def _remove_server_host_services(self, ldap, master):
"""
delete server kerberos key and all its svc principals
"""
try:
# do not delete ldap principal if server-del command
# has been called on a machine which is being deleted
# since this will break replication.
# ldap principal to be cleaned later by topology plugin
# necessary changes to a topology plugin are tracked
# under https://pagure.io/freeipa/issue/7359
if master == self.api.env.host:
filter = ('(&(krbprincipalname=*/{}@{})'
'(!(krbprincipalname=ldap/*)))'.format(
master, self.api.env.realm))
else:
filter = '(krbprincipalname=*/{}@{})'.format(
master, self.api.env.realm)
entries = ldap.get_entries(self.api.env.basedn,
ldap.SCOPE_SUBTREE,
filter=filter)
if entries:
entries.sort(key=lambda x: len(x.dn), reverse=True)
for entry in entries:
ldap.delete_entry(entry)
except errors.NotFound:
pass
except Exception as e:
self.add_message(
messages.ServerRemovalWarning(
message=_("Failed to cleanup server principals/keys: "
"%(err)s") % dict(err=e)))
def remove_replica_public_keys(self, replica_fqdn):
ldap = api.Backend.ldap2
dn_base = DN(("cn", "keys"), ("cn", "sec"), ("cn", "dns"), api.env.basedn)
keylabel = replica_keylabel_template % DNSName(replica_fqdn).make_absolute().canonicalize().ToASCII()
# get old keys from LDAP
search_kw = {"objectclass": u"ipaPublicKeyObject", "ipk11Label": keylabel, "ipk11Wrap": True}
filter = ldap.make_filter(search_kw, rules=ldap.MATCH_ALL)
entries, truncated = ldap.find_entries(filter=filter, base_dn=dn_base)
for entry in entries:
ldap.delete_entry(entry)
def remove_replica_public_keys(self, replica_fqdn):
ldap = api.Backend.ldap2
dn_base = DN(('cn', 'keys'), ('cn', 'sec'), ('cn', 'dns'), api.env.basedn)
keylabel = replica_keylabel_template % DNSName(replica_fqdn).\
make_absolute().canonicalize().ToASCII()
# get old keys from LDAP
search_kw = {
'objectclass': u"ipaPublicKeyObject",
'ipk11Label': keylabel,
'ipk11Wrap': True,
}
filter = ldap.make_filter(search_kw, rules=ldap.MATCH_ALL)
entries, _truncated = ldap.find_entries(filter=filter, base_dn=dn_base)
for entry in entries:
ldap.delete_entry(entry)
def remove_replica_public_keys(self, replica_fqdn):
ldap = api.Backend.ldap2
dn_base = DN(('cn', 'keys'), ('cn', 'sec'), ('cn', 'dns'), api.env.basedn)
keylabel = replica_keylabel_template % DNSName(replica_fqdn).\
make_absolute().canonicalize().ToASCII()
# get old keys from LDAP
search_kw = {
'objectclass': u"ipaPublicKeyObject",
'ipk11Label': keylabel,
'ipk11Wrap': True,
}
filter = ldap.make_filter(search_kw, rules=ldap.MATCH_ALL)
entries, _truncated = ldap.find_entries(filter=filter, base_dn=dn_base)
for entry in entries:
ldap.delete_entry(entry)
def _remove_server_host_services(self, ldap, master):
"""
delete server kerberos key and all its svc principals
"""
try:
entries = ldap.get_entries(
self.api.env.basedn, ldap.SCOPE_SUBTREE,
filter='(krbprincipalname=*/{}@{})'.format(
master, self.api.env.realm))
if entries:
entries.sort(key=lambda x: len(x.dn), reverse=True)
for entry in entries:
ldap.delete_entry(entry)
except errors.NotFound:
pass
except Exception as e:
self.add_message(
messages.ServerRemovalWarning(
message=_("Failed to cleanup server principals/keys: "
"%(err)s") % dict(err=e)))
def _remove_server_host_services(self, ldap, master):
"""
delete server kerberos key and all its svc principals
"""
try:
entries = ldap.get_entries(
self.api.env.basedn, ldap.SCOPE_SUBTREE,
filter='(krbprincipalname=*/{}@{})'.format(
master, self.api.env.realm))
if entries:
entries.sort(key=lambda x: len(x.dn), reverse=True)
for entry in entries:
ldap.delete_entry(entry)
except errors.NotFound:
pass
except Exception as e:
self.add_message(
messages.ServerRemovalWarning(
message=_("Failed to cleanup server principals/keys: "
"%(err)s") % dict(err=e)))
def _remove_server_host_services(self, ldap, master):
"""
delete server kerberos key and all its svc principals
"""
try:
# do not delete ldap principal if server-del command
# has been called on a machine which is being deleted
# since this will break replication.
# ldap principal to be cleaned later by topology plugin
# necessary changes to a topology plugin are tracked
# under https://pagure.io/freeipa/issue/7359
if master == self.api.env.host:
filter = (
'(&(krbprincipalname=*/{}@{})'
'(!(krbprincipalname=ldap/*)))'
.format(master, self.api.env.realm)
)
else:
filter = '(krbprincipalname=*/{}@{})'.format(
master, self.api.env.realm
)
entries = ldap.get_entries(
self.api.env.basedn, ldap.SCOPE_SUBTREE, filter=filter
)
if entries:
entries.sort(key=lambda x: len(x.dn), reverse=True)
for entry in entries:
ldap.delete_entry(entry)
except errors.NotFound:
pass
except Exception as e:
self.add_message(
messages.ServerRemovalWarning(
message=_("Failed to cleanup server principals/keys: "
"%(err)s") % dict(err=e)))