URL: https://github.com/freeipa/freeipa/pull/1010 Author: pvomacka Title: #1010: Adds whoami DS plugin in case that plugin is missing Action: opened
PR body: """ When first installation of IPA has been done when whoami plugin was not enabled in DS by default and then IPA was upgraded to newer versions, then after upgrade to IPA 4.5 WebUI stops working. This is caused by new requirement on whoami DS plugin which is used to obtain information about logged in entity. This fix adds check whether the plugin is enabled and if not then IPA enables the plugin during upgrade. https://pagure.io/freeipa/issue/7126 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1010/head:pr1010 git checkout pr1010
From 516d3c651ec847465212fed50fe0c81680996b9e Mon Sep 17 00:00:00 2001 From: Pavel Vomacka <pvoma...@redhat.com> Date: Mon, 28 Aug 2017 10:51:53 +0200 Subject: [PATCH] Adds whoami DS plugin in case that plugin is missing When first installation of IPA has been done when whoami plugin was not enabled in DS by default and then IPA was upgraded to newer versions, then after upgrade to IPA 4.5 WebUI stops working. This is caused by new requirement on whoami DS plugin which is used to obtain information about logged in entity. This fix adds check whether the plugin is enabled and if not then IPA enables the plugin during upgrade. https://pagure.io/freeipa/issue/7126 --- install/share/whoami-conf.ldif | 15 +++++++++++++++ ipaserver/install/dsinstance.py | 13 ++++++++++++- ipaserver/install/server/upgrade.py | 3 ++- 3 files changed, 29 insertions(+), 2 deletions(-) create mode 100644 install/share/whoami-conf.ldif diff --git a/install/share/whoami-conf.ldif b/install/share/whoami-conf.ldif new file mode 100644 index 0000000000..b6eabaa5d5 --- /dev/null +++ b/install/share/whoami-conf.ldif @@ -0,0 +1,15 @@ +dn: cn=whoami,cn=plugins,cn=config +changetype: add +cn: whoami +nsslapd-plugin-depends-on-type: database +nsslapd-pluginDescription: whoami extended operation plugin +nsslapd-pluginEnabled: on +nsslapd-pluginId: whoami-plugin +nsslapd-pluginInitfunc: whoami_init +nsslapd-pluginPath: libwhoami-plugin +nsslapd-pluginType: extendedop +nsslapd-pluginVendor: 389 Project +nsslapd-pluginVersion: 1.0 +objectclass: top +objectclass: nsSlapdPlugin +objectclass: extensibleObject diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index d823635caf..e8a4bf2470 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -82,7 +82,6 @@ ALL_SCHEMA_FILES = IPA_SCHEMA_FILES + ("05rfc2247.ldif", ) DS_INSTANCE_PREFIX = 'slapd-' - def find_server_root(): if ipautil.dir_exists(paths.USR_LIB_DIRSRV_64): return paths.USR_LIB_DIRSRV_64 @@ -1174,6 +1173,18 @@ def add_extdom_plugin(self, suffix): else: logger.debug("extdom plugin is already configured") + def add_whoami_plugin(self): + """ + Add whoami plugin if it does not already exist. + """ + dn = DN('cn=whoami,cn=plugins,cn=config') + try: + api.Backend.ldap2.get_entry(dn) + except errors.NotFound: + self._ldap_mod('whoami-conf.ldif') + else: + logger.debug('whoami plugin is already configured') + def find_subject_base(self): """ Try to find the current value of certificate subject base. diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index 5e1d74b79b..ac0e1502ae 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -1201,7 +1201,6 @@ def uninstall_selfsign(ds, http): ds.stop_tracking_certificates() http.stop_tracking_certificates() - def uninstall_dogtag_9(ds, http): logger.info('[Removing Dogtag 9 CA]') @@ -1631,6 +1630,8 @@ def upgrade_configuration(): if not ds_running: ds.start(ds_serverid) + ds.add_whoami_plugin() + check_certs() auto_redirect = find_autoredirect(fqdn)
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org