Make ipa-compat-manage work again after the changes to ipa-nis-manage I've done in patch 32.

(this also fixes https://fedorahosted.org/freeipa/ticket/1147)

Honza

--
Jan Cholasta
>From 007a87ca336a6d8cfcf032724f1ab9dda286964e Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jchol...@redhat.com>
Date: Thu, 21 Jul 2011 16:00:27 +0200
Subject: [PATCH] Fix ipa-compat-manage not working after recent
 ipa-nis-manage change.

ticket 1147
---
 install/tools/ipa-compat-manage |  106 ++++++++++++++++++++++++---------------
 install/tools/ipa-nis-manage    |    2 +-
 2 files changed, 66 insertions(+), 42 deletions(-)

diff --git a/install/tools/ipa-compat-manage b/install/tools/ipa-compat-manage
index 1203b00..a176bb5 100755
--- a/install/tools/ipa-compat-manage
+++ b/install/tools/ipa-compat-manage
@@ -37,7 +37,8 @@ error was:
 """ % sys.exc_value
     sys.exit(1)
 
-netgroup_compat_dn = "cn=ng,cn=Schema Compatibility,cn=plugins,cn=config"
+compat_dn = "cn=Schema Compatibility,cn=plugins,cn=config"
+nis_config_dn = "cn=NIS Server,cn=plugins,cn=config"
 
 def parse_options():
     usage = "%prog [options] <enable|disable>\n"
@@ -64,6 +65,18 @@ def get_dirman_password():
 
     return password
 
+def get_entry(dn, conn):
+    """
+    Return the entry for the given DN. If the entry is not found return
+    None.
+    """
+    entry = None
+    try:
+        (dn, entry) = conn.get_entry(dn, normalize=False)
+    except errors.NotFound:
+        pass
+    return entry
+
 def main():
     retval = 0
     loglevel = logging.ERROR
@@ -104,68 +117,79 @@ def main():
             sys.exit("Authentication failed: %s" % e.info)
 
         if args[0] == "status":
+            entry = None
             try:
-                conn.get_entry('cn=Schema Compatibility,cn=plugins,cn=config', normalize=False)
-                print "Plugin Enabled"
-            except errors.NotFound:
-                print "Plugin Disabled" 
+                entry = get_entry(compat_dn, conn)
+                if entry is not None and entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'on':
+                    print "Plugin Enabled"
+                else:
+                    print "Plugin Disabled" 
             except errors.LDAPError, lde:
                 print "An error occurred while talking to the server."
                 print lde
-            return 0
 
         if args[0] == "enable":
+            entry = None
             try:
-                conn.get_entry('cn=Schema Compatibility,cn=plugins,cn=config', normalize=False)
-                print "Plugin already Enabled"
-                retval = 2
-            except errors.NotFound:
-                print "Enabling plugin"
+                entry = get_entry(compat_dn, conn)
+                if entry is not None and entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'on':
+                    print "Plugin already Enabled"
+                    retval = 2                
+                else:
+                    print "Enabling plugin"
+
+                    if entry is None:
+                        ld = LDAPUpdate(dm_password=dirman_password, sub_dict={})
+                        if not ld.update(files):
+                            print "Updating Directory Server failed."
+                            retval = 1
+                    else:
+                        mod = {'nsslapd-pluginenabled': 'on'}
+                        conn.update_entry(compat_dn, mod, normalize=False)
             except errors.ExecutionError, lde:
                 print "An error occurred while talking to the server."
                 print lde
                 retval = 1
 
-            if retval == 0:
-                ld = LDAPUpdate(dm_password=dirman_password, sub_dict={})
-                rv = ld.update(files)
-                if rv:
-                    print "This setting will not take effect until you restart Directory Server."
-                else:
-                    print "Updating Directory Server failed."
-                    retval = 1
-
         elif args[0] == "disable":
-            # We can't disable schema compat if the NIS plugin is enabled
-            try:
-                conn.get_entry(netgroup_compat_dn, normalize=False)
-                print >>sys.stderr, "The NIS plugin is configured, cannot disable compatibility."
-                print >>sys.stderr, "Run 'ipa-nis-manage disable' first."
-                sys.exit(2)
-            except errors.NotFound:
-                pass
-            # Make a quick hack for now, directly delete the entries by name,
-            # In future we should add delete capabilites to LDAPUpdate
+            entry = None
             try:
-                conn.delete_entry('cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config', normalize=False)
-                conn.delete_entry('cn=groups,cn=Schema Compatibility,cn=plugins,cn=config', normalize=False)
-                conn.delete_entry('cn=users,cn=Schema Compatibility,cn=plugins,cn=config', normalize=False)
-                conn.delete_entry('cn=Schema Compatibility,cn=plugins,cn=config', normalize=False)
-            except errors.NotFound:
-                print "Plugin is already disabled"
-                retval = 2
-            except errors.DatabaseError, dbe:
-                print "An error occurred while talking to the server."
-                print dbe
-                retval = 1
+                entry = get_entry(nis_config_dn, conn)
+                # We can't disable schema compat if the NIS plugin is enabled
+                if entry is not None and entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'on':
+                    print >>sys.stderr, "The NIS plugin is configured, cannot disable compatibility."
+                    print >>sys.stderr, "Run 'ipa-nis-manage disable' first."
+                    retval = 2
             except errors.ExecutionError, lde:
                 print "An error occurred while talking to the server."
                 print lde
                 retval = 1
 
+            if retval == 0:
+                entry = None
+                try:
+                    entry = get_entry(compat_dn, conn)
+                    if entry is None or entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'off':
+                        print "Plugin is already disabled"
+                        retval = 2
+                    else:
+                        mod = {'nsslapd-pluginenabled': 'off'}
+                        conn.update_entry(compat_dn, mod, normalize=False)
+                except errors.DatabaseError, dbe:
+                    print "An error occurred while talking to the server."
+                    print dbe
+                    retval = 1
+                except errors.ExecutionError, lde:
+                    print "An error occurred while talking to the server."
+                    print lde
+                    retval = 1
+
         else:
             retval = 1
 
+        if retval == 0:
+            print "This setting will not take effect until you restart Directory Server."
+
     finally:
         if conn and conn.isconnected():
             conn.disconnect()
diff --git a/install/tools/ipa-nis-manage b/install/tools/ipa-nis-manage
index 3625ae0..d875f96 100755
--- a/install/tools/ipa-nis-manage
+++ b/install/tools/ipa-nis-manage
@@ -131,7 +131,7 @@ def main():
 
         if args[0] == "enable":
             compat = get_entry(compat_dn, conn)
-            if compat is None:
+            if compat is None or compat.get('nsslapd-pluginenabled', [''])[0].lower() == 'off':
                 sys.exit("The compat plugin needs to be enabled: ipa-compat-manage enable")
             entry = None
             try:
-- 
1.7.4.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to