diff --git a/pykolab/setup/setup_ldap.py b/pykolab/setup/setup_ldap.py --- a/pykolab/setup/setup_ldap.py +++ b/pykolab/setup/setup_ldap.py @@ -19,6 +19,8 @@ from __future__ import print_function +import sys + import ldap import ldap.modlist import os @@ -167,7 +169,7 @@ # Pre-execution checks for path, directories, files in os.walk('/etc/dirsrv/'): for direct in directories: - if direct.startswith('slapd-'): + if direct.startswith('slapd-') and not direct.endswith('.removed'): print(utils.multiline_message( _(""" It seems 389 Directory Server has an existing @@ -318,148 +320,60 @@ # TODO: Loudly complain if the fqdn does not resolve back to this system. - # CentOS 8 for now + # CentOS 8 for now, also Debian buster/bullseye, Ubuntu 20.04/22.04 + """ + Check first for setup tool and exit, before writing into /tmp files with password + """ + """ + OBSOLETE Warning + dscreate will replace setup-ds*.pl + dscreate use lib389, which is python3.x only + admin package will be replaced by cockpit package + sample_entries = 001003006 # used as kolab server schema + dscreate beta still delivered with setup-ds*.pl + """ dscreate_found = os.path.isfile("/usr/sbin/dscreate") - if dscreate_found: + setup_ds_admin = None + """If Perl Script exist, dscreate is beta""" + if os.path.isfile("/usr/sbin/setup-ds-admin.pl"): + setup_ds_admin = "/usr/sbin/setup-ds-admin.pl" + elif os.path.isfile("/usr/sbin/setup-ds-admin"): + setup_ds_admin = "/usr/sbin/setup-ds-admin" + elif os.path.isfile("/usr/sbin/setup-ds.pl"): + setup_ds_admin = "/usr/sbin/setup-ds.pl" + elif os.path.isfile("/usr/sbin/setup-ds"): + setup_ds_admin = "/usr/sbin/setup-ds" + elif dscreate_found and setup_ds_admin is None and sys.version_info.major >= 3: + setup_ds_admin = "/usr/sbin/dscreate" + dscreate = True + else: + log.error(_("No directory server setup tool available.")) + sys.exit(1) + + if dscreate: data = """ [general] -FullMachineName = %(fqdn)s +config_version = 2 +full_machine_name = %(fqdn)s SuiteSpotUserID = %(userid)s SuiteSpotGroup = %(group)s -AdminDomain = %(domain)s -ConfigDirectoryLdapURL = ldap://%(fqdn)s:389/o=NetscapeRoot -ConfigDirectoryAdminID = admin -ConfigDirectoryAdminPwd = %(admin_pass)s -full_machine_name = %(fqdn)s [slapd] -SlapdConfigForMC = Yes -UseExistingMC = 0 -ServerPort = 389 -ServerIdentifier = %(hostname)s -Suffix = %(rootdn)s +instance_name = %(hostname)s +port = 389 +root_password = %(dirmgr_pass)s RootDN = cn=Directory Manager RootDNPwd = %(dirmgr_pass)s ds_bename = %(nodotdomain)s AddSampleEntries = No -instance_name = %(hostname)s root_password = %(dirmgr_pass)s create_suffix_entry = True [backend-userroot] suffix = %(rootdn)s -create_suffix_entry = True - -[admin] -Port = 9830 -ServerAdminID = admin -ServerAdminPwd = %(admin_pass)s - """ % (_input) - - (fp, filename) = tempfile.mkstemp(dir="/tmp/") - os.write(fp, bytes(data.encode("UTF-8"))) - os.close(fp) - - command = [ - 'dscreate', - 'from-file', - filename - ] - - print(utils.multiline_message( - _(""" - Setup is now going to set up the 389 Directory Server. This - may take a little while (during which period there is no - output and no progress indication). - """) - ), file=sys.stderr) - - log.info(_("Setting up 389 Directory Server")) - - setup_389 = subprocess.Popen( - command, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE - ) - - (stdoutdata, stderrdata) = setup_389.communicate() - - if not setup_389.returncode == 0: - print(utils.multiline_message( - _(""" - An error was detected in the setup procedure for 389 - Directory Server. This setup will write out stderr and - stdout to /var/log/kolab/setup.error.log and - /var/log/kolab/setup.out.log respectively, before it - exits. - """) - ), file=sys.stderr) - - fp = open('/var/log/kolab/setup.error.log', 'w') - fp.write(utils.ensure_str(stderrdata, 'latin-1')) - fp.close() - - fp = open('/var/log/kolab/setup.out.log', 'w') - fp.write(utils.ensure_str(stdoutdata, 'latin-1')) - fp.close() - - log.debug(_("Setup DS stdout:"), level=8) - log.debug(stdoutdata, level=8) - - log.debug(_("Setup DS stderr:"), level=8) - log.debug(stderrdata, level=8) - - if not setup_389.returncode == 0: - sys.exit(1) - - # dscreate does not seem to do this, but the old setup-ds did. - template = open('/usr/share/dirsrv/data/template.ldif', 'r').read().replace('%ds_suffix%', _input['rootdn']).replace('%rootdn%', 'cn=Directory Manager') - (fp, filename) = tempfile.mkstemp(dir="/tmp/") - os.write(fp, bytes(template.encode("UTF-8"))) - os.close(fp) - - command = [ - 'ldapadd', - '-x', - '-H', 'ldap://127.0.0.1:389/', - '-D', "cn=Directory Manager", - '-w', _input['dirmgr_pass'], - '-f', filename - ] - - ldapadd = subprocess.Popen( - command, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE - ) - - (stdoutdata, stderrdata) = ldapadd.communicate() - - if not ldapadd.returncode == 0: - print(utils.multiline_message( - _(""" - An error was detected in the setup procedure during ldapadd for 389 - Directory Server. This setup will write out stderr and - stdout to /var/log/kolab/setup.error.log and - /var/log/kolab/setup.out.log respectively, before it - exits. - """) - ), file=sys.stderr) - - fp = open('/var/log/kolab/setup.error.log', 'w') - fp.write(stderrdata) - fp.close() - - fp = open('/var/log/kolab/setup.out.log', 'w') - fp.write(stdoutdata) - fp.close() - - log.debug(_("Setup DS stdout:"), level=8) - log.debug(stdoutdata, level=8) - - log.debug(_("Setup DS stderr:"), level=8) - log.debug(stderrdata, level=8) - +sample_entries = 001003006 +require_index = yes + """ % (_input) else: data = """ [General] @@ -489,22 +403,21 @@ ServerAdminPwd = %(admin_pass)s """ % (_input) - (fp, filename) = tempfile.mkstemp(dir="/tmp/") - os.write(fp, bytes(data.encode("UTF-8"))) - os.close(fp) - - if os.path.isfile("/usr/sbin/setup-ds-admin.pl"): - setup_ds_admin = "/usr/sbin/setup-ds-admin.pl" - elif os.path.isfile("/usr/sbin/setup-ds-admin"): - setup_ds_admin = "/usr/sbin/setup-ds-admin" - elif os.path.isfile("/usr/sbin/setup-ds.pl"): - setup_ds_admin = "/usr/sbin/setup-ds.pl" - elif os.path.isfile("/usr/sbin/setup-ds"): - setup_ds_admin = "/usr/sbin/setup-ds" - else: - log.error(_("No directory server setup tool available.")) - sys.exit(1) + (fp, filename) = tempfile.mkstemp(dir="/tmp/") + os.write(fp, bytes(data.encode("UTF-8"))) + os.close(fp) + if dscreate: + log.info(setup_ds_admin) + command = [ + setup_ds_admin, + '-v', + 'from-file', + filename + ] + + else: + log.info(setup_ds_admin) command = [ setup_ds_admin, '--debug', @@ -513,51 +426,51 @@ '--file=%s' % (filename) ] - print(utils.multiline_message( - _(""" - Setup is now going to set up the 389 Directory Server. This - may take a little while (during which period there is no - output and no progress indication). - """) - ), file=sys.stderr) + print(utils.multiline_message( + _(""" + Setup is now going to set up the 389 Directory Server. This + may take a little while (during which period there is no + output and no progress indication). + """) + ), file=sys.stderr) - log.info(_("Setting up 389 Directory Server")) + log.info(_("Setting up 389 Directory Server")) - setup_389 = subprocess.Popen( - command, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE - ) + setup_389 = subprocess.Popen( + command, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE + ) - (stdoutdata, stderrdata) = setup_389.communicate() + (stdoutdata, stderrdata) = setup_389.communicate() - if not setup_389.returncode == 0: - print(utils.multiline_message( - _(""" - An error was detected in the setup procedure for 389 - Directory Server. This setup will write out stderr and - stdout to /var/log/kolab/setup.error.log and - /var/log/kolab/setup.out.log respectively, before it - exits. - """) - ), file=sys.stderr) + if not setup_389.returncode == 0: + print(utils.multiline_message( + _(""" + An error was detected in the setup procedure for 389 + Directory Server. This setup will write out stderr and + stdout to /var/log/kolab/setup.error.log and + /var/log/kolab/setup.out.log respectively, before it + exits. + """) + ), file=sys.stderr) - fp = open('/var/log/kolab/setup.error.log', 'w') - fp.write(stderrdata) - fp.close() + fp = open('/var/log/kolab/setup.error.log', 'w') + fp.write(utils.ensure_str(stderrdata)) + fp.close() - fp = open('/var/log/kolab/setup.out.log', 'w') - fp.write(stdoutdata) - fp.close() + fp = open('/var/log/kolab/setup.out.log', 'w') + fp.write(utils.ensure_str(stdoutdata)) + fp.close() - log.debug(_("Setup DS stdout:"), level=8) - log.debug(stdoutdata, level=8) + log.debug(_("Setup DS stdout:"), level=8) + log.debug(stdoutdata, level=8) - log.debug(_("Setup DS stderr:"), level=8) - log.debug(stderrdata, level=8) + log.debug(_("Setup DS stderr:"), level=8) + log.debug(stderrdata, level=8) - if not setup_389.returncode == 0: - sys.exit(1) + if not setup_389.returncode == 0: + sys.exit(1) # Find the kolab schema. It's installed as %doc in the kolab-schema package. # TODO: Chown nobody, nobody, chmod 440 @@ -803,7 +716,7 @@ dn = "cn=Account Policy Plugin,cn=plugins,cn=config" modlist = [] modlist.append((ldap.MOD_REPLACE, "nsslapd-pluginEnabled", b"on")) - if not dscreate_found: + if not dscreate: modlist.append((ldap.MOD_ADD, "nsslapd-pluginarg0", b"cn=config,cn=Account Policy Plugin,cn=plugins,cn=config")) auth._auth.ldap.modify_s(dn, modlist)