URL: https://github.com/freeipa/freeipa/pull/1327 Author: akokshar Title: #1327: ensuring 389-ds plugins are enabled after install Action: opened
PR body: """ To avoid problems caused by desabled plugins on 389-ds side explicitly enable plugins required by IPA https://pagure.io/freeipa/issue/7271 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1327/head:pr1327 git checkout pr1327
From d0fc00cf78f02d86a1c4c7ff10ae45e6f4fa6b8a Mon Sep 17 00:00:00 2001 From: Alexander Koksharov <akoks...@redhat.com> Date: Thu, 23 Nov 2017 12:06:05 +0100 Subject: [PATCH] ensuring 389-ds plugins are enabled after install To avoid problems caused by desabled plugins on 389-ds side explicitly enable plugins required by IPA https://pagure.io/freeipa/issue/7271 --- install/share/Makefile.am | 1 + install/share/enable_dirsrv_plugins.ldif | 114 +++++++++++++++++++++++++++++++ ipaserver/install/dsinstance.py | 4 ++ 3 files changed, 119 insertions(+) create mode 100644 install/share/enable_dirsrv_plugins.ldif diff --git a/install/share/Makefile.am b/install/share/Makefile.am index b1285854ea..5f45c77cd6 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -89,6 +89,7 @@ dist_app_DATA = \ gssproxy.conf.template \ kdcproxy.wsgi \ ipakrb5.aug \ + enable_dirsrv_plugins.ldif \ $(NULL) kdcproxyconfdir = $(IPA_SYSCONF_DIR)/kdcproxy diff --git a/install/share/enable_dirsrv_plugins.ldif b/install/share/enable_dirsrv_plugins.ldif new file mode 100644 index 0000000000..66fc6ba03f --- /dev/null +++ b/install/share/enable_dirsrv_plugins.ldif @@ -0,0 +1,114 @@ +# 7-bit check, plugins, config +dn: cn=7-bit check,cn=plugins,cn=config +changetype: modify +replace: nsslapd-pluginenabled +nsslapd-pluginenabled: on + +# Account Usability Plugin, plugins, config +dn: cn=Account Usability Plugin,cn=plugins,cn=config +changetype: modify +replace: nsslapd-pluginenabled +nsslapd-pluginenabled: on + +# ACL Plugin, plugins, config +dn: cn=ACL Plugin,cn=plugins,cn=config +changetype: modify +replace: nsslapd-pluginenabled +nsslapd-pluginenabled: on + +# ACL preoperation, plugins, config +dn: cn=ACL preoperation,cn=plugins,cn=config +changetype: modify +replace: nsslapd-pluginenabled +nsslapd-pluginenabled: on + +# Auto Membership Plugin, plugins, config +dn: cn=Auto Membership Plugin,cn=plugins,cn=config +changetype: modify +replace: nsslapd-pluginenabled +nsslapd-pluginenabled: on + +# Bitwise Plugin, plugins, config +dn: cn=Bitwise Plugin,cn=plugins,cn=config +changetype: modify +replace: nsslapd-pluginenabled +nsslapd-pluginenabled: on + +# chaining database, plugins, config +dn: cn=chaining database,cn=plugins,cn=config +changetype: modify +replace: nsslapd-pluginenabled +nsslapd-pluginenabled: on + +# Class of Service, plugins, config +dn: cn=Class of Service,cn=plugins,cn=config +changetype: modify +replace: nsslapd-pluginenabled +nsslapd-pluginenabled: on + +# deref, plugins, config +dn: cn=deref,cn=plugins,cn=config +changetype: modify +replace: nsslapd-pluginenabled +nsslapd-pluginenabled: on + +# HTTP Client, plugins, config +dn: cn=HTTP Client,cn=plugins,cn=config +changetype: modify +replace: nsslapd-pluginenabled +nsslapd-pluginenabled: on + +# Internationalization Plugin, plugins, config +dn: cn=Internationalization Plugin,cn=plugins,cn=config +changetype: modify +replace: nsslapd-pluginenabled +nsslapd-pluginenabled: on + +# Linked Attributes, plugins, config +dn: cn=Linked Attributes,cn=plugins,cn=config +changetype: modify +replace: nsslapd-pluginenabled +nsslapd-pluginenabled: on + +# Managed Entries, plugins, config +dn: cn=Managed Entries,cn=plugins,cn=config +changetype: modify +replace: nsslapd-pluginenabled +nsslapd-pluginenabled: on + +# Multimaster Replication Plugin, plugins, config +dn: cn=Multimaster Replication Plugin,cn=plugins,cn=config +changetype: modify +replace: nsslapd-pluginenabled +nsslapd-pluginenabled: on + +# Roles Plugin, plugins, config +dn: cn=Roles Plugin,cn=plugins,cn=config +changetype: modify +replace: nsslapd-pluginenabled +nsslapd-pluginenabled: on + +# Schema Reload, plugins, config +dn: cn=Schema Reload,cn=plugins,cn=config +changetype: modify +replace: nsslapd-pluginenabled +nsslapd-pluginenabled: on + +# State Change Plugin, plugins, config +dn: cn=State Change Plugin,cn=plugins,cn=config +changetype: modify +replace: nsslapd-pluginenabled +nsslapd-pluginenabled: on + +# Views, plugins, config +dn: cn=Views,cn=plugins,cn=config +changetype: modify +replace: nsslapd-pluginenabled +nsslapd-pluginenabled: on + +# whoami, plugins, config +dn: cn=whoami,cn=plugins,cn=config +changetype: modify +replace: nsslapd-pluginenabled +nsslapd-pluginenabled: on + diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 9c15d721fe..acb834f655 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -259,6 +259,7 @@ def __common_setup(self): self.step("stopping directory server", self.__stop_instance) self.step("updating configuration in dse.ldif", self.__update_dse_ldif) self.step("starting directory server", self.__start_instance) + self.step("ensure required 389-ds plugins are enabled", self.__enable_dirsrv_plugins) self.step("adding default schema", self.__add_default_schemas) self.step("enabling memberof plugin", self.__add_memberof_module) self.step("enabling winsync plugin", self.__add_winsync_module) @@ -996,6 +997,9 @@ def __enable_ldapi(self): def __enable_sasl_mapping_fallback(self): self._ldap_mod("sasl-mapping-fallback.ldif", self.sub_dict) + def __enable_dirsrv_plugins(self): + self._ldap_mod("enable_dirsrv_plugins.ldif") + def add_hbac(self): self._ldap_mod("default-hbac.ldif", self.sub_dict)
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
