Re: [Freeipa-devel] [PATCHES] changes in preparation of replica promotion work
On 27.8.2015 16:02, Simo Sorce wrote: On Thu, 2015-08-27 at 16:02 +0200, Jan Cholasta wrote: On 27.8.2015 14:34, Simo Sorce wrote: On Thu, 2015-08-27 at 11:05 +0200, Jan Cholasta wrote: On 27.8.2015 07:56, Jan Cholasta wrote: On 25.8.2015 20:43, Simo Sorce wrote: On Wed, 2015-08-05 at 11:24 -0400, Simo Sorce wrote: On Wed, 2015-08-05 at 08:20 +0200, Jan Cholasta wrote: Hi, Dne 31.7.2015 v 12:46 Simo Sorce napsal(a): I've been carrying these patches in my tree for a while, I think it is time to put them in master as they stand on their own. Simo. Patch 530: ACK Patch 531: ACK Patch 532: The methods should be static methods: @staticmethod def setOption(name, value): ... Care to explain why ? @staticmethod is not used anywhere else in that file. Rebased patches on master, made requested change +1 more patch. Simo. Patch 532: ACK Patch 533: ACK Pushed to master: f57b687241fbc92d1138507210e87e9de465c507 Honza Actually, there is a problem with patch 531: SASL mapping are added only on replica. The attached patch fixes it. This will break the promotion code, which needs to add the real sasl mappings later in the process. Can you leave the step in the non-common part of the setup for both server and replica installs ? OK, here you go. LGTM Simo. Pushed to master: 0914cb663e6ea72628776e79d93f20bf979c7b68 -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCHES] changes in preparation of replica promotion work
On Thu, 2015-08-27 at 16:02 +0200, Jan Cholasta wrote: > On 27.8.2015 14:34, Simo Sorce wrote: > > On Thu, 2015-08-27 at 11:05 +0200, Jan Cholasta wrote: > >> On 27.8.2015 07:56, Jan Cholasta wrote: > >>> On 25.8.2015 20:43, Simo Sorce wrote: > On Wed, 2015-08-05 at 11:24 -0400, Simo Sorce wrote: > > On Wed, 2015-08-05 at 08:20 +0200, Jan Cholasta wrote: > >> Hi, > >> > >> Dne 31.7.2015 v 12:46 Simo Sorce napsal(a): > >>> I've been carrying these patches in my tree for a while, I think it is > >>> time to put them in master as they stand on their own. > >>> > >>> Simo. > >> > >> Patch 530: ACK > >> > >> Patch 531: ACK > >> > >> Patch 532: > >> > >> The methods should be static methods: > >> > >>@staticmethod > >>def setOption(name, value): > >>... > > > > Care to explain why ? > > @staticmethod is not used anywhere else in that file. > > Rebased patches on master, made requested change +1 more patch. > > Simo. > > >>> > >>> Patch 532: ACK > >>> > >>> Patch 533: ACK > >>> > >>> Pushed to master: f57b687241fbc92d1138507210e87e9de465c507 > >>> > >>> Honza > >>> > >> > >> Actually, there is a problem with patch 531: SASL mapping are added only > >> on replica. > >> > >> The attached patch fixes it. > >> > > > > This will break the promotion code, which needs to add the real sasl > > mappings later in the process. > > > > Can you leave the step in the non-common part of the setup for both > > server and replica installs ? > > OK, here you go. > LGTM Simo. -- Simo Sorce * Red Hat, Inc * New York -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCHES] changes in preparation of replica promotion work
On 27.8.2015 14:34, Simo Sorce wrote:
On Thu, 2015-08-27 at 11:05 +0200, Jan Cholasta wrote:
On 27.8.2015 07:56, Jan Cholasta wrote:
On 25.8.2015 20:43, Simo Sorce wrote:
On Wed, 2015-08-05 at 11:24 -0400, Simo Sorce wrote:
On Wed, 2015-08-05 at 08:20 +0200, Jan Cholasta wrote:
Hi,
Dne 31.7.2015 v 12:46 Simo Sorce napsal(a):
I've been carrying these patches in my tree for a while, I think it is
time to put them in master as they stand on their own.
Simo.
Patch 530: ACK
Patch 531: ACK
Patch 532:
The methods should be static methods:
@staticmethod
def setOption(name, value):
...
Care to explain why ?
@staticmethod is not used anywhere else in that file.
Rebased patches on master, made requested change +1 more patch.
Simo.
Patch 532: ACK
Patch 533: ACK
Pushed to master: f57b687241fbc92d1138507210e87e9de465c507
Honza
Actually, there is a problem with patch 531: SASL mapping are added only
on replica.
The attached patch fixes it.
This will break the promotion code, which needs to add the real sasl
mappings later in the process.
Can you leave the step in the non-common part of the setup for both
server and replica installs ?
OK, here you go.
--
Jan Cholasta
From c6a0b0e8b97605b24efb3d6a7272df604b3df3f8 Mon Sep 17 00:00:00 2001
From: Jan Cholasta
Date: Thu, 27 Aug 2015 10:52:57 +0200
Subject: [PATCH] install: Fix SASL mappings not added in ipa-server-install
---
ipaserver/install/dsinstance.py | 1 +
1 file changed, 1 insertion(+)
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 8320569..819b6cc 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -300,6 +300,7 @@ class DsInstance(service.Service):
self.__common_setup()
+self.step("adding sasl mappings to the directory", self.__configure_sasl_mappings)
self.step("adding default layout", self.__add_default_layout)
self.step("adding delegation layout", self.__add_delegation_layout)
self.step("creating container for managed entries", self.__managed_entries)
--
2.4.3
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCHES] changes in preparation of replica promotion work
On Thu, 2015-08-27 at 11:05 +0200, Jan Cholasta wrote: > On 27.8.2015 07:56, Jan Cholasta wrote: > > On 25.8.2015 20:43, Simo Sorce wrote: > >> On Wed, 2015-08-05 at 11:24 -0400, Simo Sorce wrote: > >>> On Wed, 2015-08-05 at 08:20 +0200, Jan Cholasta wrote: > Hi, > > Dne 31.7.2015 v 12:46 Simo Sorce napsal(a): > > I've been carrying these patches in my tree for a while, I think it is > > time to put them in master as they stand on their own. > > > > Simo. > > Patch 530: ACK > > Patch 531: ACK > > Patch 532: > > The methods should be static methods: > > @staticmethod > def setOption(name, value): > ... > >>> > >>> Care to explain why ? > >>> @staticmethod is not used anywhere else in that file. > >> > >> Rebased patches on master, made requested change +1 more patch. > >> > >> Simo. > >> > > > > Patch 532: ACK > > > > Patch 533: ACK > > > > Pushed to master: f57b687241fbc92d1138507210e87e9de465c507 > > > > Honza > > > > Actually, there is a problem with patch 531: SASL mapping are added only > on replica. > > The attached patch fixes it. > This will break the promotion code, which needs to add the real sasl mappings later in the process. Can you leave the step in the non-common part of the setup for both server and replica installs ? Simo. -- Simo Sorce * Red Hat, Inc * New York -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCHES] changes in preparation of replica promotion work
On 27/08/15 11:05, Jan Cholasta wrote: On 27.8.2015 07:56, Jan Cholasta wrote: On 25.8.2015 20:43, Simo Sorce wrote: On Wed, 2015-08-05 at 11:24 -0400, Simo Sorce wrote: On Wed, 2015-08-05 at 08:20 +0200, Jan Cholasta wrote: Hi, Dne 31.7.2015 v 12:46 Simo Sorce napsal(a): I've been carrying these patches in my tree for a while, I think it is time to put them in master as they stand on their own. Simo. Patch 530: ACK Patch 531: ACK Patch 532: The methods should be static methods: @staticmethod def setOption(name, value): ... Care to explain why ? @staticmethod is not used anywhere else in that file. Rebased patches on master, made requested change +1 more patch. Simo. Patch 532: ACK Patch 533: ACK Pushed to master: f57b687241fbc92d1138507210e87e9de465c507 Honza Actually, there is a problem with patch 531: SASL mapping are added only on replica. The attached patch fixes it. Works for me, ACK. -- David Kupka -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCHES] changes in preparation of replica promotion work
On 27.8.2015 07:56, Jan Cholasta wrote:
On 25.8.2015 20:43, Simo Sorce wrote:
On Wed, 2015-08-05 at 11:24 -0400, Simo Sorce wrote:
On Wed, 2015-08-05 at 08:20 +0200, Jan Cholasta wrote:
Hi,
Dne 31.7.2015 v 12:46 Simo Sorce napsal(a):
I've been carrying these patches in my tree for a while, I think it is
time to put them in master as they stand on their own.
Simo.
Patch 530: ACK
Patch 531: ACK
Patch 532:
The methods should be static methods:
@staticmethod
def setOption(name, value):
...
Care to explain why ?
@staticmethod is not used anywhere else in that file.
Rebased patches on master, made requested change +1 more patch.
Simo.
Patch 532: ACK
Patch 533: ACK
Pushed to master: f57b687241fbc92d1138507210e87e9de465c507
Honza
Actually, there is a problem with patch 531: SASL mapping are added only
on replica.
The attached patch fixes it.
--
Jan Cholasta
From 75d16dfc519c457eead2126bf53087dc971674c6 Mon Sep 17 00:00:00 2001
From: Jan Cholasta
Date: Thu, 27 Aug 2015 10:52:57 +0200
Subject: [PATCH] install: Fix SASL mappings not added in ipa-server-install
---
ipaserver/install/dsinstance.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 8320569..dd67915 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -253,6 +253,7 @@ class DsInstance(service.Service):
self.step("configure autobind for root", self.__root_autobind)
self.step("configure new location for managed entries", self.__repoint_managed_entries)
self.step("configure dirsrv ccache", self.configure_dirsrv_ccache)
+self.step("adding sasl mappings to the directory", self.__configure_sasl_mappings)
self.step("enable SASL mapping fallback", self.__enable_sasl_mapping_fallback)
self.step("restarting directory server", self.__restart_instance)
@@ -354,7 +355,6 @@ class DsInstance(service.Service):
self.__common_setup(True)
self.step("setting up initial replication", self.__setup_replica)
-self.step("adding sasl mappings to the directory", self.__configure_sasl_mappings)
self.step("updating schema", self.__update_schema)
# See LDIFs for automember configuration during replica install
self.step("setting Auto Member configuration", self.__add_replica_automember_config)
--
2.4.3
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCHES] changes in preparation of replica promotion work
On 25.8.2015 20:43, Simo Sorce wrote: On Wed, 2015-08-05 at 11:24 -0400, Simo Sorce wrote: On Wed, 2015-08-05 at 08:20 +0200, Jan Cholasta wrote: Hi, Dne 31.7.2015 v 12:46 Simo Sorce napsal(a): I've been carrying these patches in my tree for a while, I think it is time to put them in master as they stand on their own. Simo. Patch 530: ACK Patch 531: ACK Patch 532: The methods should be static methods: @staticmethod def setOption(name, value): ... Care to explain why ? @staticmethod is not used anywhere else in that file. Rebased patches on master, made requested change +1 more patch. Simo. Patch 532: ACK Patch 533: ACK Pushed to master: f57b687241fbc92d1138507210e87e9de465c507 Honza -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCHES] changes in preparation of replica promotion work
On Wed, 2015-08-05 at 11:24 -0400, Simo Sorce wrote:
> On Wed, 2015-08-05 at 08:20 +0200, Jan Cholasta wrote:
> > Hi,
> >
> > Dne 31.7.2015 v 12:46 Simo Sorce napsal(a):
> > > I've been carrying these patches in my tree for a while, I think it is
> > > time to put them in master as they stand on their own.
> > >
> > > Simo.
> >
> > Patch 530: ACK
> >
> > Patch 531: ACK
> >
> > Patch 532:
> >
> > The methods should be static methods:
> >
> > @staticmethod
> > def setOption(name, value):
> > ...
>
> Care to explain why ?
> @staticmethod is not used anywhere else in that file.
Rebased patches on master, made requested change +1 more patch.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
>From a124cd5a1361b7d90d918128cffddedc4a75c40c Mon Sep 17 00:00:00 2001
From: Simo Sorce
Date: Wed, 1 Jul 2015 09:40:09 -0400
Subject: [PATCH 1/6] Remove custom utility function from krbinstance
Remove the custom update_key_val_in_file() and instead use the common
function config_replace_variables() available from ipautil.
Signed-off-by: Simo Sorce
---
ipaserver/install/krbinstance.py | 24 +++-
1 file changed, 3 insertions(+), 21 deletions(-)
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index 87491482683e01a10cf30eae28fbe89ae5b027c0..9f5ddcd2cc5c3a86da88cef1da37a10ae1096dc2 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -49,26 +49,6 @@ from distutils import version
from ipaplatform.tasks import tasks
from ipaplatform.paths import paths
-def update_key_val_in_file(filename, key, val):
-if os.path.exists(filename):
-pattern = "^[\s#]*%s\s*=\s*%s\s*" % (re.escape(key), re.escape(val))
-p = re.compile(pattern)
-for line in fileinput.input(filename):
-if p.search(line):
-fileinput.close()
-return
-fileinput.close()
-
-pattern = "^[\s#]*%s\s*=" % re.escape(key)
-p = re.compile(pattern)
-for line in fileinput.input(filename, inplace=1):
-if not p.search(line):
-sys.stdout.write(line)
-fileinput.close()
-f = open(filename, "a")
-f.write("%s=%s\n" % (key, val))
-f.close()
-
class KpasswdInstance(service.SimpleServiceInstance):
def __init__(self):
service.SimpleServiceInstance.__init__(self, "kadmin")
@@ -386,7 +366,9 @@ class KrbInstance(service.Service):
self.fstore.backup_file(paths.DS_KEYTAB)
installutils.create_keytab(paths.DS_KEYTAB, ldap_principal)
-update_key_val_in_file(paths.SYSCONFIG_DIRSRV, "KRB5_KTNAME", paths.DS_KEYTAB)
+vardict = {"KRB5_KTNAME": paths.DS_KEYTAB}
+ipautil.config_replace_variables(paths.SYSCONFIG_DIRSRV,
+ replacevars=vardict)
pent = pwd.getpwnam(dsinstance.DS_USER)
os.chown(paths.DS_KEYTAB, pent.pw_uid, pent.pw_gid)
--
2.4.3
>From f3dcea7fc6cfece067400f3fff7bdddf8060c4ba Mon Sep 17 00:00:00 2001
From: Simo Sorce
Date: Sun, 5 Jul 2015 07:18:25 -0400
Subject: [PATCH 2/6] Move sasl mappings creation to dsinstance
Sasl mappings can be created directly by the DS Instance, there is
no reason to create them in the krbinstance as they do not depend on
the kdc to be configured just to be created.
Signed-off-by: Simo Sorce
---
ipaserver/install/dsinstance.py | 51
ipaserver/install/krbinstance.py | 48 -
2 files changed, 51 insertions(+), 48 deletions(-)
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 6089dd85a0d5f53a3a9afda1b25ec4a621366894..075c70f12a232f10f599e2cbd5424da0113cc0ae 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -354,6 +354,7 @@ class DsInstance(service.Service):
self.__common_setup(True)
self.step("setting up initial replication", self.__setup_replica)
+self.step("adding sasl mappings to the directory", self.__configure_sasl_mappings)
self.step("updating schema", self.__update_schema)
# See LDIFs for automember configuration during replica install
self.step("setting Auto Member configuration", self.__add_replica_automember_config)
@@ -378,6 +379,56 @@ class DsInstance(service.Service):
r_bindpw=self.dm_password)
self.run_init_memberof = repl.needs_memberof_fixup()
+
+def __configure_sasl_mappings(self):
+# we need to remove any existing SASL mappings in the directory as otherwise they
+# they may conflict.
+
+if not self.admin_conn:
+self.ldap_connect()
+
+try:
+res = self.admin_conn.get_entries(
+DN(('cn', 'mapping'), ('cn', 'sasl'), ('cn', 'config')),
+self.admin_conn.SCOPE_ONELEVEL,
+"(objectclass=nsSaslMapping)")
+for r in res
Re: [Freeipa-devel] [PATCHES] changes in preparation of replica promotion work
On Thu, 2015-08-06 at 07:21 +0200, Jan Cholasta wrote: > Dne 5.8.2015 v 17:24 Simo Sorce napsal(a): > > On Wed, 2015-08-05 at 08:20 +0200, Jan Cholasta wrote: > >> Hi, > >> > >> Dne 31.7.2015 v 12:46 Simo Sorce napsal(a): > >>> I've been carrying these patches in my tree for a while, I think it is > >>> time to put them in master as they stand on their own. > >>> > >>> Simo. > >> > >> Patch 530: ACK > >> > >> Patch 531: ACK > >> > >> Patch 532: > >> > >> The methods should be static methods: > >> > >> @staticmethod > >> def setOption(name, value): > >> ... > > > > Care to explain why ? > > @staticmethod is not used anywhere else in that file. > > Because the methods do not use any instance or class state. They will of > course work fine even if they are normal methods, but making them static > methods is cleaner. > Ok, I embedded the change in my tree. I am working on some fixes to the replica promotion patchset with Ludwig, so I will respin all of the patches at once later on. Simo. -- Simo Sorce * Red Hat, Inc * New York -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCHES] changes in preparation of replica promotion work
Dne 5.8.2015 v 17:24 Simo Sorce napsal(a): On Wed, 2015-08-05 at 08:20 +0200, Jan Cholasta wrote: Hi, Dne 31.7.2015 v 12:46 Simo Sorce napsal(a): I've been carrying these patches in my tree for a while, I think it is time to put them in master as they stand on their own. Simo. Patch 530: ACK Patch 531: ACK Patch 532: The methods should be static methods: @staticmethod def setOption(name, value): ... Care to explain why ? @staticmethod is not used anywhere else in that file. Because the methods do not use any instance or class state. They will of course work fine even if they are normal methods, but making them static methods is cleaner. -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCHES] changes in preparation of replica promotion work
On Wed, 2015-08-05 at 08:20 +0200, Jan Cholasta wrote: > Hi, > > Dne 31.7.2015 v 12:46 Simo Sorce napsal(a): > > I've been carrying these patches in my tree for a while, I think it is > > time to put them in master as they stand on their own. > > > > Simo. > > Patch 530: ACK > > Patch 531: ACK > > Patch 532: > > The methods should be static methods: > > @staticmethod > def setOption(name, value): > ... Care to explain why ? @staticmethod is not used anywhere else in that file. Simo. -- Simo Sorce * Red Hat, Inc * New York -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCHES] changes in preparation of replica promotion work
Hi, Dne 31.7.2015 v 12:46 Simo Sorce napsal(a): I've been carrying these patches in my tree for a while, I think it is time to put them in master as they stand on their own. Simo. Patch 530: ACK Patch 531: ACK Patch 532: The methods should be static methods: @staticmethod def setOption(name, value): ... Honza -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [PATCHES] changes in preparation of replica promotion work
I've been carrying these patches in my tree for a while, I think it is
time to put them in master as they stand on their own.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
>From 9f24666266a0d19547f6e1bda3b177d8c52431d6 Mon Sep 17 00:00:00 2001
From: Simo Sorce
Date: Wed, 1 Jul 2015 09:40:09 -0400
Subject: [PATCH] Remove custom utility function from krbinstance
Remove the custom update_key_val_in_file() and instead use the common
function config_replace_variables() available from ipautil.
---
ipaserver/install/krbinstance.py | 24 +++-
1 file changed, 3 insertions(+), 21 deletions(-)
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index 648fc76018f8342e787e74863e62dd85164af247..a0581565df6312a446cf0ba0c3a5a640f97e234d 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -49,26 +49,6 @@ from distutils import version
from ipaplatform.tasks import tasks
from ipaplatform.paths import paths
-def update_key_val_in_file(filename, key, val):
-if os.path.exists(filename):
-pattern = "^[\s#]*%s\s*=\s*%s\s*" % (re.escape(key), re.escape(val))
-p = re.compile(pattern)
-for line in fileinput.input(filename):
-if p.search(line):
-fileinput.close()
-return
-fileinput.close()
-
-pattern = "^[\s#]*%s\s*=" % re.escape(key)
-p = re.compile(pattern)
-for line in fileinput.input(filename, inplace=1):
-if not p.search(line):
-sys.stdout.write(line)
-fileinput.close()
-f = open(filename, "a")
-f.write("%s=%s\n" % (key, val))
-f.close()
-
class KpasswdInstance(service.SimpleServiceInstance):
def __init__(self):
service.SimpleServiceInstance.__init__(self, "kadmin")
@@ -386,7 +366,9 @@ class KrbInstance(service.Service):
self.fstore.backup_file(paths.DS_KEYTAB)
installutils.create_keytab(paths.DS_KEYTAB, ldap_principal)
-update_key_val_in_file(paths.SYSCONFIG_DIRSRV, "KRB5_KTNAME", paths.DS_KEYTAB)
+vardict = {"KRB5_KTNAME": paths.DS_KEYTAB}
+ipautil.config_replace_variables(paths.SYSCONFIG_DIRSRV,
+ replacevars=vardict)
pent = pwd.getpwnam(dsinstance.DS_USER)
os.chown(paths.DS_KEYTAB, pent.pw_uid, pent.pw_gid)
--
2.4.2
>From 1ae59d9d8a8ebf88135c58ba535516385dcda7b4 Mon Sep 17 00:00:00 2001
From: Simo Sorce
Date: Sun, 5 Jul 2015 07:18:25 -0400
Subject: [PATCH] Move sasl mappings creation to dsinstance
Sasl mappings can be created directly by the DS Instance, there is
no reason to create them in the krbinstance as they do not depend on
the kdc to be configured just to be created.
Signed-off-by: Simo Sorce
---
ipaserver/install/dsinstance.py | 51
ipaserver/install/krbinstance.py | 48 -
2 files changed, 51 insertions(+), 48 deletions(-)
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index d561ca5b6d0d586cb1c27ec1c495413dad102e69..93ad60e36ab76c2e57829c5c4aa13c5c2766074f 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -353,6 +353,7 @@ class DsInstance(service.Service):
self.__common_setup(True)
self.step("setting up initial replication", self.__setup_replica)
+self.step("adding sasl mappings to the directory", self.__configure_sasl_mappings)
self.step("updating schema", self.__update_schema)
# See LDIFs for automember configuration during replica install
self.step("setting Auto Member configuration", self.__add_replica_automember_config)
@@ -377,6 +378,56 @@ class DsInstance(service.Service):
r_bindpw=self.dm_password)
self.run_init_memberof = repl.needs_memberof_fixup()
+
+def __configure_sasl_mappings(self):
+# we need to remove any existing SASL mappings in the directory as otherwise they
+# they may conflict.
+
+if not self.admin_conn:
+self.ldap_connect()
+
+try:
+res = self.admin_conn.get_entries(
+DN(('cn', 'mapping'), ('cn', 'sasl'), ('cn', 'config')),
+self.admin_conn.SCOPE_ONELEVEL,
+"(objectclass=nsSaslMapping)")
+for r in res:
+try:
+self.admin_conn.delete_entry(r)
+except Exception, e:
+root_logger.critical(
+"Error during SASL mapping removal: %s", e)
+raise
+except Exception, e:
+root_logger.critical("Error while enumerating SASL mappings %s", e)
+raise
+
+entry = self.admin_conn.make_entry(
+DN(
+('cn', 'Full Principal'), ('cn', 'mapping'), ('cn', 'sasl'),
+('cn', 'config')),
+obj
