Hi, since the default range for the local domain is now created during updates it is not necessary anymore to have duplicated code in adtrustinstance.py. Instead of trying to create a new range the code now only makes some sanity checks.
bye, Sumit
From 27616076953028a6ad11977c68e86344d7bca665 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Mon, 2 Jul 2012 18:19:38 +0200 Subject: [PATCH] Only check local ID range during ipa-adtrust-install Since the local ID range it now added during the update process it does not have to be created during ipa-adtrust-install. To be on the safe side we keep some checks for consistency. --- install/tools/ipa-adtrust-install | 2 +- ipaserver/install/adtrustinstance.py | 74 +++++++++++++++++----------------- 2 Dateien geändert, 39 Zeilen hinzugefügt(+), 37 Zeilen entfernt(-) diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install index 6678018e6346d75d5042894cfb833d38079d3f21..d34f0ebde54ed3bbcfed73a65e99bae832f2b0bc 100755 --- a/install/tools/ipa-adtrust-install +++ b/install/tools/ipa-adtrust-install @@ -215,7 +215,7 @@ def main(): smb.setup(api.env.host, ip_address, api.env.realm, api.env.domain, netbios_name, options.rid_base, options.secondary_rid_base, options.no_msdcs) - smb.find_local_id_range() + smb.check_local_id_range() smb.create_instance() print """ diff --git a/ipaserver/install/adtrustinstance.py b/ipaserver/install/adtrustinstance.py index 20feec4df309b5793aa1c29fdf18bc5bfe180943..889e5e2e295eacde962ec95d1ec4ee9557d19265 100644 --- a/ipaserver/install/adtrustinstance.py +++ b/ipaserver/install/adtrustinstance.py @@ -487,49 +487,51 @@ class ADTRUSTInstance(service.Service): self.__setup_sub_dict() - def find_local_id_range(self): + def check_local_id_range(self): + """ + Look for a ID range of the local domain and check if all used IDs are + coming from this range. If more than one range is found we assume that + the configuration is valid, because there are already manually added + ranges. Additionally we assume the range is valid if the RID + attributes are set. + """ self.ldap_connect() - if self.admin_conn.search_s(str(DN(api.env.container_ranges, - self.suffix)), - ldap.SCOPE_ONELEVEL, - "objectclass=ipaDomainIDRange"): - return - try: - entry = self.admin_conn.getEntry(str(DN(('cn', 'admins'), - api.env.container_group, - self.suffix)), - ldap.SCOPE_BASE) - except errors.NotFound: - raise ValueError("No local ID range and no admins group found.\n" \ + entries = self.admin_conn.search_s(str(DN(api.env.container_ranges, + self.suffix)), + ldap.SCOPE_ONELEVEL, + "objectclass=ipadomainidrange") + except ldap.NO_SUCH_OBJECT: + raise ValueError("Ranges container does not exists.\n" \ + "Please upgrade to IPAv3 or later and try again!") + + if not entries: + raise ValueError("No local ID range found.\n" \ "Add local ID range manually and try again!") - base_id = int(entry.getValue('gidNumber')) - id_range_size = 200000 + if len(entries) == 1: + if (entries[0].getValue('ipaBaseRID') or + entries[0].getValue('ipaSecondaryBaseRID')): + return - id_filter = "(&" \ - "(|(objectclass=posixAccount)" \ - "(objectclass=posixGroup)" \ - "(objectclass=ipaIDObject))" \ - "(|(uidNumber<=%d)(uidNumber>=%d)" \ - "(gidNumber<=%d)(gidNumner>=%d)))" % \ - ((base_id - 1), (base_id + id_range_size), - (base_id - 1), (base_id + id_range_size)) - if self.admin_conn.search_s("cn=accounts," + self.suffix, - ldap.SCOPE_SUBTREE, id_filter): - raise ValueError("There are objects with IDs out of the expected" \ - "range.\nAdd local ID range manually and try " \ - "again!") + base_id = int(entries[0].getValue('ipabaseid')) + id_range_size = int(entries[0].getValue('ipaidrangesize')) - entry = ipaldap.Entry(str(DN(('cn', ('%s_id_range' % self.realm_name)), - api.env.container_ranges, - self.suffix))) - entry.setValue('objectclass', 'ipaDomainIDRange') - entry.setValue('cn', ('%s_id_range' % self.realm_name)) - entry.setValue('ipaBaseID', str(base_id)) - entry.setValue('ipaIDRangeSize', str(id_range_size)) - self.admin_conn.addEntry(entry) + id_filter = "(&" \ + "(|(objectclass=posixAccount)" \ + "(objectclass=posixGroup)" \ + "(objectclass=ipaIDObject))" \ + "(|(uidNumber<=%d)(uidNumber>=%d)" \ + "(gidNumber<=%d)(gidNumner>=%d)))" % \ + ((base_id - 1), (base_id + id_range_size), + (base_id - 1), (base_id + id_range_size)) + if self.admin_conn.search_s(str(DN(api.env.container_accounts, + self.suffix)), + ldap.SCOPE_SUBTREE, id_filter): + raise ValueError("There are objects with IDs out of the " \ + "expected range.\nAdd local ID range " \ + "manually and try again!") def create_instance(self): -- 1.7.10.2
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel