Re: [Freeipa-devel] [PATCH 0006] Improves sssd.conf handling during ipa-client uninstall
On 09/18/2012 11:21 AM, Tomas Babej wrote: On 09/12/2012 05:29 PM, Martin Kosek wrote: On 08/29/2012 02:54 PM, Tomas Babej wrote: On 08/27/2012 04:55 PM, Martin Kosek wrote: On 08/27/2012 03:37 PM, Jakub Hrozek wrote: On Mon, Aug 27, 2012 at 02:57:44PM +0200, Martin Kosek wrote: I think that the right behavior of SSSD conf uninstall should be the following: * sssd.conf existed before IPA install + non-IPA domains in sssd.conf found: - move backed conf up sssd.conf.bkp (and inform the user) - use SSSDConfig delete_domain function to remove ipa domain from sssd.conf - restart sssd afterwards I'm confused here, which of the files is the original pre-ipa-client-install file? This is the backed up sssd.conf. I thought that it may be useful for user to still have an access to it after uninstall. How does the non-ipa domain end up in the sssd.conf file? Does it have to be configured manually or does ipa-client-install merge the list of domains on installation? ipa-client-install merge the list of the domains. It overrides the old sssd.conf only when we cannot parse the sssd.conf and --preserve-sssd option was not set. Martin Hi, The sssd.conf file is no longer left behind in case sssd was not configured before the installation. However, the patch goes behind the scope of this ticked and improves the handling of sssd.conf during the ipa-client-install --uninstall in general. The current behaviour (well documented in source code) is as follows: - In general, the IPA domain is simply removed from the sssd.conf file, instead of sssd.conf being rewritten from the backup. This preserves any domains added after installation. - If sssd.conf existed before the installation, it is restored to sssd.conf.bkp. However, any IPA domains from pre-installation sssd.conf should have been merged during the installation. - If sssd.conf did not exist before the installation, and no other domains than IPA domain exist in it, the patch makes sure that sssd.conf is moved to sssd.conf.deleted so user experiences no crash during any next installation due to its existence. https://fedorahosted.org/freeipa/ticket/2740 Tomas Good job, SSSD uninstall process now looks more consistent and better documented. I just found the following (mainly minor) issues. Comments in the patch: diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 2e65921e8de2dfe68443f5b5875954d71dd48ed2..c5cef15e1fb3a3e1d7cfd070f4288d3839accfc8 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -183,6 +183,36 @@ def nssldap_exists(): return (retval, files_found) +# helper function for uninstall +# deletes IPA domain from sssd.conf +def delete_IPA_domain(): Function names should be lowercase - delete_ipa_domain +sssd = ipaservices.service('sssd') +try: +sssdconfig = SSSDConfig.SSSDConfig() +sssdconfig.import_config() +domains = sssdconfig.list_active_domains() + +IPA_domain_name = None Variables should be lowercase - ipa_domain_name + +for name in domains: +domain = sssdconfig.get_domain(name) +try: +provider = domain.get_option('id_provider') +if provider == ipa: +IPA_domain_name = name +break +except SSSDConfig.NoOptionError: +continue + +if IPA_domain_name != None: Do not use != with None, True, False - use is not None. +sssdconfig.delete_domain(IPA_domain_name) +sssdconfig.write() +else: +root_logger.warning(IPA domain could not be found in + +sssd.conf and therefore not deleted) +except IOError: +root_logger.warning(IPA domain could not be deleted. No access to the sssd.conf file.) There should be full path to sssd.conf in this error message. It is very useful sometimes. + def uninstall(options, env): if not fstore.has_files(): @@ -212,7 +242,12 @@ def uninstall(options, env): sssdconfig = SSSDConfig.SSSDConfig() sssdconfig.import_config() domains = sssdconfig.list_active_domains() -if len(domains) 1: +all_domains = sssdconfig.list_domains() + +# we consider all the domains, because handling sssd.conf +# during uninstall is dependant on was_sssd_configured flag +# so the user does not lose info about inactive domains +if len(all_domains) 1: # There was more than IPA domain configured was_sssd_configured = True for name in domains: @@ -349,6 +384,62 @@ def uninstall(options, env): Failed to remove krb5/LDAP configuration: %s, str(e)) return
Re: [Freeipa-devel] [PATCH 0006] Improves sssd.conf handling during ipa-client uninstall
On 09/20/2012 02:42 PM, Martin Kosek wrote: On 09/18/2012 11:21 AM, Tomas Babej wrote: On 09/12/2012 05:29 PM, Martin Kosek wrote: On 08/29/2012 02:54 PM, Tomas Babej wrote: On 08/27/2012 04:55 PM, Martin Kosek wrote: On 08/27/2012 03:37 PM, Jakub Hrozek wrote: On Mon, Aug 27, 2012 at 02:57:44PM +0200, Martin Kosek wrote: I think that the right behavior of SSSD conf uninstall should be the following: * sssd.conf existed before IPA install + non-IPA domains in sssd.conf found: - move backed conf up sssd.conf.bkp (and inform the user) - use SSSDConfig delete_domain function to remove ipa domain from sssd.conf - restart sssd afterwards I'm confused here, which of the files is the original pre-ipa-client-install file? This is the backed up sssd.conf. I thought that it may be useful for user to still have an access to it after uninstall. How does the non-ipa domain end up in the sssd.conf file? Does it have to be configured manually or does ipa-client-install merge the list of domains on installation? ipa-client-install merge the list of the domains. It overrides the old sssd.conf only when we cannot parse the sssd.conf and --preserve-sssd option was not set. Martin Hi, The sssd.conf file is no longer left behind in case sssd was not configured before the installation. However, the patch goes behind the scope of this ticked and improves the handling of sssd.conf during the ipa-client-install --uninstall in general. The current behaviour (well documented in source code) is as follows: - In general, the IPA domain is simply removed from the sssd.conf file, instead of sssd.conf being rewritten from the backup. This preserves any domains added after installation. - If sssd.conf existed before the installation, it is restored to sssd.conf.bkp. However, any IPA domains from pre-installation sssd.conf should have been merged during the installation. - If sssd.conf did not exist before the installation, and no other domains than IPA domain exist in it, the patch makes sure that sssd.conf is moved to sssd.conf.deleted so user experiences no crash during any next installation due to its existence. https://fedorahosted.org/freeipa/ticket/2740 Tomas Good job, SSSD uninstall process now looks more consistent and better documented. I just found the following (mainly minor) issues. Comments in the patch: diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 2e65921e8de2dfe68443f5b5875954d71dd48ed2..c5cef15e1fb3a3e1d7cfd070f4288d3839accfc8 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -183,6 +183,36 @@ def nssldap_exists(): return (retval, files_found) +# helper function for uninstall +# deletes IPA domain from sssd.conf +def delete_IPA_domain(): Function names should be lowercase - delete_ipa_domain +sssd = ipaservices.service('sssd') +try: +sssdconfig = SSSDConfig.SSSDConfig() +sssdconfig.import_config() +domains = sssdconfig.list_active_domains() + +IPA_domain_name = None Variables should be lowercase - ipa_domain_name + +for name in domains: +domain = sssdconfig.get_domain(name) +try: +provider = domain.get_option('id_provider') +if provider == ipa: +IPA_domain_name = name +break +except SSSDConfig.NoOptionError: +continue + +if IPA_domain_name != None: Do not use != with None, True, False - use is not None. +sssdconfig.delete_domain(IPA_domain_name) +sssdconfig.write() +else: +root_logger.warning(IPA domain could not be found in + +sssd.conf and therefore not deleted) +except IOError: +root_logger.warning(IPA domain could not be deleted. No access to the sssd.conf file.) There should be full path to sssd.conf in this error message. It is very useful sometimes. + def uninstall(options, env): if not fstore.has_files(): @@ -212,7 +242,12 @@ def uninstall(options, env): sssdconfig = SSSDConfig.SSSDConfig() sssdconfig.import_config() domains = sssdconfig.list_active_domains() -if len(domains) 1: +all_domains = sssdconfig.list_domains() + +# we consider all the domains, because handling sssd.conf +# during uninstall is dependant on was_sssd_configured flag +# so the user does not lose info about inactive domains +if len(all_domains) 1: # There was more than IPA domain configured was_sssd_configured = True for name in domains: @@ -349,6 +384,62 @@ def uninstall(options, env): Failed to remove krb5/LDAP configuration: %s, str(e)) return CLIENT_INSTALL_ERROR +# Next if-elif-elif
Re: [Freeipa-devel] [PATCH 0006] Improves sssd.conf handling during ipa-client uninstall
On Thu, 2012-09-20 at 16:20 +0200, Tomas Babej wrote: On 09/20/2012 02:42 PM, Martin Kosek wrote: On 09/18/2012 11:21 AM, Tomas Babej wrote: On 09/12/2012 05:29 PM, Martin Kosek wrote: On 08/29/2012 02:54 PM, Tomas Babej wrote: On 08/27/2012 04:55 PM, Martin Kosek wrote: On 08/27/2012 03:37 PM, Jakub Hrozek wrote: On Mon, Aug 27, 2012 at 02:57:44PM +0200, Martin Kosek wrote: I think that the right behavior of SSSD conf uninstall should be the following: * sssd.conf existed before IPA install + non-IPA domains in sssd.conf found: - move backed conf up sssd.conf.bkp (and inform the user) - use SSSDConfig delete_domain function to remove ipa domain from sssd.conf - restart sssd afterwards I'm confused here, which of the files is the original pre-ipa-client-install file? This is the backed up sssd.conf. I thought that it may be useful for user to still have an access to it after uninstall. How does the non-ipa domain end up in the sssd.conf file? Does it have to be configured manually or does ipa-client-install merge the list of domains on installation? ipa-client-install merge the list of the domains. It overrides the old sssd.conf only when we cannot parse the sssd.conf and --preserve-sssd option was not set. Martin Hi, The sssd.conf file is no longer left behind in case sssd was not configured before the installation. However, the patch goes behind the scope of this ticked and improves the handling of sssd.conf during the ipa-client-install --uninstall in general. The current behaviour (well documented in source code) is as follows: - In general, the IPA domain is simply removed from the sssd.conf file, instead of sssd.conf being rewritten from the backup. This preserves any domains added after installation. - If sssd.conf existed before the installation, it is restored to sssd.conf.bkp. However, any IPA domains from pre-installation sssd.conf should have been merged during the installation. - If sssd.conf did not exist before the installation, and no other domains than IPA domain exist in it, the patch makes sure that sssd.conf is moved to sssd.conf.deleted so user experiences no crash during any next installation due to its existence. https://fedorahosted.org/freeipa/ticket/2740 Tomas Good job, SSSD uninstall process now looks more consistent and better documented. I just found the following (mainly minor) issues. Comments in the patch: diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 2e65921e8de2dfe68443f5b5875954d71dd48ed2..c5cef15e1fb3a3e1d7cfd070f4288d3839accfc8 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -183,6 +183,36 @@ def nssldap_exists(): return (retval, files_found) +# helper function for uninstall +# deletes IPA domain from sssd.conf +def delete_IPA_domain(): Function names should be lowercase - delete_ipa_domain +sssd = ipaservices.service('sssd') +try: +sssdconfig = SSSDConfig.SSSDConfig() +sssdconfig.import_config() +domains = sssdconfig.list_active_domains() + +IPA_domain_name = None Variables should be lowercase - ipa_domain_name + +for name in domains: +domain = sssdconfig.get_domain(name) +try: +provider = domain.get_option('id_provider') +if provider == ipa: +IPA_domain_name = name +break +except SSSDConfig.NoOptionError: +continue + +if IPA_domain_name != None: Do not use != with None, True, False - use is not None. +sssdconfig.delete_domain(IPA_domain_name) +sssdconfig.write() +else: +root_logger.warning(IPA domain could not be found in + +sssd.conf and therefore not deleted) +except IOError: +root_logger.warning(IPA domain could not be deleted. No access to the sssd.conf file.) There should be full path to sssd.conf in this error message. It is very useful sometimes. + def uninstall(options, env): if not fstore.has_files(): @@ -212,7 +242,12 @@ def uninstall(options, env): sssdconfig = SSSDConfig.SSSDConfig() sssdconfig.import_config() domains = sssdconfig.list_active_domains() -if len(domains) 1: +all_domains = sssdconfig.list_domains() + +# we consider all the domains, because handling sssd.conf +# during uninstall is dependant on was_sssd_configured flag +# so the user does not lose info about inactive domains +if len(all_domains) 1: # There was more
Re: [Freeipa-devel] [PATCH 0006] Improves sssd.conf handling during ipa-client uninstall
On 09/12/2012 05:29 PM, Martin Kosek wrote: On 08/29/2012 02:54 PM, Tomas Babej wrote: On 08/27/2012 04:55 PM, Martin Kosek wrote: On 08/27/2012 03:37 PM, Jakub Hrozek wrote: On Mon, Aug 27, 2012 at 02:57:44PM +0200, Martin Kosek wrote: I think that the right behavior of SSSD conf uninstall should be the following: * sssd.conf existed before IPA install + non-IPA domains in sssd.conf found: - move backed conf up sssd.conf.bkp (and inform the user) - use SSSDConfig delete_domain function to remove ipa domain from sssd.conf - restart sssd afterwards I'm confused here, which of the files is the original pre-ipa-client-install file? This is the backed up sssd.conf. I thought that it may be useful for user to still have an access to it after uninstall. How does the non-ipa domain end up in the sssd.conf file? Does it have to be configured manually or does ipa-client-install merge the list of domains on installation? ipa-client-install merge the list of the domains. It overrides the old sssd.conf only when we cannot parse the sssd.conf and --preserve-sssd option was not set. Martin Hi, The sssd.conf file is no longer left behind in case sssd was not configured before the installation. However, the patch goes behind the scope of this ticked and improves the handling of sssd.conf during the ipa-client-install --uninstall in general. The current behaviour (well documented in source code) is as follows: - In general, the IPA domain is simply removed from the sssd.conf file, instead of sssd.conf being rewritten from the backup. This preserves any domains added after installation. - If sssd.conf existed before the installation, it is restored to sssd.conf.bkp. However, any IPA domains from pre-installation sssd.conf should have been merged during the installation. - If sssd.conf did not exist before the installation, and no other domains than IPA domain exist in it, the patch makes sure that sssd.conf is moved to sssd.conf.deleted so user experiences no crash during any next installation due to its existence. https://fedorahosted.org/freeipa/ticket/2740 Tomas Good job, SSSD uninstall process now looks more consistent and better documented. I just found the following (mainly minor) issues. Comments in the patch: diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 2e65921e8de2dfe68443f5b5875954d71dd48ed2..c5cef15e1fb3a3e1d7cfd070f4288d3839accfc8 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -183,6 +183,36 @@ def nssldap_exists(): return (retval, files_found) +# helper function for uninstall +# deletes IPA domain from sssd.conf +def delete_IPA_domain(): Function names should be lowercase - delete_ipa_domain +sssd = ipaservices.service('sssd') +try: +sssdconfig = SSSDConfig.SSSDConfig() +sssdconfig.import_config() +domains = sssdconfig.list_active_domains() + +IPA_domain_name = None Variables should be lowercase - ipa_domain_name + +for name in domains: +domain = sssdconfig.get_domain(name) +try: +provider = domain.get_option('id_provider') +if provider == ipa: +IPA_domain_name = name +break +except SSSDConfig.NoOptionError: +continue + +if IPA_domain_name != None: Do not use != with None, True, False - use is not None. +sssdconfig.delete_domain(IPA_domain_name) +sssdconfig.write() +else: +root_logger.warning(IPA domain could not be found in + +sssd.conf and therefore not deleted) +except IOError: +root_logger.warning(IPA domain could not be deleted. No access to the sssd.conf file.) There should be full path to sssd.conf in this error message. It is very useful sometimes. + def uninstall(options, env): if not fstore.has_files(): @@ -212,7 +242,12 @@ def uninstall(options, env): sssdconfig = SSSDConfig.SSSDConfig() sssdconfig.import_config() domains = sssdconfig.list_active_domains() -if len(domains) 1: +all_domains = sssdconfig.list_domains() + +# we consider all the domains, because handling sssd.conf +# during uninstall is dependant on was_sssd_configured flag +# so the user does not lose info about inactive domains +if len(all_domains) 1: # There was more than IPA domain configured was_sssd_configured = True for name in domains: @@ -349,6 +384,62 @@ def uninstall(options, env): Failed to remove krb5/LDAP configuration: %s, str(e)) return CLIENT_INSTALL_ERROR +# Next if-elif-elif construction deals with sssd.conf file. +# Old pre-IPA domains are preserved due merging the old sssd.conf +#
Re: [Freeipa-devel] [PATCH 0006] Improves sssd.conf handling during ipa-client uninstall
On 08/29/2012 02:54 PM, Tomas Babej wrote: On 08/27/2012 04:55 PM, Martin Kosek wrote: On 08/27/2012 03:37 PM, Jakub Hrozek wrote: On Mon, Aug 27, 2012 at 02:57:44PM +0200, Martin Kosek wrote: I think that the right behavior of SSSD conf uninstall should be the following: * sssd.conf existed before IPA install + non-IPA domains in sssd.conf found: - move backed conf up sssd.conf.bkp (and inform the user) - use SSSDConfig delete_domain function to remove ipa domain from sssd.conf - restart sssd afterwards I'm confused here, which of the files is the original pre-ipa-client-install file? This is the backed up sssd.conf. I thought that it may be useful for user to still have an access to it after uninstall. How does the non-ipa domain end up in the sssd.conf file? Does it have to be configured manually or does ipa-client-install merge the list of domains on installation? ipa-client-install merge the list of the domains. It overrides the old sssd.conf only when we cannot parse the sssd.conf and --preserve-sssd option was not set. Martin Hi, The sssd.conf file is no longer left behind in case sssd was not configured before the installation. However, the patch goes behind the scope of this ticked and improves the handling of sssd.conf during the ipa-client-install --uninstall in general. The current behaviour (well documented in source code) is as follows: - In general, the IPA domain is simply removed from the sssd.conf file, instead of sssd.conf being rewritten from the backup. This preserves any domains added after installation. - If sssd.conf existed before the installation, it is restored to sssd.conf.bkp. However, any IPA domains from pre-installation sssd.conf should have been merged during the installation. - If sssd.conf did not exist before the installation, and no other domains than IPA domain exist in it, the patch makes sure that sssd.conf is moved to sssd.conf.deleted so user experiences no crash during any next installation due to its existence. https://fedorahosted.org/freeipa/ticket/2740 Tomas Good job, SSSD uninstall process now looks more consistent and better documented. I just found the following (mainly minor) issues. Comments in the patch: diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 2e65921e8de2dfe68443f5b5875954d71dd48ed2..c5cef15e1fb3a3e1d7cfd070f4288d3839accfc8 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -183,6 +183,36 @@ def nssldap_exists(): return (retval, files_found) +# helper function for uninstall +# deletes IPA domain from sssd.conf +def delete_IPA_domain(): Function names should be lowercase - delete_ipa_domain +sssd = ipaservices.service('sssd') +try: +sssdconfig = SSSDConfig.SSSDConfig() +sssdconfig.import_config() +domains = sssdconfig.list_active_domains() + +IPA_domain_name = None Variables should be lowercase - ipa_domain_name + +for name in domains: +domain = sssdconfig.get_domain(name) +try: +provider = domain.get_option('id_provider') +if provider == ipa: +IPA_domain_name = name +break +except SSSDConfig.NoOptionError: +continue + +if IPA_domain_name != None: Do not use != with None, True, False - use is not None. +sssdconfig.delete_domain(IPA_domain_name) +sssdconfig.write() +else: +root_logger.warning(IPA domain could not be found in + +sssd.conf and therefore not deleted) +except IOError: +root_logger.warning(IPA domain could not be deleted. No access to the sssd.conf file.) There should be full path to sssd.conf in this error message. It is very useful sometimes. + def uninstall(options, env): if not fstore.has_files(): @@ -212,7 +242,12 @@ def uninstall(options, env): sssdconfig = SSSDConfig.SSSDConfig() sssdconfig.import_config() domains = sssdconfig.list_active_domains() -if len(domains) 1: +all_domains = sssdconfig.list_domains() + +# we consider all the domains, because handling sssd.conf +# during uninstall is dependant on was_sssd_configured flag +# so the user does not lose info about inactive domains +if len(all_domains) 1: # There was more than IPA domain configured was_sssd_configured = True for name in domains: @@ -349,6 +384,62 @@ def uninstall(options, env): Failed to remove krb5/LDAP configuration: %s, str(e)) return CLIENT_INSTALL_ERROR +# Next if-elif-elif construction deals with sssd.conf file. +# Old pre-IPA domains are preserved due merging the old sssd.conf +# during the installation of
[Freeipa-devel] [PATCH 0006] Improves sssd.conf handling during ipa-client uninstall
On 08/27/2012 04:55 PM, Martin Kosek wrote: On 08/27/2012 03:37 PM, Jakub Hrozek wrote: On Mon, Aug 27, 2012 at 02:57:44PM +0200, Martin Kosek wrote: I think that the right behavior of SSSD conf uninstall should be the following: * sssd.conf existed before IPA install + non-IPA domains in sssd.conf found: - move backed conf up sssd.conf.bkp (and inform the user) - use SSSDConfig delete_domain function to remove ipa domain from sssd.conf - restart sssd afterwards I'm confused here, which of the files is the original pre-ipa-client-install file? This is the backed up sssd.conf. I thought that it may be useful for user to still have an access to it after uninstall. How does the non-ipa domain end up in the sssd.conf file? Does it have to be configured manually or does ipa-client-install merge the list of domains on installation? ipa-client-install merge the list of the domains. It overrides the old sssd.conf only when we cannot parse the sssd.conf and --preserve-sssd option was not set. Martin Hi, The sssd.conf file is no longer left behind in case sssd was not configured before the installation. However, the patch goes behind the scope of this ticked and improves the handling of sssd.conf during the ipa-client-install --uninstall in general. The current behaviour (well documented in source code) is as follows: - In general, the IPA domain is simply removed from the sssd.conf file, instead of sssd.conf being rewritten from the backup. This preserves any domains added after installation. - If sssd.conf existed before the installation, it is restored to sssd.conf.bkp. However, any IPA domains from pre-installation sssd.conf should have been merged during the installation. - If sssd.conf did not exist before the installation, and no other domains than IPA domain exist in it, the patch makes sure that sssd.conf is moved to sssd.conf.deleted so user experiences no crash during any next installation due to its existence. https://fedorahosted.org/freeipa/ticket/2740 Tomas From fac8d676d2e727977a8a52bdd2990eb2839b54c4 Mon Sep 17 00:00:00 2001 From: Tomas Babej tba...@redhat.com Date: Fri, 17 Aug 2012 08:56:45 -0400 Subject: [PATCH] Improves sssd.conf handling during ipa-client uninstall The sssd.conf file is no longer left behind in case sssd was not configured before the installation. However, the patch goes behind the scope of this ticked and improves the handling of sssd.conf during the ipa-client-install --uninstall in general. The current behaviour (well documented in source code) is as follows: - In general, the IPA domain is simply removed from the sssd.conf file, instead of sssd.conf being rewritten from the backup. This preserves any domains added after installation. - If sssd.conf existed before the installation, it is restored to sssd.conf.bkp. However, any IPA domains from pre-installation sssd.conf should have been merged during the installation. - If sssd.conf did not exist before the installation, and no other domains than IPA domain exist in it, the patch makes sure that sssd.conf is moved to sssd.conf.deleted so user experiences no crash during any next installation due to its existence. https://fedorahosted.org/freeipa/ticket/2740 --- ipa-client/ipa-install/ipa-client-install | 107 +- 1 file changed, 92 insertions(+), 15 deletions(-) diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 2e65921e8de2dfe68443f5b5875954d71dd48ed2..c5cef15e1fb3a3e1d7cfd070f4288d3839accfc8 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -183,6 +183,36 @@ def nssldap_exists(): return (retval, files_found) +# helper function for uninstall +# deletes IPA domain from sssd.conf +def delete_IPA_domain(): +sssd = ipaservices.service('sssd') +try: +sssdconfig = SSSDConfig.SSSDConfig() +sssdconfig.import_config() +domains = sssdconfig.list_active_domains() + +IPA_domain_name = None + +for name in domains: +domain = sssdconfig.get_domain(name) +try: +provider = domain.get_option('id_provider') +if provider == ipa: +IPA_domain_name = name +break +except SSSDConfig.NoOptionError: +continue + +if IPA_domain_name != None: +sssdconfig.delete_domain(IPA_domain_name) +sssdconfig.write() +else: +root_logger.warning(IPA domain could not be found in + +sssd.conf and therefore not deleted) +except IOError: +root_logger.warning(IPA domain could not be deleted. No access to the sssd.conf file.) + def uninstall(options, env): if not fstore.has_files(): @@ -212,7 +242,12 @@ def uninstall(options, env): sssdconfig =