https://fedorahosted.org/freeipa/ticket/5507

Patch attached.

Is proposed workaround in ticket enough or should I also prepare a update that will fix missing maps?
From 39e1124314a66578022f7d7810fd6252af96fd80 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Wed, 6 Jan 2016 19:47:22 +0100
Subject: [PATCH] Upgrade: Fix upgrade of NIS Server configuration

Former upgrade file always created the NIS Server container, that caused
the ipa-nis-manage did not set all required NIS maps. Default creation
of container has been removed.

Updating of NIS Server configuration and
NIS maps is done only if the NIS Server container exists.

https://fedorahosted.org/freeipa/ticket/5507
---
 install/share/Makefile.am                          |  1 +
 .../50-nis.update => share/nis-update.uldif}       | 19 +------
 install/updates/50-nis.update                      | 58 ++--------------------
 ipaplatform/base/paths.py                          |  1 +
 ipaserver/install/plugins/update_nis.py            | 36 ++++++++++++++
 5 files changed, 42 insertions(+), 73 deletions(-)
 copy install/{updates/50-nis.update => share/nis-update.uldif} (91%)
 create mode 100644 ipaserver/install/plugins/update_nis.py

diff --git a/install/share/Makefile.am b/install/share/Makefile.am
index 42f3972e1061fda5bfd23b2fa8f63d675f92f5ba..b4cb8312471a68d8cd855f542478afe10d200c39 100644
--- a/install/share/Makefile.am
+++ b/install/share/Makefile.am
@@ -61,6 +61,7 @@ app_DATA =				\
 	memberof-task.ldif		\
 	memberof-conf.ldif		\
 	nis.uldif			\
+	nis-update.uldif			\
 	opendnssec_conf.template	\
 	opendnssec_kasp.template	\
 	unique-attributes.ldif		\
diff --git a/install/updates/50-nis.update b/install/share/nis-update.uldif
similarity index 91%
copy from install/updates/50-nis.update
copy to install/share/nis-update.uldif
index 149889ec7bdb38073eb6df88628792526cfe58e6..e602c1de061fbcece349b2d86970c4db5051473b 100644
--- a/install/updates/50-nis.update
+++ b/install/share/nis-update.uldif
@@ -1,20 +1,4 @@
-# NIS Server plugin must be disabled by default
-# command 'ipa-nis-manage enable' enables NIS server
-dn: cn=NIS Server,cn=plugins,cn=config
-default:objectclass: top
-default:objectclass: nsSlapdPlugin
-default:objectclass: extensibleObject
-default:cn: NIS Server
-default:nsslapd-pluginpath: /usr/lib$LIBARCH/dirsrv/plugins/nisserver-plugin.so
-default:nsslapd-plugininitfunc: nis_plugin_init
-default:nsslapd-plugintype: object
-default:nsslapd-pluginbetxn: on
-default:nsslapd-pluginenabled: off
-default:nsslapd-pluginid: nis-server
-default:nsslapd-pluginversion: 0.10
-default:nsslapd-pluginvendor: redhat.com
-default:nsslapd-plugindescription: NIS Server Plugin
-default:nis-tcp-wrappers-name: nis-server
+# Updates for NIS
 
 # Correct syntax error that caused users to not appear
 dn: nis-domain=$DOMAIN+nis-map=netgroup, cn=NIS Server, cn=plugins, cn=config
@@ -52,4 +36,3 @@ default:nis-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
 default:nis-keys-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%7")
 default:nis-values-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%1:%2:%3:%4:%5:%6 %7")
 default:nis-secure: no
-
diff --git a/install/updates/50-nis.update b/install/updates/50-nis.update
index 149889ec7bdb38073eb6df88628792526cfe58e6..05a166f003aefc50fc25f10f01f7364d752425bc 100644
--- a/install/updates/50-nis.update
+++ b/install/updates/50-nis.update
@@ -1,55 +1,3 @@
-# NIS Server plugin must be disabled by default
-# command 'ipa-nis-manage enable' enables NIS server
-dn: cn=NIS Server,cn=plugins,cn=config
-default:objectclass: top
-default:objectclass: nsSlapdPlugin
-default:objectclass: extensibleObject
-default:cn: NIS Server
-default:nsslapd-pluginpath: /usr/lib$LIBARCH/dirsrv/plugins/nisserver-plugin.so
-default:nsslapd-plugininitfunc: nis_plugin_init
-default:nsslapd-plugintype: object
-default:nsslapd-pluginbetxn: on
-default:nsslapd-pluginenabled: off
-default:nsslapd-pluginid: nis-server
-default:nsslapd-pluginversion: 0.10
-default:nsslapd-pluginvendor: redhat.com
-default:nsslapd-plugindescription: NIS Server Plugin
-default:nis-tcp-wrappers-name: nis-server
-
-# Correct syntax error that caused users to not appear
-dn: nis-domain=$DOMAIN+nis-map=netgroup, cn=NIS Server, cn=plugins, cn=config
-replace:nis-value-format: %merge(" ","%{memberNisNetgroup}","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\\\")\",\"-\"),%{nisDomainName:-})")::%merge(" ","%{memberNisNetgroup}","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\"),%{nisDomainName:-})")
-
-# Correct syntax error that caused nested netgroups to not work
-# https://bugzilla.redhat.com/show_bug.cgi?id=788625
-dn: nis-domain=$DOMAIN+nis-map=netgroup, cn=NIS Server, cn=plugins, cn=config
-replace:nis-value-format: %merge(" ","%{memberNisNetgroup}","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\"),%{nisDomainName:-})")::%merge(" ","%deref_f(\"member\",\"(objectclass=ipanisNetgroup)\",\"cn\")","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\"),%{nisDomainName:-})")
-
-# Make the padding an expression so usercat and hostcat always gets
-# evaluated when displaying entries.
-# https://bugzilla.redhat.com/show_bug.cgi?id=767372
-dn: nis-domain=$DOMAIN+nis-map=netgroup, cn=NIS Server, cn=plugins, cn=config
-replace:nis-value-format: %merge(" ","%deref_f(\"member\",\"(objectclass=ipanisNetgroup)\",\"cn\")","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\"),%{nisDomainName:-})")::%merge(" ","%deref_f(\"member\",\"(objectclass=ipanisNetgroup)\",\"cn\")","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"-\\\")\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"-\\\")\"),%{nisDomainName:-})")
-
-dn: nis-domain=$DOMAIN+nis-map=ethers.byaddr, cn=NIS Server, cn=plugins, cn=config
-default:objectclass: top
-default:objectclass: extensibleObject
-default:nis-domain: $DOMAIN
-default:nis-map: ethers.byaddr
-default:nis-base: cn=computers, cn=accounts, $SUFFIX
-default:nis-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
-default:nis-keys-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%1:%2:%3:%4:%5:%6")
-default:nis-values-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%1:%2:%3:%4:%5:%6 %7")
-default:nis-secure: no
-
-dn: nis-domain=$DOMAIN+nis-map=ethers.byname, cn=NIS Server, cn=plugins, cn=config
-default:objectclass: top
-default:objectclass: extensibleObject
-default:nis-domain: $DOMAIN
-default:nis-map: ethers.byname
-default:nis-base: cn=computers, cn=accounts, $SUFFIX
-default:nis-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
-default:nis-keys-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%7")
-default:nis-values-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%1:%2:%3:%4:%5:%6 %7")
-default:nis-secure: no
-
+# Updates are applied only if NIS plugin has been configured
+# update definitions are located in install/share/nis-update.uldif
+plugin: update_nis_configuration
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index 5513d77c831f8f93ba5878fd7b1d0f22a3640651..ee383711a711e7467d7b09dae4278d9dc1c41f63 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -232,6 +232,7 @@ class BasePathNamespace(object):
     HTML_KRB5_INI = "/usr/share/ipa/html/krb5.ini"
     HTML_KRBREALM_CON = "/usr/share/ipa/html/krbrealm.con"
     NIS_ULDIF = "/usr/share/ipa/nis.uldif"
+    NIS_UPDATE_ULDIF = "/usr/share/ipa/nis-update.uldif"
     IPA_PLUGINS = "/usr/share/ipa/plugins"
     SCHEMA_COMPAT_ULDIF = "/usr/share/ipa/schema_compat.uldif"
     IPA_JS_PLUGINS_DIR = "/usr/share/ipa/ui/js/plugins"
diff --git a/ipaserver/install/plugins/update_nis.py b/ipaserver/install/plugins/update_nis.py
new file mode 100644
index 0000000000000000000000000000000000000000..067ee12f3ea9567fb5c2f7a39f45e812be8c9100
--- /dev/null
+++ b/ipaserver/install/plugins/update_nis.py
@@ -0,0 +1,36 @@
+#
+# Copyright (C) 2015  FreeIPA Contributors see COPYING for license
+#
+
+from ipalib.plugable import Registry
+from ipalib import errors
+from ipalib import Updater
+from ipaplatform.paths import paths
+from ipapython.dn import DN
+from ipaserver.install.ldapupdate import LDAPUpdate
+
+register = Registry()
+
+
+@register()
+class update_nis_configuration(Updater):
+    """Update NIS configuration
+
+    NIS configuration can be updated only if NIS Server was configured via
+    ipa-nis-manage command.
+    """
+
+    def execute(self, **options):
+        ldap = self.api.Backend.ldap2
+        dn = DN(('cn', 'NIS Server'), ('cn', 'plugins'), ('cn', 'config'))
+        try:
+            ldap.get_entry(dn, attrs_list=['cn'])
+        except errors.NotFound:
+            # NIS is not configured on system, do not execute update
+            self.log.debug("Skipping NIS update, NIS Server is not configured")
+        else:
+            self.log.debug("Executing NIS Server update")
+            ld = LDAPUpdate(sub_dict={}, ldapi=True)
+            ld.update([paths.NIS_UPDATE_ULDIF])
+
+        return False, ()
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to