On 4/14/2010 4:35 PM, Rob Crittenden wrote:
Pavel Zuna wrote:
On 03/30/2010 10:27 PM, Rob Crittenden wrote:
Pavel Zuna wrote:
On 03/23/2010 09:40 PM, Rob Crittenden wrote:
Pavel Zuna wrote:
This is the first in a series of patches, that replace all the legacy
code from v1 related to LDAP. I did some limited testing of the
installer after this patch and nothing seems to break, but I
didn't do
replicas etc...
Pavel
nack. This breaks at least ipa-replica-manage, ipa-replica-prepare,
ipa-server-certinstall and ipa-replica-install.
rob
Fixed patch attached.
Pavel
I'm not sure if you attached the wrong patch or not (it's dated 3/24)
but things are still not working:
# ipa-replica-install replica-info-tiger.example.com.gpg
Directory Manager (existing master) password:
creation of replica failed: 'Env' object has no attribute 'basedn'
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
rob
Sorry for a late reply. Here's a patch that should finally work. I did
a lot more testing and setting up a replica went smoothly every time.
Pavel
Lots better. I was able to create and manage replicas but
ipa-dns-install isn't working:
# ipa-dns-install
The log file for this installation can be found in
/var/log/ipaserver-install.log
==============================================================================
This program will setup DNS for the FreeIPA Server.
This includes:
* Configure DNS (bind)
To accept the default shown in brackets, press the Enter key.
Existing BIND configuration detected, overwrite? [no]: y
Do you wish to configure DNS forwarders? [no]:
No DNS forwarders configured
Directory Manager password:
Unexpected error - see ipaserver-install.log for details:
'API' object has no attribute 'env_host'
Ouch, sorry about that. New patch attached.
Pavel
From 6f1e71d1ad926b827d43c4dbcab768ecaa675389 Mon Sep 17 00:00:00 2001
From: Pavel Zuna <pz...@redhat.com>
Date: Wed, 24 Mar 2010 15:51:31 +0100
Subject: [PATCH] Use ldap2 instead of legacy LDAP code from v1 in installer
scripts.
---
install/tools/ipa-compat-manage | 38 ++++++++++----------
install/tools/ipa-dns-install | 18 +++++-----
install/tools/ipa-fix-CVE-2008-3274 | 63 +++++++++++++++++++--------------
install/tools/ipa-ldap-updater | 2 -
install/tools/ipa-nis-manage | 44 +++++++++++------------
install/tools/ipa-replica-install | 22 ++++++------
install/tools/ipa-replica-manage | 8 ++--
install/tools/ipa-replica-prepare | 33 ++++++++---------
install/tools/ipa-server-certinstall | 18 ++++-----
install/tools/ipa-server-install | 24 ++++++-------
ipaserver/plugins/ldap2.py | 22 +++++-------
11 files changed, 144 insertions(+), 148 deletions(-)
diff --git a/install/tools/ipa-compat-manage b/install/tools/ipa-compat-manage
index 09a06ca..b22ce77 100755
--- a/install/tools/ipa-compat-manage
+++ b/install/tools/ipa-compat-manage
@@ -22,12 +22,11 @@
import sys
try:
from optparse import OptionParser
- from ipaserver import ipaldap
from ipapython import entity, ipautil, config
from ipaserver.install import installutils
from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax, UPDATES_DIR
+ from ipaserver.plugins.ldap2 import ldap2
from ipalib import errors
- import ldap
import logging
import re
import krbV
@@ -95,26 +94,29 @@ def main():
else:
dirman_password = get_dirman_password()
+ conn = None
try:
+ ldapuri = 'ldap://%s' % installutils.get_fqdn()
try:
- conn = ipaldap.IPAdmin(installutils.get_fqdn())
- conn.do_simple_bind(bindpw=dirman_password)
- except ldap.LDAPError, e:
+ conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn='')
+ conn.connect(
+ bind_dn='cn=directory manager', bind_pw=dirman_password
+ )
+ except errors.LDAPError, e:
print "An error occurred while connecting to the server."
- print "%s" % e[0]['desc']
+ print e
return 1
if args[0] == "enable":
try:
- conn.getEntry("cn=Schema Compatibility,cn=plugins,cn=config",
- ldap.SCOPE_BASE, "(objectclass=*)")
+ conn.get_entry('cn=Schema Compatibility,cn=plugins,cn=config')
print "Plugin already Enabled"
retval = 2
except errors.NotFound:
print "Enabling plugin"
- except ldap.LDAPError, e:
+ except errors.LDAPError, e:
print "An error occurred while talking to the server."
- print "%s" % e[0]['desc']
+ print e
retval = 1
if retval == 0:
@@ -127,17 +129,15 @@ def main():
# Make a quick hack foir now, directly delete the entries by name,
# In future we should add delete capabilites to LDAPUpdate
try:
- conn.getEntry("cn=Schema Compatibility,cn=plugins,cn=config",
- ldap.SCOPE_BASE, "(objectclass=*)")
- conn.deleteEntry("cn=groups,cn=Schema
Compatibility,cn=plugins,cn=config")
- conn.deleteEntry("cn=users,cn=Schema
Compatibility,cn=plugins,cn=config")
- conn.deleteEntry("cn=Schema
Compatibility,cn=plugins,cn=config")
+ conn.delete_entry('cn=groups,cn=Schema
Compatibility,cn=plugins,cn=config')
+ conn.delete_entry('cn=users,cn=Schema
Compatibility,cn=plugins,cn=config')
+ conn.delete_entry('cn=Schema
Compatibility,cn=plugins,cn=config')
except errors.NotFound:
print "Plugin is already disabled"
retval = 2
- except ldap.LDAPError, e:
+ except errors.LDAPError, e:
print "An error occurred while talking to the server."
- print "%s" % e[0]['desc']
+ print e
retval = 1
else:
@@ -145,7 +145,7 @@ def main():
finally:
if conn:
- conn.unbind()
+ conn.disconnect()
return retval
@@ -167,6 +167,6 @@ except config.IPAConfigError, e:
print "An IPA server to update cannot be found. Has one been configured
yet?"
print "The error was: %s" % e
sys.exit(1)
-except ldap.LDAPError, e:
+except errors.LDAPError, e:
print "An error occurred while performing operations: %s" % e
sys.exit(1)
diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install
index 0656794..3413312 100755
--- a/install/tools/ipa-dns-install
+++ b/install/tools/ipa-dns-install
@@ -22,13 +22,12 @@
from optparse import OptionParser
import traceback
-from ipaserver import ipaldap
+from ipaserver.plugins.ldap2 import ldap2
from ipaserver.install import bindinstance, ntpinstance
from ipaserver.install.installutils import *
from ipapython import version
from ipapython import ipautil, sysrestore
-from ipalib import api, util
-import ldap
+from ipalib import api, errors, util
def parse_options():
parser = OptionParser(version=version.VERSION)
@@ -134,14 +133,15 @@ def main():
dm_password = options.dm_password
# Try out the password
+ ldapuri = 'ldap://%s' % api.env.host
try:
- conn = ipaldap.IPAdmin(api.env.host)
- conn.do_simple_bind(bindpw=dm_password)
- conn.unbind()
- except (ldap.CONNECT_ERROR, ldap.SERVER_DOWN), e:
- sys.exit("\nUnable to connect to LDAP server %s" % api.env.host)
- except ldap.INVALID_CREDENTIALS, e :
+ conn = ldap2(shared_instance=False, ldap_uri=ldapuri)
+ conn.connect(bind_dn='cn=directory manager', bind_pw=dm_password)
+ conn.disconnect()
+ except errors.ACIError:
sys.exit("\nThe password provided is incorrect for LDAP server %s" %
api.env.host)
+ except errors.LDAPError:
+ sys.exit("\nUnable to connect to LDAP server %s" % api.env.host)
conf_ntp = ntpinstance.NTPInstance(fstore).is_enabled()
diff --git a/install/tools/ipa-fix-CVE-2008-3274
b/install/tools/ipa-fix-CVE-2008-3274
index 79ff904..723d412 100644
--- a/install/tools/ipa-fix-CVE-2008-3274
+++ b/install/tools/ipa-fix-CVE-2008-3274
@@ -25,13 +25,10 @@ try:
import ipapython.ipautil
import krbV
- import ldap
-
- from ldap import LDAPError
- from ldap import ldapobject
+ from ipalib import errors
from ipaclient import ipachangeconf
- from ipaserver import ipaldap
+ from ipaserver.plugins.ldap2 import ldap2
from pyasn1.type import univ, namedtype
import pyasn1.codec.ber.encoder
@@ -70,22 +67,24 @@ def parse_options():
def check_vuln(realm, suffix):
+ ldapuri = 'ldap://127.0.0.1'
try:
- conn = ldapobject.SimpleLDAPObject("ldap://127.0.0.1/";)
- conn.simple_bind()
- msgid = conn.search("cn="+realm+",cn=kerberos,"+suffix,
- ldap.SCOPE_BASE,
- "(objectclass=krbRealmContainer)",
- ("krbmkey", "cn"))
- res = conn.result(msgid)
- conn.unbind()
-
- if len(res) != 2:
+ conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn=suffix)
+ conn.connect()
+ try:
+ (entries, truncated) = conn.find_entries(
+ filter='(objectclass=krbRealmContainer)',
+ attrs_list=('krbmkey', 'cn'), scope=ldap2.SCOPE_BASE,
+ base_dn='cn=%s,cn=kerberos' % realm
+ )
+ except errors.NotFound:
err = 'Realm Container not found, unable to proceed'
print err
raise Exception, err
+ finally:
+ conn.disconnect()
- if 'krbmkey' in res[1][0][1]:
+ if 'krbmkey' in entries[0][1]:
print 'System vulnerable'
return 1
else:
@@ -185,9 +184,10 @@ def change_mkey(password = None, quiet = False):
password = getpass.getpass("Directory Manager password: ")
# get a connection to the DS
+ ldapuri = 'ldap://%s' % ipapython.config.config.default_server[0]
try:
- conn = ipaldap.IPAdmin(ipapython.config.config.default_server[0])
- conn.do_simple_bind(bindpw=password)
+ conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn=suffix)
+ conn.connect(bind_dn='cn=directory manager', bind_pw=password)
except Exception, e:
print "ERROR: Could not connect to the Directory Server on
"+ipapython.config.config.default_server[0]+" ("+str(e)+")"
return 1
@@ -298,8 +298,8 @@ def change_mkey(password = None, quiet = False):
asn1key = pyasn1.codec.ber.encoder.encode(krbMKey)
dn = "cn="+realm+",cn=kerberos,"+suffix
- mod = [(ldap.MOD_REPLACE, 'krbMKey', str(asn1key))]
- conn.modify_s(dn, mod)
+ mod = {'krbmkey': str(asn1key)}
+ conn.update_entry(dn, mod)
except Exception, e:
print "ERROR: Failed to upload the Master Key from the Stash file:
"+newstashfile+" ("+str(e)+")"
return 1
@@ -459,16 +459,25 @@ def fix_main(password, realm, suffix):
krbMKey.setComponentByPosition(1, MasterKey)
asn1key = pyasn1.codec.ber.encoder.encode(krbMKey)
- dn = "cn=%s,cn=kerberos,%s" % (realm, suffix)
+ dn = 'cn=%s,cn=kerberos' % realm
sub_dict = dict(REALM=realm, SUFFIX=suffix)
#protect the master key by adding an appropriate deny rule along with the
key
- mod = [(ldap.MOD_ADD, 'aci',
ipapython.ipautil.template_str(KRBMKEY_DENY_ACI, sub_dict)),
- (ldap.MOD_REPLACE, 'krbMKey', str(asn1key))]
+ conn = ldap2(
+ shared_instance=False, ldap_uri='ldap://127.0.0.1',
+ base_dn=suffix
+ )
+ conn.connect(bind_dn='cn=directory manager', bind_pw=password)
+
+ (dn, entry_attrs) = conn.get_entry(dn, ['aci'])
+
+ entry_attrs['krbmkey'] = str(asn1key)
+ entry_attrs.setdefault('aci', []).append(
+ ipapython.ipautil.template_str(KRBMKEY_DENY_ACI, sub_dict)
+ )
+
+ conn.update_entry(dn, entry_attrs)
- conn = ldapobject.SimpleLDAPObject("ldap://127.0.0.1/";)
- conn.simple_bind("cn=Directory Manager", password)
- conn.modify_s(dn, mod)
- conn.unbind()
+ conn.disconnect()
print "\n"
print "This server is now correctly configured and the master-key has been
changed and secured."
diff --git a/install/tools/ipa-ldap-updater b/install/tools/ipa-ldap-updater
index 97d464c..746cd42 100755
--- a/install/tools/ipa-ldap-updater
+++ b/install/tools/ipa-ldap-updater
@@ -26,11 +26,9 @@
import sys
try:
from optparse import OptionParser
- from ipaserver import ipaldap
from ipapython import entity, ipautil, config
from ipaserver.install import installutils
from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax, UPDATES_DIR
- import ldap
import logging
import re
import krbV
diff --git a/install/tools/ipa-nis-manage b/install/tools/ipa-nis-manage
index 18a1463..22cfd43 100755
--- a/install/tools/ipa-nis-manage
+++ b/install/tools/ipa-nis-manage
@@ -22,12 +22,11 @@
import sys
try:
from optparse import OptionParser
- from ipaserver import ipaldap
from ipapython import entity, ipautil, config
from ipaserver.install import installutils
from ipaserver.install.ldapupdate import LDAPUpdate, BadSyntax, UPDATES_DIR
+ from ipaserver.plugins.ldap2 import ldap2
from ipalib import errors
- import ldap
import logging
except ImportError:
print >> sys.stderr, """\
@@ -68,12 +67,9 @@ def get_dirman_password():
def get_nis_config(conn):
entry = None
try:
- entry = conn.getEntry(nis_config_dn, ldap.SCOPE_BASE,
"(objectclass=*)")
+ (dn, entry) = conn.get_entry(nis_config_dn)
except errors.NotFound:
pass
- except ldap.LDAPError, e:
- raise e
-
return entry
def main():
@@ -103,22 +99,26 @@ def main():
else:
dirman_password = get_dirman_password()
+ conn = None
try:
+ ldapuri = 'ldap://%s' % installutils.get_fqdn()
try:
- conn = ipaldap.IPAdmin(installutils.get_fqdn())
- conn.do_simple_bind(bindpw=dirman_password)
- except ldap.LDAPError, e:
+ conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn='')
+ conn.connect(
+ bind_dn='cn=directory manager', bind_pw=dirman_password
+ )
+ except errors.LDAPError, e:
print "An error occurred while connecting to the server."
- print "%s" % e[0]['desc']
+ print e
return 1
if args[0] == "enable":
entry = None
try:
entry = get_nis_config(conn)
- except ldap.LDAPError, e:
+ except errors.LDAPError, e:
print "An error occurred while talking to the server."
- print "%s" % e[0]['desc']
+ print e
retval = 1
# Enable either the portmap or rpcbind service
@@ -142,27 +142,25 @@ def main():
ld = LDAPUpdate(dm_password=dirman_password, sub_dict={})
retval = ld.update(files)
else:
- if entry.getValue('nsslapd-pluginenabled').lower() == "off":
+ if entry.get('nsslapd-pluginenabled', '').lower() == 'off':
# Already configured, just enable the plugin
print "Enabling plugin"
- mod = [(ldap.MOD_REPLACE, "nsslapd-pluginenabled", "on")]
-
- conn.modify_s(nis_config_dn, mod)
+ mod = {'nsslapd-pluginenabled': 'on'}
+ conn.update_entry(nis_config_dn, mod)
else:
print "Plugin already Enabled"
retval = 2
elif args[0] == "disable":
try:
- mod = [(ldap.MOD_REPLACE, "nsslapd-pluginenabled", "off")]
-
- conn.modify_s(nis_config_dn, mod)
+ mod = {'nsslapd-pluginenabled': 'off'}
+ conn.update_entry(nis_config_dn, mod)
except errors.NotFound:
print "Plugin is already disabled"
retval = 2
- except ldap.LDAPError, e:
+ except errors.LDAPError, e:
print "An error occurred while talking to the server."
- print "%s" % e[0]['desc']
+ print e
retval = 1
else:
@@ -176,7 +174,7 @@ def main():
finally:
if conn:
- conn.unbind()
+ conn.disconnect()
return retval
@@ -198,6 +196,6 @@ except config.IPAConfigError, e:
print "An IPA server to update cannot be found. Has one been configured
yet?"
print "The error was: %s" % e
sys.exit(1)
-except ldap.LDAPError, e:
+except errors.LDAPError, e:
print "An error occurred while performing operations: %s" % e
sys.exit(1)
diff --git a/install/tools/ipa-replica-install
b/install/tools/ipa-replica-install
index 4b348f6..da03809 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -23,15 +23,14 @@ import socket
import tempfile, os, pwd, traceback, logging, shutil
from ConfigParser import SafeConfigParser
-import ldap
from ipapython import ipautil
from ipaserver.install import dsinstance, replication, installutils,
krbinstance, service
from ipaserver.install import bindinstance, httpinstance, ntpinstance, certs
-from ipaserver import ipaldap
+from ipaserver.plugins.ldap2 import ldap2
from ipapython import version
-from ipalib import api, util
+from ipalib import api, errors, util
CACERT="/usr/share/ipa/html/ca.crt"
@@ -300,16 +299,17 @@ def main():
config.dir = dir
# Try out the password
+ ldapuri = 'ldap://%s' % config.master_host_name
try:
- conn = ipaldap.IPAdmin(config.master_host_name)
- conn.do_simple_bind(bindpw=config.dirman_password)
- conn.unbind()
- except ldap.CONNECT_ERROR, e:
- sys.exit("\nUnable to connect to LDAP server %s" %
config.master_host_name)
- except ldap.SERVER_DOWN, e:
- sys.exit("\nUnable to connect to LDAP server %s" %
config.master_host_name)
- except ldap.INVALID_CREDENTIALS, e :
+ conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn='')
+ conn.connect(
+ bind_dn='cn=directory manager', bind_pw=config.dirman_password
+ )
+ conn.disconnect()
+ except errors.ACIError:
sys.exit("\nThe password provided is incorrect for LDAP server %s" %
config.master_host_name)
+ except errors.LDAPError:
+ sys.exit("\nUnable to connect to LDAP server %s" %
config.master_host_name)
# Create the management framework config file
# Note: We must do this before bootstraping and finalizing ipalib.api
diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage
index b85c491..91550be 100755
--- a/install/tools/ipa-replica-manage
+++ b/install/tools/ipa-replica-manage
@@ -24,10 +24,9 @@ import traceback, logging
from ipapython import ipautil
from ipaserver.install import replication, dsinstance, installutils
-from ipaserver import ipaldap
+from ipaserver.plugins.ldap2 import ldap2
from ipapython import version
-from ipalib import util
-from ipalib import errors
+from ipalib import errors, util
def parse_options():
from optparse import OptionParser
@@ -73,7 +72,8 @@ def get_realm_name():
return c.default_realm
def get_suffix():
- suffix =
ipaldap.IPAdmin.normalizeDN(util.realm_to_suffix(get_realm_name()))
+ l = ldap2(shared_instance=False, base_dn='')
+ suffix = l.normalize_dn(util.realm_to_suffix(get_realm_name()))
return suffix
def get_host_name():
diff --git a/install/tools/ipa-replica-prepare
b/install/tools/ipa-replica-prepare
index 1164917..87a3ae4 100755
--- a/install/tools/ipa-replica-prepare
+++ b/install/tools/ipa-replica-prepare
@@ -29,11 +29,9 @@ from optparse import OptionParser
from ipapython import ipautil
from ipaserver.install import bindinstance, dsinstance, installutils, certs,
httpinstance
from ipaserver.install.bindinstance import add_zone, add_reverze_zone, add_rr,
add_ptr_rr
-from ipaserver import ipaldap
+from ipaserver.plugins.ldap2 import ldap2
from ipapython import version
-from ipalib import api
-from ipalib import util
-import ldap
+from ipalib import api, errors, util
def parse_options():
usage = "%prog [options] FQDN (e.g. replica.example.com)"
@@ -75,14 +73,16 @@ def parse_options():
return options, args
def get_subject_base(host_name, dm_password, suffix):
+ ldapuri = 'ldap://%s:389' % host_name
try:
- conn = ipaldap.IPAdmin(host_name)
- conn.do_simple_bind(bindpw=dm_password)
- except Exception, e:
+ conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn=suffix)
+ conn.connect(bind_dn='cn=directory manager', bind_pw=dm_password)
+ except errors.ExecutionError, e:
logging.critical("Could not connect to the Directory Server on %s" %
host_name)
raise e
- entry = conn.getEntry("cn=ipaConfig, cn=etc, %s" % suffix,
ldap.SCOPE_SUBTREE)
- return entry.getValue('ipacertificatesubjectbase')
+ (dn, entry_attrs) = conn.get_ipa_config()
+ conn.disconnect()
+ return entry_attrs.get('ipacertificatesubjectbase', [None])[0]
def check_ipa_configuration(realm_name):
config_dir =
dsinstance.config_dirname(dsinstance.realm_to_serverid(realm_name))
@@ -236,16 +236,15 @@ def main():
sys.exit(0)
# Try out the password
+ ldapuri = 'ldap://%s:389' % api.env.host
try:
- conn = ipaldap.IPAdmin(api.env.host)
- conn.do_simple_bind(bindpw=dirman_password)
- conn.unbind()
- except ldap.CONNECT_ERROR, e:
- sys.exit("\nUnable to connect to LDAP server %s" % api.env.host)
- except ldap.SERVER_DOWN, e:
- sys.exit("\nUnable to connect to LDAP server %s" % api.env.host)
- except ldap.INVALID_CREDENTIALS, e :
+ conn = ldap2(shared_instance=False, ldap_uri=ldapuri)
+ conn.connect(bind_dn='cn=directory manager', bind_pw=dirman_password)
+ conn.disconnect()
+ except errors.ACIError:
sys.exit("\nThe password provided is incorrect for LDAP server %s" %
api.env.host)
+ except errors.LDAPError:
+ sys.exit("\nUnable to connect to LDAP server %s" % api.env.host)
print "Preparing replica for %s from %s" % (replica_fqdn, api.env.host)
diff --git a/install/tools/ipa-server-certinstall
b/install/tools/ipa-server-certinstall
index d02dbbb..d853f71 100755
--- a/install/tools/ipa-server-certinstall
+++ b/install/tools/ipa-server-certinstall
@@ -25,13 +25,13 @@ import tempfile
import traceback
-import krbV, ldap, getpass
+import krbV, getpass
from ipapython.ipautil import user_input
-from ipaserver import ipaldap
from ipaserver.install import certs, dsinstance, httpinstance, installutils
from ipalib import api
+from ipaserver.plugins.ldap2 import ldap2
def get_realm_name():
c = krbV.default_context()
@@ -64,14 +64,12 @@ def parse_options():
return options, args[0]
def set_ds_cert_name(cert_name, dm_password):
- conn = ipaldap.IPAdmin("127.0.0.1")
- conn.simple_bind_s("cn=directory manager", dm_password)
-
- mod = [(ldap.MOD_REPLACE, "nsSSLPersonalitySSL", cert_name)]
-
- conn.modify_s("cn=RSA,cn=encryption,cn=config", mod)
-
- conn.unbind()
+ ldapuri = 'ldap://127.0.0.1'
+ conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn='')
+ conn.connect(bind_dn='cn=directory manager', bind_pw=dm_password)
+ mod = {'nssslpersonalityssl': cert_name}
+ conn.update_entry('cn=RSA,cn=encryption,cn=config', mod)
+ conn.disconnect()
def choose_server_cert(server_certs):
print "Please select the certificate to use:"
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 314adf1..f0c3add 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -35,7 +35,6 @@ import signal
import shutil
import glob
import traceback
-import ldap
from optparse import OptionParser
from ConfigParser import RawConfigParser
import random
@@ -51,11 +50,11 @@ from ipaserver.install import cainstance
from ipaserver.install import service
from ipapython import version
from ipaserver.install.installutils import *
-from ipaserver import ipaldap
+from ipaserver.plugins.ldap2 import ldap2
from ipapython import sysrestore
from ipapython.ipautil import *
-from ipalib import api, util
+from ipalib import api, errors, util
import ipawebui
@@ -411,19 +410,18 @@ def render_assets():
ui.render_assets()
def set_subject_in_config(host_name, dm_password, suffix, subject_base):
+ ldapuri = 'ldap://%s' % host_name
try:
- conn = ipaldap.IPAdmin(host_name)
- conn.do_simple_bind(bindpw=dm_password)
- except Exception, e:
+ conn = ldap2(shared_instance=False, ldap_uri=ldapuri,
base_dn=suffix)
+ conn.connect(bind_dn='cn=directory manager', bind_pw=dm_password)
+ except errors.ExecutionError, e:
logging.critical("Could not connect to the Directory Server on %s"
% host_name)
raise e
- entry = conn.getEntry("cn=ipaConfig, cn=etc, %s" % suffix,
ldap.SCOPE_SUBTREE)
- if entry.getValue('ipaCertificateSubjectBase') is None:
- newentry = entry.toDict()
- newentry['ipaCertificateSubjectBase'] = subject_base
- conn.updateEntry(entry.dn, entry.toDict(), newentry)
-
- conn.unbind()
+ (dn, entry_attrs) = conn.get_ipa_config()
+ if 'ipacertificatesubjectbase' not in entry_attrs:
+ mod = {'ipacertificatesubjectbase': subject_base}
+ conn.update_entry(dn, mod)
+ conn.disconnect()
def main():
global ds
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index 84a9178..33b85f3 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -219,19 +219,15 @@ class ldap2(CrudBackend, Encoder):
self.encoder_settings.decode_dict_vals_table = self._SYNTAX_MAPPING
self.encoder_settings.decode_dict_vals_table_keygen = get_syntax
self.encoder_settings.decode_postprocessor = lambda x: string.lower(x)
- if ldap_uri is None:
- self.ldap_uri = api.env.ldap_uri
- else:
- self.ldap_uri = ldap_uri
- if base_dn is None:
- self.base_dn = api.env.basedn
- else:
- self.base_dn = base_dn
- if schema is None:
- self.schema = _schema
- else:
- self.schema = schema
-
+ try:
+ self.ldap_uri = ldap_uri or api.env.ldap_uri
+ except AttributeError:
+ self.ldap_uri = 'ldap://example.com'
+ try:
+ self.base_dn = base_dn or api.env.basedn
+ except AttributeError:
+ self.base_dn = ''
+ self.schema = schema or _schema
def __del__(self):
if self.isconnected():
--
1.6.6
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
