On 11/11/2011 02:55 PM, Ondrej Hamada wrote:
https://fedorahosted.org/freeipa/ticket/2063

In order to check presence of nss_ldap when installing client with '--no-sssd' option there was added code into ipa-client-install. Check is base on existence of nss_ldap configuration files. This configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or '/etc/libnss_ldap.conf'. Presence of any of these files is considered as success otherwise failure.



_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
I've rewritten it. Additionally it checks for existence of nss-pam-ldapd and makes the results reusable by configure_{ldap|nslcd}_conf() functions.

https://fedorahosted.org/freeipa/ticket/2063

In order to check presence of nss_ldap or nss-pam-ldapd when installing client
with '--no-sssd' option there was added code into ipa-client-install.
Checking is based on existence of nss_ldap configuration files. This
configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or
'/etc/libnss_ldap.conf'. Optionaly the nss_ldap could cooperate with pam_ldap module and hence the presence of it is checked by looking for 'pam_ldap.conf' file. Existence of nss-pam-ldapd is checked against existence of 'nslcd.conf' file.
All this checking is done by function nssldap_exists().
Because both main modules are maintained by two different functions, the function returns tuple containing return code and dictionary structure - its key is name
of target function and value is list of existing configuration files.
Files to check are specified inside the nssldap_exists() function.

In order to fit the returned values, the functions configure_{ldap|nslcd}_conf() were slightly modified. They accept one more parameter which is list of existing files.
They are not checking existence of above mentioned files anymore.

--
Regards,

Ondrej Hamada
FreeIPA team
jabber: oh...@jabbim.cz
IRC: ohamada

From 82483a006bd99ce4d021b7b93ab7e828cb788c7a Mon Sep 17 00:00:00 2001
From: Ondrej Hamada <oham...@redhat.com>
Date: Mon, 14 Nov 2011 16:45:36 +0100
Subject: [PATCH] Client install checks for nss_ldap

In order to check presence of nss_ldap or nss-pam-ldapd when installing client
with '--no-sssd' option there was added code into ipa-client-install.
Checking is based on existence of nss_ldap configuration files. This
configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or
'/etc/libnss_ldap.conf'. Optionaly the nss_ldap could cooperate with pam_ldap
module and hence the presence of it is checked by looking for 'pam_ldap.conf' file.
Existence of nss-pam-ldapd is checked against existence of 'nslcd.conf' file.
All this checking is done by function nssldap_exists().
Because both main modules are maintained by two different functions, the function
returns tuple containing return code and dictionary structure - its key is name
of target function and value is list of existing configuration files.
Files to check are specified inside the nssldap_exists() function.

In order to fit the returned values, the functions configure_{ldap|nslcd}_conf()
were slightly modified. They accept one more parameter which is list of existing files.
They are not checking existence of above mentioned files anymore.

https://fedorahosted.org/freeipa/ticket/2063
---
 ipa-client/ipa-install/ipa-client-install |   60 ++++++++++++++++++++---------
 1 files changed, 42 insertions(+), 18 deletions(-)

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index cdea6dbe6fbbdca608ad8e858cf9fa042f7de9d1..65537da21890365e29370f9af76edf93317b5154 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -402,6 +402,26 @@ def uninstall(options, env, quiet=False):
 
     return 0
 
+def nssldap_exists():
+    files_to_check = [{'function':'configure_ldap_conf', 'mandatory':['/etc/ldap.conf','/etc/nss_ldap.conf','/etc/libnss-ldap.conf'], 'optional':['/etc/pam_ldap.conf']},
+                      {'function':'configure_nslcd_conf', 'mandatory':['/etc/nslcd.conf']}]
+    files_found = {}
+    retval = 1
+
+    for function in files_to_check:
+        files_found[function['function']]=[]
+        for file_type in ['mandatory','optional']:
+            try:
+                for filename in function[file_type]:
+                    if file_exists(filename):
+                        files_found[function['function']].append(filename)
+                        if file_type == 'mandatory':
+                            retval = 0
+            except KeyError:
+                pass
+
+    return (retval, files_found)
+
 def configure_ipa_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server):
     ipaconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer")
     ipaconf.setOptionAssignment(" = ")
@@ -428,7 +448,7 @@ def configure_ipa_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server):
 
     return 0
 
-def configure_ldap_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options):
+def configure_ldap_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options, files):
     ldapconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer")
     ldapconf.setOptionAssignment(" ")
 
@@ -459,24 +479,21 @@ def configure_ldap_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, d
     opts.append({'name':'empty', 'type':'empty'})
 
     ret = (0, None, None)
-    files = []
     # Depending on the release and distribution this may exist in any
     # number of different file names, update what we find
-    for filename in ['/etc/ldap.conf', '/etc/nss_ldap.conf', '/etc/libnss-ldap.conf', '/etc/pam_ldap.conf']:
-        if file_exists(filename):
-            try:
-                fstore.backup_file(filename)
-                ldapconf.newConf(filename, opts)
-                files.append(filename)
-            except Exception, e:
-                print "Creation of %s: %s" % (filename, str(e))
-                return (1, 'LDAP', filename)
+    for filename in files:
+        try:
+            fstore.backup_file(filename)
+            ldapconf.newConf(filename, opts)
+        except Exception, e:
+            print "Creation of %s: %s" % (filename, str(e))
+            return (1, 'LDAP', filename)
 
     if files:
         return (0, 'LDAP', ', '.join(files))
     return ret
 
-def configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options):
+def configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options, files):
     nslcdconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer")
     nslcdconf.setOptionAssignment(" ")
 
@@ -500,12 +517,12 @@ def configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server,
 
     opts.append({'name':'empty', 'type':'empty'})
 
-    if file_exists('/etc/nslcd.conf'):
+    for filename in files:
         try:
-            fstore.backup_file('/etc/nslcd.conf')
-            nslcdconf.newConf('/etc/nslcd.conf', opts)
+            fstore.backup_file(filename)
+            nslcdconf.newConf(filename, opts)
         except Exception, e:
-            print "Creation of %s: %s" % ('/etc/nslcd.conf', str(e))
+            print "Creation of %s: %s" % (filename, str(e))
             return (1, None, None)
 
     nslcd = ipaservices.knownservices.nslcd
@@ -524,7 +541,7 @@ def configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server,
         logging.debug("%s daemon is not installed, skip configuration" % (nslcd.service_name))
         return (0, None, None)
 
-    return (0, 'NSLCD', '/etc/nslcd.conf')
+    return (0, 'NSLCD', ''.join(files))
 
 def hardcode_ldap_server(cli_server):
     """
@@ -870,6 +887,13 @@ def install(options, env, fstore, statestore):
         print 'Invalid hostname \'%s\', must be lower-case.' % hostname
         return CLIENT_INSTALL_ERROR
 
+    # when installing with '--no-sssd' option, check whether nss-ldap is installed
+    if not options.sssd:
+        (retcode, nosssd_files) = nssldap_exists()
+        if retcode:
+            print "'nss_ldap' or 'nss-pam-ldapd' package is not installed. One of these packages must be installed."
+            return CLIENT_INSTALL_ERROR
+
     # Create the discovery instance
     ds = ipadiscovery.IPADiscovery()
 
@@ -1202,7 +1226,7 @@ def install(options, env, fstore, statestore):
     # change its configuration otherways
     if not options.sssd:
         for configurer in [configure_ldap_conf, configure_nslcd_conf]:
-            (retcode, conf, filename) = configurer(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options)
+            (retcode, conf, filename) = configurer(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options, nosssd_files[configurer.__name__])
             if retcode:
                 return CLIENT_INSTALL_ERROR
             if conf:
-- 
1.7.6.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to