldap2 import ldap2 from ipalib import api, errors - from ipalib.dn import * from ipapython.ipa_log_manager import * + from ipapython.dn import DN except ImportError: print >> sys.stderr, """\ @@ -92,9 +92,8 @@ def main(): ('cn', 'Definitions'), ('cn', 'Managed Entries'), ('cn', 'etc'), - DN(api.env.basedn) + api.env.basedn ) - managed_entry_definitions_dn = str(managed_entry_definitions_dn) conn = None try: @@ -125,13 +124,13 @@ def main(): # List available Managed Entry Plugins managed_entries = None try: - entries = conn.search_s( + entries = conn.getList( managed_entry_definitions_dn, ldap.SCOPE_SUBTREE, filter ) except Exception, e: root_logger.debug("Search for managed entries failed: %s" % str(e)) sys.exit("Unable to find managed entries at %s" % managed_entry_definitions_dn) - managed_entries = [entry.cn for entry in entries] + managed_entries = [entry.getValue('cn') for entry in entries] if managed_entries: print "Available Managed Entry Definitions:" for managed_entry in managed_entries: @@ -142,22 +141,18 @@ def main(): if not options.managed_entry: sys.exit("\nYou must specify a managed entry definition") else: - rdn = DN( - ('cn', options.managed_entry), - DN(managed_entry_definitions_dn) - ) - def_dn = str(rdn) + def_dn = DN(('cn', options.managed_entry), managed_entry_definitions_dn) disabled = True try: - entries = conn.search_s(def_dn, + entry = conn.getEntry(def_dn, ldap.SCOPE_BASE, filter, ['originfilter'], ) disable_attr = '(objectclass=disable)' try: - org_filter = entries[0].originfilter + org_filter = entry.getValue('originfilter') disabled = re.search(r'%s' % disable_attr, org_filter) except KeyError: sys.exit("%s is not a valid Managed Entry" % def_dn) diff --git a/install/tools/ipa-nis-manage b/install/tools/ipa-nis-manage index 1c6de7b57..5ef3ce0e6 100755 --- a/install/tools/ipa-nis-manage +++ b/install/tools/ipa-nis-manage @@ -30,6 +30,7 @@ try: from ipaserver.plugins.ldap2 import ldap2 from ipalib import api, errors from ipapython.ipa_log_manager import * + from ipapython.dn import DN except ImportError: print >> sys.stderr, """\ There was a problem importing one of the required Python modules. The @@ -39,8 +40,8 @@ error was: """ % sys.exc_value sys.exit(1) -nis_config_dn = "cn=NIS Server,cn=plugins,cn=config" -compat_dn = "cn=Schema Compatibility,cn=plugins,cn=config" +nis_config_dn = DN(('cn', 'NIS Server'), ('cn', 'plugins'), ('cn', 'config')) +compat_dn = DN(('cn', 'Schema Compatibility'), ('cn', 'plugins'), ('cn', 'config')) def parse_options(): usage = "%prog [options] <enable|disable>\n" @@ -120,7 +121,7 @@ def main(): try: conn = ldap2(shared_instance=False, base_dn='') conn.connect( - bind_dn='cn=directory manager', bind_pw=dirman_password + bind_dn=DN(('cn', 'directory manager')), bind_pw=dirman_password ) except errors.ExecutionError, lde: sys.exit("An error occurred while connecting to the server: %s" % str(lde)) diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index c322cb62e..d7baf9c05 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -36,12 +36,13 @@ from ipaserver.install.installutils import ReplicaConfig, expand_replica_info, r from ipaserver.install.installutils import get_host_name, BadHostError from ipaserver.plugins.ldap2 import ldap2 from ipaserver.install import cainstance -from ipapython import version from ipalib import api, errors, util +from ipapython import version from ipapython.config import IPAOptionParser from ipapython import sysrestore from ipapython import services as ipaservices from ipapython.ipa_log_manager import * +from ipapython.dn import DN log_file_name = "/var/log/ipareplica-install.log" CACERT = "/etc/ipa/ca.crt" @@ -204,7 +205,7 @@ def install_http(config, auto_redirect): return http def install_bind(config, options): - api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", + api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')), bind_pw=config.dirman_password) if options.forwarders: forwarders = options.forwarders @@ -246,7 +247,7 @@ def install_dns_records(config, options): cur_uri = api.Backend.ldap2.ldap_uri object.__setattr__(api.Backend.ldap2, 'ldap_uri', 'ldaps://%s' % ipautil.format_netloc(config.master_host_name)) - api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", + api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')), bind_pw=config.dirman_password, tls_cacertfile=CACERT) bind = bindinstance.BindInstance(dm_password=config.dirman_password) @@ -360,10 +361,10 @@ def main(): try: fd = open("/etc/ipa/default.conf", "w") fd.write("[global]\n") - fd.write("host=" + config.host_name + "\n") - fd.write("basedn=" + ipautil.realm_to_suffix(config.realm_name) + "\n") - fd.write("realm=" + config.realm_name + "\n") - fd.write("domain=" + config.domain_name + "\n") + fd.write("host=%s\n" % config.host_name) + fd.write("basedn=%s\n" % str(ipautil.realm_to_suffix(config.realm_name))) + fd.write("realm=%s\n" % config.realm_name) + fd.write("domain=%s\n" % config.domain_name) fd.write("xmlrpc_uri=https://%s/ipa/xml\n" % ipautil.format_netloc(config.host_name)) fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % dsinstance.realm_to_serverid(config.realm_name)) if ipautil.file_exists(config.dir + "/cacert.p12"): @@ -404,14 +405,14 @@ def main(): ldapuri = 'ldaps://%s' % ipautil.format_netloc(config.master_host_name) try: conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn='') - conn.connect(bind_dn='cn=directory manager', + conn.connect(bind_dn=DN(('cn', 'directory manager')), bind_pw=config.dirman_password, tls_cacertfile=CACERT) replman = ReplicationManager(config.realm_name, config.master_host_name, config.dirman_password) found = False try: - entry = conn.find_entries(u'fqdn=%s' % host, ['dn', 'fqdn'], u'%s,%s' % (api.env.container_host, api.env.basedn)) + entry = conn.find_entries(u'fqdn=%s' % host, ['dn', 'fqdn'], DN(api.env.container_host, api.env.basedn)) print "The host %s already exists on the master server.\nYou should remove it before proceeding:" % host print " %% ipa host-del %s" % host found = True diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage index b095daf03..b2e819d1e 100755 --- a/install/tools/ipa-replica-manage +++ b/install/tools/ipa-replica-manage @@ -29,8 +29,8 @@ from ipaserver.install import bindinstance from ipaserver import ipaldap from ipapython import version from ipalib import api, errors, util -from ipalib.dn import DN from ipapython.ipa_log_manager import * +from ipapython.dn import DN CACERT = "/etc/ipa/ca.crt" @@ -125,23 +125,28 @@ def list_replicas(realm, host, replica, dirman_passwd, verbose): conn.do_simple_bind(bindpw=dirman_passwd) else: conn.do_sasl_gssapi_bind() + except Exception, e: + print "Failed to connect to host '%s': %s" % (host, str(e)) + return - dn = 'cn=masters,cn=ipa,cn=etc,%s' % ipautil.realm_to_suffix(realm) - entries = conn.search_s(dn, ldap.SCOPE_ONELEVEL) - + dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), ipautil.realm_to_suffix(realm)) + try: + entries = conn.getList(dn, ldap.SCOPE_ONELEVEL) + except: + print "Failed read master data from '%s': %s" % (host, str(e)) + return + else: for ent in entries: - peers[ent.cn] = ['master', ''] - - dn = 'cn=replicas,cn=ipa,cn=etc,%s' % ipautil.realm_to_suffix(realm) - entries = conn.search_s(dn, ldap.SCOPE_ONELEVEL) + peers[ent.getValue('cn')] = ['master', ''] + dn = DN(('cn', 'replicas'), ('cn', 'ipa'), ('cn', 'etc'), ipautil.realm_to_suffix(realm)) + try: + entries = conn.getList(dn, ldap.SCOPE_ONELEVEL) + except: + pass + else: for ent in entries: - peers[ent.cn] = ent.ipaconfigstring.split(':') - - except Exception, e: - print "Failed to get data from '%s': %s" % (host, str(e)) - return - + peers[ent.getValue('cn')] = ent.getValue('ipaConfigString').split(':') if not replica: for k, p in peers.iteritems(): @@ -164,8 +169,8 @@ def list_replicas(realm, host, replica, dirman_passwd, verbose): repl = replication.ReplicationManager(realm, winsync_peer, dirman_passwd) cn, dn = repl.agreement_dn(replica) - entries = repl.conn.search_s(dn, ldap.SCOPE_BASE, - "(objectclass=nsDSWindowsReplicationAgreement)") + entries = repl.conn.getList(dn, ldap.SCOPE_BASE, + "(objectclass=nsDSWindowsReplicationAgreement)") ent_type = 'winsync' else: repl = replication.ReplicationManager(realm, replica, @@ -177,13 +182,13 @@ def list_replicas(realm, host, replica, dirman_passwd, verbose): return for entry in entries: - print '%s: %s' % (entry.nsds5replicahost, ent_type) + print '%s: %s' % (entry.getValue('nsds5replicahost'), ent_type) if verbose: - print " last init status: %s" % entry.nsds5replicalastinitstatus - print " last init ended: %s" % str(ipautil.parse_generalized_time(entry.nsds5replicalastinitend)) - print " last update status: %s" % entry.nsds5replicalastupdatestatus - print " last update ended: %s" % str(ipautil.parse_generalized_time(entry.nsds5replicalastupdateend)) + print " last init status: %s" % entry.getValue('nsds5replicalastinitstatus') + print " last init ended: %s" % str(ipautil.parse_generalized_time(entry.getValue('nsds5replicalastinitend'))) + print " last update status: %s" % entry.getValue('nsds5replicalastupdatestatus') + print " last update ended: %s" % str(ipautil.parse_generalized_time(entry.getValue('nsds5replicalastupdateend'))) def del_link(realm, replica1, replica2, dirman_passwd, force=False): @@ -254,9 +259,9 @@ def del_link(realm, replica1, replica2, dirman_passwd, force=False): if type1 == replication.WINSYNC: try: - dn = 'cn=%s,cn=replicas,cn=ipa,cn=etc,%s' % (replica2, - ipautil.realm_to_suffix(realm)) - entries = repl1.conn.search_s(dn, ldap.SCOPE_SUBTREE) + dn = DN(('cn', replica2), ('cn', 'replicas'), ('cn', 'ipa'), ('cn', 'etc'), + ipautil.realm_to_suffix(realm)) + entries = repl1.conn.getList(dn, ldap.SCOPE_SUBTREE) if len(entries) != 0: dnset = repl1.conn.get_dns_sorted_by_length(entries, reverse=True) @@ -300,11 +305,11 @@ def del_master(realm, hostname, options): force_del = True if force_del: - dn = 'cn=masters,cn=ipa,cn=etc,%s' % thisrepl.suffix - res = thisrepl.conn.search_s(dn, ldap.SCOPE_ONELEVEL) + dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), thisrepl.suffix) + entries = thisrepl.conn.getList(dn, ldap.SCOPE_ONELEVEL) replica_names = [] - for entry in res: - replica_names.append(entry.cn) + for entry in entries: + replica_names.append(entry.getValue('cn')) else: # Get list of agreements. replica_names = delrepl.find_ipa_replication_agreements() @@ -340,7 +345,7 @@ def del_master(realm, hostname, options): if bindinstance.dns_container_exists(options.host, thisrepl.suffix, dm_password=options.dirman_passwd): if options.dirman_passwd: - api.Backend.ldap2.connect(bind_dn='cn=Directory Manager', + api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')), bind_pw=options.dirman_passwd) else: ccache = krbV.default_context().default_ccache().name @@ -366,7 +371,7 @@ def add_link(realm, replica1, replica2, dirman_passwd, options): repl = replication.ReplicationManager(realm, replica1, dirman_passwd) if repl.get_agreement_type(replica2) == replication.WINSYNC: agreement = repl.get_replication_agreement(replica2) - sys.exit("winsync agreement already exists on subtree %s" % + sys.exit("winsync agreement already exists on subtree %s" % agreement.getValue('nsds7WindowsReplicaSubtree')) else: sys.exit("A replication agreement to %s already exists" % replica2) @@ -407,8 +412,8 @@ def add_link(realm, replica1, replica2, dirman_passwd, options): # from scratch try: masters_dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), (api.env.basedn)) - master1_dn = str(DN(('cn', replica1), masters_dn)) - master2_dn = str(DN(('cn', replica2), masters_dn)) + master1_dn = DN(('cn', replica1), masters_dn) + master2_dn = DN(('cn', replica2), masters_dn) repl1.conn.getEntry(master1_dn, ldap.SCOPE_BASE) repl1.conn.getEntry(master2_dn, ldap.SCOPE_BASE) diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare index 19360fdf2..210a9de11 100755 --- a/install/tools/ipa-replica-prepare +++ b/install/tools/ipa-replica-prepare @@ -35,6 +35,7 @@ from ipaserver.plugins.ldap2 import ldap2 from ipapython import version from ipapython.config import IPAOptionParser from ipalib import api, errors, util +from ipapython.dn import DN def parse_options(): usage = "%prog [options] FQDN (e.g. replica.example.com)" @@ -99,13 +100,16 @@ def parse_options(): def get_subject_base(host_name, dm_password, suffix): try: conn = ldap2(shared_instance=False, base_dn=suffix) - conn.connect(bind_dn='cn=directory manager', bind_pw=dm_password) + conn.connect(bind_dn=DN(('cn', 'directory manager')), bind_pw=dm_password) except errors.ExecutionError, e: root_logger.critical("Could not connect to the Directory Server on %s" % host_name) raise e (dn, entry_attrs) = conn.get_ipa_config() conn.disconnect() - return entry_attrs.get('ipacertificatesubjectbase', [None])[0] + subject_base = entry_attrs.get('ipacertificatesubjectbase', [None])[0] + if subject_base is not None: + subject_base = DN(subject_base) + return subject_base def check_ipa_configuration(realm_name): config_dir = dsinstance.config_dirname(dsinstance.realm_to_serverid(realm_name)) @@ -200,7 +204,7 @@ def save_config(dir, realm_name, host_name, config.set("realm", "master_host_name", host_name) config.set("realm", "domain_name", domain_name) config.set("realm", "destination_host", dest_host) - config.set("realm", "subject_base", subject_base) + config.set("realm", "subject_base", str(subject_base)) fd = open(dir + "/realm_info", "w") config.write(fd) @@ -260,7 +264,7 @@ def main(): # Try out the password try: conn = ldap2(shared_instance=False) - conn.connect(bind_dn='cn=directory manager', bind_pw=dirman_password) + conn.connect(bind_dn=DN(('cn', 'directory manager')), bind_pw=dirman_password) conn.disconnect() except errors.ACIError: sys.exit("\nThe password provided is incorrect for LDAP server %s" % api.env.host) @@ -431,7 +435,7 @@ def main(): if options.ip_address: print "Adding DNS records for %s" % replica_fqdn - api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=dirman_password) + api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')), bind_pw=dirman_password) domain = replica_fqdn.split(".") name = domain.pop(0) diff --git a/install/tools/ipa-server-certinstall b/install/tools/ipa-server-certinstall index 3b19f0452..bc4dde272 100755 --- a/install/tools/ipa-server-certinstall +++ b/install/tools/ipa-server-certinstall @@ -32,6 +32,7 @@ from ipapython.ipautil import user_input from ipaserver.install import certs, dsinstance, httpinstance, installutils from ipalib import api from ipapython.ipa_log_manager import * +from ipapython.dn import DN from ipaserver.plugins.ldap2 import ldap2 def get_realm_name(): @@ -66,9 +67,9 @@ def parse_options(): def set_ds_cert_name(cert_name, dm_password): conn = ldap2(shared_instance=False, base_dn='') - conn.connect(bind_dn='cn=directory manager', bind_pw=dm_password) + conn.connect(bind_dn=DN(('cn', 'directory manager')), bind_pw=dm_password) mod = {'nssslpersonalityssl': cert_name} - conn.update_entry('cn=RSA,cn=encryption,cn=config', mod) + conn.update_entry(DN(('cn', 'RSA'), ('cn', 'encryption'), ('cn', 'config')), mod) conn.disconnect() def choose_server_cert(server_certs): diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index d7de70631..d9682bbb3 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -60,11 +60,11 @@ from ipapython.ipautil import * from ipapython import ipautil from ipalib import api, errors, util from ipapython.config import IPAOptionParser -from ipalib.dn import DN from ipalib.x509 import load_certificate_from_file, load_certificate_chain_from_file from ipalib.util import validate_domain_name from ipapython import services as ipaservices from ipapython.ipa_log_manager import * +from ipapython.dn import DN pw_name = None uninstalling = False @@ -530,13 +530,13 @@ def set_subject_in_config(realm_name, dm_password, suffix, subject_base): ) try: conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn=suffix) - conn.connect(bind_dn='cn=directory manager', bind_pw=dm_password) + conn.connect(bind_dn=DN(('cn', 'directory manager')), bind_pw=dm_password) except errors.ExecutionError, e: root_logger.critical("Could not connect to the Directory Server on %s" % realm_name) raise e (dn, entry_attrs) = conn.get_ipa_config() if 'ipacertificatesubjectbase' not in entry_attrs: - mod = {'ipacertificatesubjectbase': subject_base} + mod = {'ipacertificatesubjectbase': str(subject_base)} conn.update_entry(dn, mod) conn.disconnect() @@ -770,7 +770,7 @@ def main(): realm_name = options.realm_name.upper() if not options.subject: - options.subject = "O=%s" % realm_name + options.subject = DN(('O', realm_name)) if not options.dm_password: dm_password = read_dm_password() @@ -840,10 +840,10 @@ def main(): target_fname = '/etc/ipa/default.conf' fd = open(target_fname, "w") fd.write("[global]\n") - fd.write("host=" + host_name + "\n") - fd.write("basedn=" + ipautil.realm_to_suffix(realm_name) + "\n") - fd.write("realm=" + realm_name + "\n") - fd.write("domain=" + domain_name + "\n") + fd.write("host=%s\n" % host_name) + fd.write("basedn=%s\n" % ipautil.realm_to_suffix(realm_name)) + fd.write("realm=%s\n" % realm_name) + fd.write("domain=%s\n" % domain_name) fd.write("xmlrpc_uri=https://%s/ipa/xml\n" % format_netloc(host_name)) fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % dsinstance.realm_to_serverid(realm_name)) fd.write("enable_ra=True\n") @@ -1046,7 +1046,7 @@ def main(): persistent_search=options.persistent_search, serial_autoincrement=options.serial_autoincrement) if options.setup_dns: - api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=dm_password) + api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')), bind_pw=dm_password) bind.create_instance() print "" diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig index 951bd4854..3041cb60b 100644 --- a/install/tools/ipa-upgradeconfig +++ b/install/tools/ipa-upgradeconfig @@ -253,7 +253,7 @@ def update_dbmodules(realm, filename="/etc/krb5.conf"): newfile.append('#%s' % line) prefix = '' continue - + newfile.append('%s%s' % (prefix, line)) # Append updated dbmodules information diff --git a/install/tools/ipactl b/install/tools/ipactl index 22a4f6e03..e173d10c1 100755 --- a/install/tools/ipactl +++ b/install/tools/ipactl @@ -26,10 +26,10 @@ try: from ipaserver.install.dsinstance import config_dirname, realm_to_serverid from ipaserver.install.installutils import is_ipa_configured, ScriptError from ipapython.ipautil import wait_for_open_ports, wait_for_open_socket + from ipalib import api, errors from ipapython import sysrestore from ipapython import config - from ipalib import api, errors - from ipalib.dn import DN + from ipapython.dn import DN import ldap import ldap.sasl import ldapurl @@ -107,8 +107,7 @@ def emit_err(err): sys.stderr.write(err + '\n') def get_config(dirsrv): - base = "cn=%s,cn=masters,cn=ipa,cn=etc,%s" % (api.env.host, - api.env.basedn) + base = DN(('cn', api.env.host), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn) srcfilter = '(ipaConfigString=enabledService)' attrs = ['cn', 'ipaConfigString'] if not dirsrv.is_running(): @@ -127,7 +126,7 @@ def get_config(dirsrv): wait_for_open_ports(host, [int(port)], timeout=api.env.startup_timeout) con = ldap.initialize(api.env.ldap_uri) con.sasl_interactive_bind_s('', SASL_EXTERNAL) - res = con.search_st(base, + res = con.search_st(str(base), ldap.SCOPE_SUBTREE, filterstr=srcfilter, attrlist=attrs, @@ -138,12 +137,10 @@ def get_config(dirsrv): "Directory Server is stopped", 3) except ldap.NO_SUCH_OBJECT: masters_list = [] - dn = str(DN('cn=masters,cn=ipa,cn=etc,%s' % api.env.basedn)) + dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn) attrs = ['cn'] try: - entries = con.search_s(dn, - ldap.SCOPE_ONELEVEL, - attrlist=attrs,) + entries = con.search_s(str(dn), ldap.SCOPE_ONELEVEL, attrlist=attrs) except Exception, e: masters_list.append("No master found because of error: %s" % str(e)) else: |