Changeset View
Changeset View
Standalone View
Standalone View
pykolab/setup/setup_ldap.py
Context not available. | |||||
from __future__ import print_function | from __future__ import print_function | ||||
import sys | |||||
import ldap | import ldap | ||||
import ldap.modlist | import ldap.modlist | ||||
import os | import os | ||||
Context not available. | |||||
# Pre-execution checks | # Pre-execution checks | ||||
for path, directories, files in os.walk('/etc/dirsrv/'): | for path, directories, files in os.walk('/etc/dirsrv/'): | ||||
for direct in directories: | for direct in directories: | ||||
if direct.startswith('slapd-'): | if direct.startswith('slapd-') and not direct.endswith('.removed'): | ||||
print(utils.multiline_message( | print(utils.multiline_message( | ||||
_(""" | _(""" | ||||
It seems 389 Directory Server has an existing | It seems 389 Directory Server has an existing | ||||
Context not available. | |||||
# TODO: Loudly complain if the fqdn does not resolve back to this system. | # TODO: Loudly complain if the fqdn does not resolve back to this system. | ||||
# CentOS 8 for now | # CentOS 8 for now, also Debian buster/bullseye, Ubuntu 20.04/22.04 | ||||
""" | |||||
Check first for setup tool and exit, before writing into /tmp files with password | |||||
""" | |||||
""" | |||||
OBSOLETE Warning | |||||
dscreate will replace setup-ds*.pl | |||||
dscreate use lib389, which is python3.x only | |||||
admin package will be replaced by cockpit package | |||||
sample_entries = 001003006 # used as kolab server schema | |||||
dscreate beta still delivered with setup-ds*.pl | |||||
""" | |||||
dscreate_found = os.path.isfile("/usr/sbin/dscreate") | dscreate_found = os.path.isfile("/usr/sbin/dscreate") | ||||
if dscreate_found: | setup_ds_admin = None | ||||
"""If Perl Script exist, dscreate is beta""" | |||||
if os.path.isfile("/usr/sbin/setup-ds-admin.pl"): | |||||
setup_ds_admin = "/usr/sbin/setup-ds-admin.pl" | |||||
elif os.path.isfile("/usr/sbin/setup-ds-admin"): | |||||
setup_ds_admin = "/usr/sbin/setup-ds-admin" | |||||
elif os.path.isfile("/usr/sbin/setup-ds.pl"): | |||||
setup_ds_admin = "/usr/sbin/setup-ds.pl" | |||||
elif os.path.isfile("/usr/sbin/setup-ds"): | |||||
setup_ds_admin = "/usr/sbin/setup-ds" | |||||
elif dscreate_found and setup_ds_admin is None and sys.version_info.major >= 3: | |||||
setup_ds_admin = "/usr/sbin/dscreate" | |||||
dscreate = True | |||||
else: | |||||
log.error(_("No directory server setup tool available.")) | |||||
sys.exit(1) | |||||
if dscreate: | |||||
data = """ | data = """ | ||||
[general] | [general] | ||||
FullMachineName = %(fqdn)s | config_version = 2 | ||||
full_machine_name = %(fqdn)s | |||||
SuiteSpotUserID = %(userid)s | SuiteSpotUserID = %(userid)s | ||||
SuiteSpotGroup = %(group)s | SuiteSpotGroup = %(group)s | ||||
AdminDomain = %(domain)s | AdminDomain = %(domain)s | ||||
Context not available. | |||||
full_machine_name = %(fqdn)s | full_machine_name = %(fqdn)s | ||||
[slapd] | [slapd] | ||||
SlapdConfigForMC = Yes | instance_name = %(hostname)s | ||||
UseExistingMC = 0 | port = 389 | ||||
ServerPort = 389 | root_password = %(dirmgr_pass)s | ||||
ServerIdentifier = %(hostname)s | |||||
Suffix = %(rootdn)s | |||||
RootDN = cn=Directory Manager | RootDN = cn=Directory Manager | ||||
RootDNPwd = %(dirmgr_pass)s | RootDNPwd = %(dirmgr_pass)s | ||||
ds_bename = %(nodotdomain)s | ds_bename = %(nodotdomain)s | ||||
Context not available. | |||||
[backend-userroot] | [backend-userroot] | ||||
suffix = %(rootdn)s | suffix = %(rootdn)s | ||||
create_suffix_entry = True | sample_entries = 001003006 #old Netscape server schema | ||||
require_index = yes | |||||
[admin] | """ % (_input) | ||||
Port = 9830 | |||||
ServerAdminID = admin | |||||
ServerAdminPwd = %(admin_pass)s | |||||
""" % (_input) | |||||
(fp, filename) = tempfile.mkstemp(dir="/tmp/") | |||||
os.write(fp, bytes(data.encode("UTF-8"))) | |||||
os.close(fp) | |||||
command = [ | |||||
'dscreate', | |||||
'from-file', | |||||
filename | |||||
] | |||||
print(utils.multiline_message( | |||||
_(""" | |||||
Setup is now going to set up the 389 Directory Server. This | |||||
may take a little while (during which period there is no | |||||
output and no progress indication). | |||||
""") | |||||
), file=sys.stderr) | |||||
log.info(_("Setting up 389 Directory Server")) | |||||
setup_389 = subprocess.Popen( | |||||
command, | |||||
stdout=subprocess.PIPE, | |||||
stderr=subprocess.PIPE | |||||
) | |||||
(stdoutdata, stderrdata) = setup_389.communicate() | |||||
if not setup_389.returncode == 0: | |||||
print(utils.multiline_message( | |||||
_(""" | |||||
An error was detected in the setup procedure for 389 | |||||
Directory Server. This setup will write out stderr and | |||||
stdout to /var/log/kolab/setup.error.log and | |||||
/var/log/kolab/setup.out.log respectively, before it | |||||
exits. | |||||
""") | |||||
), file=sys.stderr) | |||||
fp = open('/var/log/kolab/setup.error.log', 'w') | |||||
fp.write(utils.ensure_str(stderrdata, 'latin-1')) | |||||
fp.close() | |||||
fp = open('/var/log/kolab/setup.out.log', 'w') | |||||
fp.write(utils.ensure_str(stdoutdata, 'latin-1')) | |||||
fp.close() | |||||
log.debug(_("Setup DS stdout:"), level=8) | |||||
log.debug(stdoutdata, level=8) | |||||
log.debug(_("Setup DS stderr:"), level=8) | |||||
log.debug(stderrdata, level=8) | |||||
if not setup_389.returncode == 0: | |||||
sys.exit(1) | |||||
# dscreate does not seem to do this, but the old setup-ds did. | |||||
template = open('/usr/share/dirsrv/data/template.ldif', 'r').read().replace('%ds_suffix%', _input['rootdn']).replace('%rootdn%', 'cn=Directory Manager') | |||||
(fp, filename) = tempfile.mkstemp(dir="/tmp/") | |||||
os.write(fp, bytes(template.encode("UTF-8"))) | |||||
os.close(fp) | |||||
command = [ | |||||
'ldapadd', | |||||
'-x', | |||||
'-H', 'ldap://127.0.0.1:389/', | |||||
'-D', "cn=Directory Manager", | |||||
'-w', _input['dirmgr_pass'], | |||||
'-f', filename | |||||
] | |||||
ldapadd = subprocess.Popen( | |||||
command, | |||||
stdout=subprocess.PIPE, | |||||
stderr=subprocess.PIPE | |||||
) | |||||
(stdoutdata, stderrdata) = ldapadd.communicate() | |||||
if not ldapadd.returncode == 0: | |||||
print(utils.multiline_message( | |||||
_(""" | |||||
An error was detected in the setup procedure during ldapadd for 389 | |||||
Directory Server. This setup will write out stderr and | |||||
stdout to /var/log/kolab/setup.error.log and | |||||
/var/log/kolab/setup.out.log respectively, before it | |||||
exits. | |||||
""") | |||||
), file=sys.stderr) | |||||
fp = open('/var/log/kolab/setup.error.log', 'w') | |||||
fp.write(stderrdata) | |||||
fp.close() | |||||
fp = open('/var/log/kolab/setup.out.log', 'w') | |||||
fp.write(stdoutdata) | |||||
fp.close() | |||||
log.debug(_("Setup DS stdout:"), level=8) | |||||
log.debug(stdoutdata, level=8) | |||||
log.debug(_("Setup DS stderr:"), level=8) | |||||
log.debug(stderrdata, level=8) | |||||
else: | else: | ||||
data = """ | data = """ | ||||
[General] | [General] | ||||
Context not available. | |||||
os.write(fp, bytes(data.encode("UTF-8"))) | os.write(fp, bytes(data.encode("UTF-8"))) | ||||
os.close(fp) | os.close(fp) | ||||
if os.path.isfile("/usr/sbin/setup-ds-admin.pl"): | if dscreate: | ||||
setup_ds_admin = "/usr/sbin/setup-ds-admin.pl" | log.info(setup_ds_admin) | ||||
elif os.path.isfile("/usr/sbin/setup-ds-admin"): | command = [ | ||||
setup_ds_admin = "/usr/sbin/setup-ds-admin" | |||||
elif os.path.isfile("/usr/sbin/setup-ds.pl"): | |||||
setup_ds_admin = "/usr/sbin/setup-ds.pl" | |||||
elif os.path.isfile("/usr/sbin/setup-ds"): | |||||
setup_ds_admin = "/usr/sbin/setup-ds" | |||||
else: | |||||
log.error(_("No directory server setup tool available.")) | |||||
sys.exit(1) | |||||
command = [ | |||||
setup_ds_admin, | setup_ds_admin, | ||||
'--debug', | '-v', | ||||
'--silent', | 'from-file', | ||||
'--force', | filename | ||||
'--file=%s' % (filename) | |||||
] | ] | ||||
else: | |||||
log.info(setup_ds_admin) | |||||
command = [ | |||||
setup_ds_admin, | |||||
'--debug', | |||||
'--silent', | |||||
'--force', | |||||
'--file=%s' % (filename) | |||||
] | |||||
print(utils.multiline_message( | print(utils.multiline_message( | ||||
_(""" | _(""" | ||||
Setup is now going to set up the 389 Directory Server. This | Setup is now going to set up the 389 Directory Server. This | ||||
Context not available. | |||||
), file=sys.stderr) | ), file=sys.stderr) | ||||
fp = open('/var/log/kolab/setup.error.log', 'w') | fp = open('/var/log/kolab/setup.error.log', 'w') | ||||
fp.write(stderrdata) | fp.write(utils.ensure_str(stderrdata)) | ||||
fp.close() | fp.close() | ||||
fp = open('/var/log/kolab/setup.out.log', 'w') | fp = open('/var/log/kolab/setup.out.log', 'w') | ||||
fp.write(stdoutdata) | fp.write(utils.ensure_str(stdoutdata)) | ||||
fp.close() | fp.close() | ||||
log.debug(_("Setup DS stdout:"), level=8) | log.debug(_("Setup DS stdout:"), level=8) | ||||
Context not available. | |||||
dn = "cn=Account Policy Plugin,cn=plugins,cn=config" | dn = "cn=Account Policy Plugin,cn=plugins,cn=config" | ||||
modlist = [] | modlist = [] | ||||
modlist.append((ldap.MOD_REPLACE, "nsslapd-pluginEnabled", b"on")) | modlist.append((ldap.MOD_REPLACE, "nsslapd-pluginEnabled", b"on")) | ||||
if not dscreate_found: | if not dscreate: | ||||
modlist.append((ldap.MOD_ADD, "nsslapd-pluginarg0", b"cn=config,cn=Account Policy Plugin,cn=plugins,cn=config")) | modlist.append((ldap.MOD_ADD, "nsslapd-pluginarg0", b"cn=config,cn=Account Policy Plugin,cn=plugins,cn=config")) | ||||
auth._auth.ldap.modify_s(dn, modlist) | auth._auth.ldap.modify_s(dn, modlist) | ||||
Context not available. |