Hi,

since the default range for the local domain is now created during
updates it is not necessary anymore to have duplicated code in
adtrustinstance.py. Instead of trying to create a new range the code now
only makes some sanity checks.

bye,
Sumit
From 27616076953028a6ad11977c68e86344d7bca665 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sb...@redhat.com>
Date: Mon, 2 Jul 2012 18:19:38 +0200
Subject: [PATCH] Only check local ID range during ipa-adtrust-install

Since the local ID range it now added during the update process it does
not have to be created during ipa-adtrust-install. To be on the safe
side we keep some checks for consistency.
---
 install/tools/ipa-adtrust-install    |    2 +-
 ipaserver/install/adtrustinstance.py |   74 +++++++++++++++++-----------------
 2 Dateien geändert, 39 Zeilen hinzugefügt(+), 37 Zeilen entfernt(-)

diff --git a/install/tools/ipa-adtrust-install 
b/install/tools/ipa-adtrust-install
index 
6678018e6346d75d5042894cfb833d38079d3f21..d34f0ebde54ed3bbcfed73a65e99bae832f2b0bc
 100755
--- a/install/tools/ipa-adtrust-install
+++ b/install/tools/ipa-adtrust-install
@@ -215,7 +215,7 @@ def main():
     smb.setup(api.env.host, ip_address, api.env.realm, api.env.domain,
               netbios_name, options.rid_base, options.secondary_rid_base,
               options.no_msdcs)
-    smb.find_local_id_range()
+    smb.check_local_id_range()
     smb.create_instance()
 
     print """
diff --git a/ipaserver/install/adtrustinstance.py 
b/ipaserver/install/adtrustinstance.py
index 
20feec4df309b5793aa1c29fdf18bc5bfe180943..889e5e2e295eacde962ec95d1ec4ee9557d19265
 100644
--- a/ipaserver/install/adtrustinstance.py
+++ b/ipaserver/install/adtrustinstance.py
@@ -487,49 +487,51 @@ class ADTRUSTInstance(service.Service):
 
         self.__setup_sub_dict()
 
-    def find_local_id_range(self):
+    def check_local_id_range(self):
+        """
+        Look for a ID range of the local domain and check if all used IDs are
+        coming from this range. If more than one range is found we assume that
+        the configuration is valid, because there are already manually added
+        ranges. Additionally we assume the range is valid if the RID
+        attributes are set.
+        """
         self.ldap_connect()
 
-        if self.admin_conn.search_s(str(DN(api.env.container_ranges,
-                                           self.suffix)),
-                                    ldap.SCOPE_ONELEVEL,
-                                    "objectclass=ipaDomainIDRange"):
-            return
-
         try:
-            entry = self.admin_conn.getEntry(str(DN(('cn', 'admins'),
-                                                    api.env.container_group,
-                                                    self.suffix)),
-                                             ldap.SCOPE_BASE)
-        except errors.NotFound:
-            raise ValueError("No local ID range and no admins group found.\n" \
+            entries = self.admin_conn.search_s(str(DN(api.env.container_ranges,
+                                                      self.suffix)),
+                                               ldap.SCOPE_ONELEVEL,
+                                               "objectclass=ipadomainidrange")
+        except ldap.NO_SUCH_OBJECT:
+            raise ValueError("Ranges container does not exists.\n" \
+                             "Please upgrade to IPAv3 or later and try again!")
+
+        if not entries:
+            raise ValueError("No local ID range found.\n" \
                              "Add local ID range manually and try again!")
 
-        base_id = int(entry.getValue('gidNumber'))
-        id_range_size = 200000
+        if len(entries) == 1:
+            if (entries[0].getValue('ipaBaseRID') or
+                entries[0].getValue('ipaSecondaryBaseRID')):
+                return
 
-        id_filter = "(&" \
-                      "(|(objectclass=posixAccount)" \
-                        "(objectclass=posixGroup)" \
-                        "(objectclass=ipaIDObject))" \
-                      "(|(uidNumber<=%d)(uidNumber>=%d)" \
-                        "(gidNumber<=%d)(gidNumner>=%d)))" % \
-                     ((base_id - 1), (base_id + id_range_size),
-                      (base_id - 1), (base_id + id_range_size))
-        if self.admin_conn.search_s("cn=accounts," + self.suffix,
-                                   ldap.SCOPE_SUBTREE, id_filter):
-            raise ValueError("There are objects with IDs out of the expected" \
-                             "range.\nAdd local ID range manually and try " \
-                             "again!")
+            base_id = int(entries[0].getValue('ipabaseid'))
+            id_range_size = int(entries[0].getValue('ipaidrangesize'))
 
-        entry = ipaldap.Entry(str(DN(('cn', ('%s_id_range' % self.realm_name)),
-                                     api.env.container_ranges,
-                                     self.suffix)))
-        entry.setValue('objectclass', 'ipaDomainIDRange')
-        entry.setValue('cn', ('%s_id_range' % self.realm_name))
-        entry.setValue('ipaBaseID', str(base_id))
-        entry.setValue('ipaIDRangeSize', str(id_range_size))
-        self.admin_conn.addEntry(entry)
+            id_filter = "(&" \
+                          "(|(objectclass=posixAccount)" \
+                            "(objectclass=posixGroup)" \
+                            "(objectclass=ipaIDObject))" \
+                          "(|(uidNumber<=%d)(uidNumber>=%d)" \
+                            "(gidNumber<=%d)(gidNumner>=%d)))" % \
+                         ((base_id - 1), (base_id + id_range_size),
+                          (base_id - 1), (base_id + id_range_size))
+            if self.admin_conn.search_s(str(DN(api.env.container_accounts,
+                                               self.suffix)),
+                                        ldap.SCOPE_SUBTREE, id_filter):
+                raise ValueError("There are objects with IDs out of the " \
+                                 "expected range.\nAdd local ID range " \
+                                 "manually and try again!")
 
     def create_instance(self):
 
-- 
1.7.10.2

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to