def promote_openldap_conf(hostname, master): """ Reset the URI directive in openldap-client configuration file to point to newly promoted replica. If this directive was set by third party, then replace the added comment with the one pointing to replica :param hostname: replica FQDN :param master: FQDN of remote master """ ldap_conf = paths.OPENLDAP_LDAP_CONF ldap_change_conf = IPAChangeConf("IPA replica installer") ldap_change_conf.setOptionAssignment((" ", "\t")) new_opts = [] with open(ldap_conf, 'r') as f: old_opts = ldap_change_conf.parse(f) for opt in old_opts: if opt['type'] == 'comment' and master in opt['value']: continue elif (opt['type'] == 'option' and opt['name'] == 'URI' and master in opt['value']): continue new_opts.append(opt) change_opts = [{ 'action': 'addifnotset', 'name': 'URI', 'type': 'option', 'value': 'ldaps://' + hostname }] try: ldap_change_conf.newConf(ldap_conf, new_opts) ldap_change_conf.changeConf(ldap_conf, change_opts) except Exception as e: logger.info("Failed to update %s: %s", ldap_conf, e)
def enable_ldap_automount(self, statestore): """ Point automount to ldap in nsswitch.conf. This function is for non-SSSD setups only. """ conf = IPAChangeConf("IPA Installer") conf.setOptionAssignment(':') with open(paths.NSSWITCH_CONF, 'r') as f: current_opts = conf.parse(f) current_nss_value = conf.findOpts(current_opts, name='automount', type='option')[1] if current_nss_value is None: # no automount database present current_nss_value = False # None cannot be backed up else: current_nss_value = current_nss_value['value'] statestore.backup_state('ipa-client-automount-nsswitch', 'previous-automount', current_nss_value) nss_value = ' files ldap' opts = [ { 'name': 'automount', 'type': 'option', 'action': 'set', 'value': nss_value, }, { 'name': 'empty', 'type': 'empty' }, ] conf.changeConf(paths.NSSWITCH_CONF, opts) logger.info("Configured %s", paths.NSSWITCH_CONF)
def configure_nsswitch_database(self, fstore, database, services, preserve=True, append=True, default_value=()): """ Edits the specified nsswitch.conf database (e.g. passwd, group, sudoers) to use the specified service(s). Arguments: fstore - FileStore to backup the nsswitch.conf database - database configuration that should be ammended, e.g. 'sudoers' service - list of services that should be added, e.g. ['sss'] preserve - if True, the already configured services will be preserved The next arguments modify the behaviour if preserve=True: append - if True, the services will be appended, if False, prepended default_value - list of services that are considered as default (if the database is not mentioned in nsswitch.conf), e.g. ['files'] """ # Backup the original version of nsswitch.conf, we're going to edit it # now if not fstore.has_file(paths.NSSWITCH_CONF): fstore.backup_file(paths.NSSWITCH_CONF) conf = IPAChangeConf("IPA Installer") conf.setOptionAssignment(':') if preserve: # Read the existing configuration with open(paths.NSSWITCH_CONF, 'r') as f: opts = conf.parse(f) raw_database_entry = conf.findOpts(opts, 'option', database)[1] # Detect the list of already configured services if not raw_database_entry: # If there is no database entry, database is not present in # the nsswitch.conf. Set the list of services to the # default list, if passed. configured_services = list(default_value) else: configured_services = raw_database_entry['value'].strip( ).split() # Make sure no service is added if already mentioned in the list added_services = [ s for s in services if s not in configured_services ] # Prepend / append the list of new services if append: new_value = ' ' + ' '.join(configured_services + added_services) else: new_value = ' ' + ' '.join(added_services + configured_services) else: # Preserve not set, let's rewrite existing configuration new_value = ' ' + ' '.join(services) # Set new services as sources for database opts = [ conf.setOption(database, new_value), conf.emptyLine(), ] conf.changeConf(paths.NSSWITCH_CONF, opts) logger.info("Configured %s in %s", database, paths.NSSWITCH_CONF)