|
 |
e788bc |
diff -up ansible-freeipa-1.6.3/roles/ipaserver/library/ipaserver_test.py.idstart_heck ansible-freeipa-1.6.3/roles/ipaserver/library/ipaserver_test.py
|
|
|
e788bc |
--- ansible-freeipa-1.6.3/roles/ipaserver/library/ipaserver_test.py.idstart_heck 2022-10-07 17:06:41.915918624 +0200
|
|
|
e788bc |
+++ ansible-freeipa-1.6.3/roles/ipaserver/library/ipaserver_test.py 2022-10-07 17:09:55.228613556 +0200
|
|
|
e788bc |
@@ -226,7 +226,8 @@ from ansible.module_utils.ansible_ipa_se
|
|
|
e788bc |
read_cache, ca, tasks, check_ldap_conf, timeconf, httpinstance,
|
|
|
e788bc |
check_dirsrv, ScriptError, get_fqdn, verify_fqdn, BadHostError,
|
|
|
e788bc |
validate_domain_name, load_pkcs12, IPA_PYTHON_VERSION,
|
|
|
e788bc |
- encode_certificate, check_available_memory, adtrustinstance
|
|
|
e788bc |
+ encode_certificate, check_available_memory, adtrustinstance,
|
|
|
e788bc |
+ get_min_idstart
|
|
|
e788bc |
)
|
|
|
e788bc |
from ansible.module_utils import six
|
|
|
e788bc |
|
|
|
e788bc |
@@ -580,6 +581,16 @@ def main():
|
|
|
e788bc |
"'--ignore-topology-disconnect/--ignore-last-of-role' "
|
|
|
e788bc |
"options can be used only during uninstallation")
|
|
|
e788bc |
|
|
|
e788bc |
+ if get_min_idstart is not None:
|
|
|
e788bc |
+ min_idstart = get_min_idstart()
|
|
|
e788bc |
+ if self.idstart < min_idstart:
|
|
|
e788bc |
+ raise RuntimeError(
|
|
|
e788bc |
+ "idstart (%i) must be larger than UID_MAX/GID_MAX "
|
|
|
e788bc |
+ "(%i) setting in /etc/login.defs." % (
|
|
|
e788bc |
+ self.idstart, min_idstart
|
|
|
e788bc |
+ )
|
|
|
e788bc |
+ )
|
|
|
e788bc |
+
|
|
|
e788bc |
if self.idmax < self.idstart:
|
|
|
e788bc |
raise RuntimeError(
|
|
|
e788bc |
"idmax (%s) cannot be smaller than idstart (%s)" %
|
|
|
e788bc |
diff -up ansible-freeipa-1.6.3/roles/ipaserver/module_utils/ansible_ipa_server.py.idstart_heck ansible-freeipa-1.6.3/roles/ipaserver/module_utils/ansible_ipa_server.py
|
|
|
e788bc |
--- ansible-freeipa-1.6.3/roles/ipaserver/module_utils/ansible_ipa_server.py.idstart_heck 2022-01-27 14:05:04.000000000 +0100
|
|
|
e788bc |
+++ ansible-freeipa-1.6.3/roles/ipaserver/module_utils/ansible_ipa_server.py 2022-10-07 17:07:35.907833419 +0200
|
|
|
e788bc |
@@ -41,7 +41,7 @@ __all__ = ["IPAChangeConf", "certmonger"
|
|
|
e788bc |
"adtrustinstance", "IPAAPI_USER", "sync_time", "PKIIniLoader",
|
|
|
e788bc |
"default_subject_base", "default_ca_subject_dn",
|
|
|
e788bc |
"check_ldap_conf", "encode_certificate", "decode_certificate",
|
|
|
e788bc |
- "check_available_memory"]
|
|
|
e788bc |
+ "check_available_memory", "get_min_idstart"]
|
|
|
e788bc |
|
|
|
e788bc |
import sys
|
|
|
e788bc |
|
|
|
e788bc |
@@ -178,6 +178,11 @@ else:
|
|
|
e788bc |
from ipalib.x509 import load_certificate
|
|
|
e788bc |
load_pem_x509_certificate = None
|
|
|
e788bc |
|
|
|
e788bc |
+ try:
|
|
|
e788bc |
+ from ipaserver.install.server.install import get_min_idstart
|
|
|
e788bc |
+ except ImportError:
|
|
|
e788bc |
+ get_min_idstart = None
|
|
|
e788bc |
+
|
|
|
e788bc |
else:
|
|
|
e788bc |
# IPA version < 4.5
|
|
|
e788bc |
|