コード例 #1
0
ファイル: server.py プロジェクト: zhoubh/freeipa
    def _remove_server_host_services(self, ldap, master):
        """
        delete server kerberos key and all its svc principals
        """
        try:
            # do not delete ldap principal if server-del command
            # has been called on a machine which is being deleted
            # since this will break replication.
            # ldap principal to be cleaned later by topology plugin
            # necessary changes to a topology plugin are tracked
            # under https://pagure.io/freeipa/issue/7359
            if master == self.api.env.host:
                filter = ('(&(krbprincipalname=*/{}@{})'
                          '(!(krbprincipalname=ldap/*)))'.format(
                              master, self.api.env.realm))
            else:
                filter = '(krbprincipalname=*/{}@{})'.format(
                    master, self.api.env.realm)

            entries = ldap.get_entries(self.api.env.basedn,
                                       ldap.SCOPE_SUBTREE,
                                       filter=filter)

            if entries:
                entries.sort(key=lambda x: len(x.dn), reverse=True)
                for entry in entries:
                    ldap.delete_entry(entry)
        except errors.NotFound:
            pass
        except Exception as e:
            self.add_message(
                messages.ServerRemovalWarning(
                    message=_("Failed to cleanup server principals/keys: "
                              "%(err)s") % dict(err=e)))
コード例 #2
0
ファイル: dnskeysyncinstance.py プロジェクト: pspacek/freeipa
 def remove_replica_public_keys(self, replica_fqdn):
     ldap = api.Backend.ldap2
     dn_base = DN(("cn", "keys"), ("cn", "sec"), ("cn", "dns"), api.env.basedn)
     keylabel = replica_keylabel_template % DNSName(replica_fqdn).make_absolute().canonicalize().ToASCII()
     # get old keys from LDAP
     search_kw = {"objectclass": u"ipaPublicKeyObject", "ipk11Label": keylabel, "ipk11Wrap": True}
     filter = ldap.make_filter(search_kw, rules=ldap.MATCH_ALL)
     entries, truncated = ldap.find_entries(filter=filter, base_dn=dn_base)
     for entry in entries:
         ldap.delete_entry(entry)
コード例 #3
0
 def remove_replica_public_keys(self, replica_fqdn):
     ldap = api.Backend.ldap2
     dn_base = DN(('cn', 'keys'), ('cn', 'sec'), ('cn', 'dns'), api.env.basedn)
     keylabel = replica_keylabel_template % DNSName(replica_fqdn).\
         make_absolute().canonicalize().ToASCII()
     # get old keys from LDAP
     search_kw = {
         'objectclass': u"ipaPublicKeyObject",
         'ipk11Label': keylabel,
         'ipk11Wrap': True,
     }
     filter = ldap.make_filter(search_kw, rules=ldap.MATCH_ALL)
     entries, _truncated = ldap.find_entries(filter=filter, base_dn=dn_base)
     for entry in entries:
         ldap.delete_entry(entry)
コード例 #4
0
ファイル: dnskeysyncinstance.py プロジェクト: LiptonB/freeipa
 def remove_replica_public_keys(self, replica_fqdn):
     ldap = api.Backend.ldap2
     dn_base = DN(('cn', 'keys'), ('cn', 'sec'), ('cn', 'dns'), api.env.basedn)
     keylabel = replica_keylabel_template % DNSName(replica_fqdn).\
         make_absolute().canonicalize().ToASCII()
     # get old keys from LDAP
     search_kw = {
         'objectclass': u"ipaPublicKeyObject",
         'ipk11Label': keylabel,
         'ipk11Wrap': True,
     }
     filter = ldap.make_filter(search_kw, rules=ldap.MATCH_ALL)
     entries, _truncated = ldap.find_entries(filter=filter, base_dn=dn_base)
     for entry in entries:
         ldap.delete_entry(entry)
コード例 #5
0
ファイル: server.py プロジェクト: LiptonB/freeipa
    def _remove_server_host_services(self, ldap, master):
        """
        delete server kerberos key and all its svc principals
        """
        try:
            entries = ldap.get_entries(
                self.api.env.basedn, ldap.SCOPE_SUBTREE,
                filter='(krbprincipalname=*/{}@{})'.format(
                    master, self.api.env.realm))

            if entries:
                entries.sort(key=lambda x: len(x.dn), reverse=True)
                for entry in entries:
                    ldap.delete_entry(entry)
        except errors.NotFound:
            pass
        except Exception as e:
            self.add_message(
                messages.ServerRemovalWarning(
                    message=_("Failed to cleanup server principals/keys: "
                              "%(err)s") % dict(err=e)))
コード例 #6
0
ファイル: server.py プロジェクト: wanglu119/freeipa
    def _remove_server_host_services(self, ldap, master):
        """
        delete server kerberos key and all its svc principals
        """
        try:
            entries = ldap.get_entries(
                self.api.env.basedn, ldap.SCOPE_SUBTREE,
                filter='(krbprincipalname=*/{}@{})'.format(
                    master, self.api.env.realm))

            if entries:
                entries.sort(key=lambda x: len(x.dn), reverse=True)
                for entry in entries:
                    ldap.delete_entry(entry)
        except errors.NotFound:
            pass
        except Exception as e:
            self.add_message(
                messages.ServerRemovalWarning(
                    message=_("Failed to cleanup server principals/keys: "
                              "%(err)s") % dict(err=e)))
コード例 #7
0
ファイル: server.py プロジェクト: encukou/freeipa
    def _remove_server_host_services(self, ldap, master):
        """
        delete server kerberos key and all its svc principals
        """
        try:
            # do not delete ldap principal if server-del command
            # has been called on a machine which is being deleted
            # since this will break replication.
            # ldap principal to be cleaned later by topology plugin
            # necessary changes to a topology plugin are tracked
            # under https://pagure.io/freeipa/issue/7359
            if master == self.api.env.host:
                filter = (
                    '(&(krbprincipalname=*/{}@{})'
                    '(!(krbprincipalname=ldap/*)))'
                    .format(master, self.api.env.realm)
                )
            else:
                filter = '(krbprincipalname=*/{}@{})'.format(
                    master, self.api.env.realm
                )

            entries = ldap.get_entries(
                self.api.env.basedn, ldap.SCOPE_SUBTREE, filter=filter
            )

            if entries:
                entries.sort(key=lambda x: len(x.dn), reverse=True)
                for entry in entries:
                    ldap.delete_entry(entry)
        except errors.NotFound:
            pass
        except Exception as e:
            self.add_message(
                messages.ServerRemovalWarning(
                    message=_("Failed to cleanup server principals/keys: "
                              "%(err)s") % dict(err=e)))