On 29.07.2011 14:13, Martin Kosek wrote: > On Fri, 2011-07-29 at 13:09 +0300, Alexander Bokovoy wrote: >> Hi, >> >> another attempt to refine error/configuration reporting when configuring >> means to access LDAP on a client. Previous one tried to use rpm to find >> out package name but this approach is avoiding package names. Instead, >> it tries to tell configuration file. >> >> Ticker https://fedorahosted.org/freeipa/ticket/1369 > > NACK. > > 1) Return info from LDAP config functions gets overwritten: > > if not options.sssd: > (retcode, conf, filename) = configure_ldap_conf(fstore, cli_basedn, > cli_realm, cli_domain, cli_server, dnsok, options) > if retcode: > return 1 > (retcode, conf, filename) = configure_nslcd_conf(fstore, cli_basedn, > cli_realm, cli_domain, cli_server, dnsok, options) > if retcode: > return 1 > > Only one function will do the real configuration, in my case it was the > configure_ldap_conf (nslcd was not installed). Due to the overwrite, my > ipa-client-install reported invalid information: Yes, fixed.
> # ipa-client-install --server=vm-059.idm.lab.bos.redhat.com > --domain=idm.lab.bos.redhat.com --no-sssd > ... > LDAP enabled > Kerberos 5 enabled > NSLCD configured using configuration file /etc/nslcd.conf <<<< > Unable to use DNS discovery! Recognized configuration: NSLCD > Changing configuration of /etc/ldap.conf to use hardcoded server name: > vm-059.idm.lab.bos.redhat.com > NTP enabled > Client configuration complete. > > We need to indicate in the return triple that the service was not > configured so that we output correct information. I did this now by returning None: return (0, None, None). > 2) Returning tuple instead of triple (will raise exception when used): > > - return 1 > + return (1, 'nslcd') > > Plus, NSLCD is referred in upper case in other return statements. Fixed. Version 3 attached. -- / Alexander Bokovoy
From c2ebbee6c1796874a44a735a843a9453ccaaf4bf Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy <[email protected]> Date: Fri, 29 Jul 2011 13:05:07 +0300 Subject: [PATCH] Make proper LDAP configuration reporting for ipa-client-install Ticket https://fedorahosted.org/freeipa/ticket/1369 --- ipa-client/ipa-install/ipa-client-install | 29 +++++++++++++++++------------ 1 files changed, 17 insertions(+), 12 deletions(-) diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 2e1a28ca087dee9eea04ccc55557a9e6e4f8ce89..5847fea1d3e26bdd0c6182ab0ecf3d19ab0f69bc 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -336,6 +336,7 @@ def configure_ldap_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, d opts.append({'name':'empty', 'type':'empty'}) + ret = (0, None, None) # Depending on the release and distribution this may exist in any # number of different file names, update what we find for filename in ['/etc/ldap.conf', '/etc/nss_ldap.conf', '/etc/libnss-ldap.conf', '/etc/pam_ldap.conf']: @@ -343,11 +344,12 @@ def configure_ldap_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, d try: fstore.backup_file(filename) ldapconf.newConf(filename, opts) + return (0, 'LDAP', filename) except Exception, e: print "Creation of %s: %s" % (filename, str(e)) - return 1 + return (1, 'LDAP', filename) - return 0 + return ret def configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options): nslcdconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer") @@ -379,7 +381,7 @@ def configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, nslcdconf.newConf('/etc/nslcd.conf', opts) except Exception, e: print "Creation of %s: %s" % ('/etc/nslcd.conf', str(e)) - return 1 + return (1, None, None) if ipautil.service_is_installed('nslcd'): try: @@ -394,8 +396,9 @@ def configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, logging.error("Failed to enable automatic startup of the NSLCD daemon: %s" % str(e)) else: logging.debug("NSLCD daemon is not installed, skip configuration") + return (0, None, None) - return 0 + return (0, 'NSLCD', '/etc/nslcd.conf') def hardcode_ldap_server(cli_server): """ @@ -945,7 +948,8 @@ def main(): else: # this is optional service, just log - logging.info("NSCD daemon is not installed, skip configuration") + if not options.sssd: + logging.info("NSCD daemon is not installed, skip configuration") # Modify nsswitch/pam stack if options.sssd: @@ -967,11 +971,12 @@ def main(): # Update non-SSSD LDAP configuration after authconfig calls as it would # change its configuration otherways if not options.sssd: - if configure_ldap_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options): - return 1 - if configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options): - return 1 - print "LDAP configured" + for configurer in [configure_ldap_conf, configure_nslcd_conf]: + (retcode, conf, filename) = configurer(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options) + if retcode: + return 1 + if conf: + print "%s configured using configuration file %s" % (conf, filename) #Check that nss is working properly if not options.on_master: @@ -989,8 +994,8 @@ def main(): n = n + 1 if not found: - print "nss_ldap is not able to use DNS discovery!" - print "Changing configuration to use hardcoded server name: " +cli_server + print "Unable to use DNS discovery! Recognized configuration: %s" % (conf) + print "Changing configuration of /etc/ldap.conf to use hardcoded server name: " +cli_server try: hardcode_ldap_server(cli_server) -- 1.7.6
_______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
