|
 |
e3ffab |
From aa5a5fa8349444c2817feb21dd8c6f8ba6b38fd0 Mon Sep 17 00:00:00 2001
|
|
|
e3ffab |
From: Petr Vobornik <pvoborni@redhat.com>
|
|
|
e3ffab |
Date: Mon, 13 Oct 2014 14:59:24 +0200
|
|
|
e3ffab |
Subject: [PATCH] ldapupdater: set baserid to 0 for ipa-ad-trust-posix ranges
|
|
|
e3ffab |
|
|
|
e3ffab |
New updater plugin which sets baserid to 0 for ranges with type ipa-ad-trust-posix
|
|
|
e3ffab |
|
|
|
e3ffab |
https://fedorahosted.org/freeipa/ticket/4221
|
|
|
e3ffab |
|
|
|
e3ffab |
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
|
|
e3ffab |
---
|
|
|
e3ffab |
ipaserver/install/plugins/update_idranges.py | 69 +++++++++++++++++++++++++++-
|
|
|
e3ffab |
1 file changed, 68 insertions(+), 1 deletion(-)
|
|
|
e3ffab |
|
|
|
e3ffab |
diff --git a/ipaserver/install/plugins/update_idranges.py b/ipaserver/install/plugins/update_idranges.py
|
|
|
e3ffab |
index 9e97c9f74570484a8bae82e99a7561350163a1b1..1aa5fa7631fd35a7aaf4a23a5eee44e4e0a2e904 100644
|
|
|
e3ffab |
--- a/ipaserver/install/plugins/update_idranges.py
|
|
|
e3ffab |
+++ b/ipaserver/install/plugins/update_idranges.py
|
|
|
e3ffab |
@@ -17,7 +17,7 @@
|
|
|
e3ffab |
# You should have received a copy of the GNU General Public License
|
|
|
e3ffab |
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
e3ffab |
|
|
|
e3ffab |
-from ipaserver.install.plugins import MIDDLE
|
|
|
e3ffab |
+from ipaserver.install.plugins import MIDDLE, LAST
|
|
|
e3ffab |
from ipaserver.install.plugins.baseupdate import PostUpdate
|
|
|
e3ffab |
from ipalib import api, errors
|
|
|
e3ffab |
from ipapython.dn import DN
|
|
|
e3ffab |
@@ -111,4 +111,71 @@ class update_idrange_type(PostUpdate):
|
|
|
e3ffab |
|
|
|
e3ffab |
return (False, False, [])
|
|
|
e3ffab |
|
|
|
e3ffab |
+
|
|
|
e3ffab |
+class update_idrange_baserid(PostUpdate):
|
|
|
e3ffab |
+ """
|
|
|
e3ffab |
+ Update ipa-ad-trust-posix ranges' base RID to 0. This applies to AD trust
|
|
|
e3ffab |
+ posix ranges prior to IPA 4.1.
|
|
|
e3ffab |
+ """
|
|
|
e3ffab |
+
|
|
|
e3ffab |
+ order = LAST
|
|
|
e3ffab |
+
|
|
|
e3ffab |
+ def execute(self, **options):
|
|
|
e3ffab |
+ ldap = self.obj.backend
|
|
|
e3ffab |
+
|
|
|
e3ffab |
+ base_dn = DN(api.env.container_ranges, api.env.basedn)
|
|
|
e3ffab |
+ search_filter = ("(&(objectClass=ipaTrustedADDomainRange)"
|
|
|
e3ffab |
+ "(ipaRangeType=ipa-ad-trust-posix)"
|
|
|
e3ffab |
+ "(!(ipaBaseRID=0)))")
|
|
|
e3ffab |
+ root_logger.debug(
|
|
|
e3ffab |
+ "update_idrange_baserid: search for ipa-ad-trust-posix ID ranges "
|
|
|
e3ffab |
+ "with ipaBaseRID != 0"
|
|
|
e3ffab |
+ )
|
|
|
e3ffab |
+
|
|
|
e3ffab |
+ try:
|
|
|
e3ffab |
+ (entries, truncated) = ldap.find_entries(
|
|
|
e3ffab |
+ search_filter, ['ipabaserid'], base_dn,
|
|
|
e3ffab |
+ paged_search=True, time_limit=0, size_limit=0)
|
|
|
e3ffab |
+
|
|
|
e3ffab |
+ except errors.NotFound:
|
|
|
e3ffab |
+ root_logger.debug("update_idrange_baserid: no AD domain "
|
|
|
e3ffab |
+ "range with posix attributes found")
|
|
|
e3ffab |
+ return (False, False, [])
|
|
|
e3ffab |
+
|
|
|
e3ffab |
+ except errors.ExecutionError, e:
|
|
|
e3ffab |
+ root_logger.error("update_idrange_baserid: cannot retrieve "
|
|
|
e3ffab |
+ "list of affected ranges: %s", e)
|
|
|
e3ffab |
+ return (False, False, [])
|
|
|
e3ffab |
+
|
|
|
e3ffab |
+ root_logger.debug("update_idrange_baserid: found %d "
|
|
|
e3ffab |
+ "idranges possible to update",
|
|
|
e3ffab |
+ len(entries))
|
|
|
e3ffab |
+
|
|
|
e3ffab |
+ error = False
|
|
|
e3ffab |
+
|
|
|
e3ffab |
+ # Set the range type
|
|
|
e3ffab |
+ for entry in entries:
|
|
|
e3ffab |
+ entry['ipabaserid'] = 0
|
|
|
e3ffab |
+ try:
|
|
|
e3ffab |
+ root_logger.info("Updating existing idrange: %s" % (entry.dn))
|
|
|
e3ffab |
+ ldap.update_entry(entry)
|
|
|
e3ffab |
+ root_logger.info("Done")
|
|
|
e3ffab |
+ except (errors.EmptyModlist, errors.NotFound):
|
|
|
e3ffab |
+ pass
|
|
|
e3ffab |
+ except errors.ExecutionError, e:
|
|
|
e3ffab |
+ root_logger.debug("update_idrange_type: cannot "
|
|
|
e3ffab |
+ "update idrange: %s", e)
|
|
|
e3ffab |
+ error = True
|
|
|
e3ffab |
+
|
|
|
e3ffab |
+ if error:
|
|
|
e3ffab |
+ root_logger.error("update_idrange_baserid: error(s) "
|
|
|
e3ffab |
+ "detected during idrange baserid update")
|
|
|
e3ffab |
+ else:
|
|
|
e3ffab |
+ # All affected entries updated, exit the loop
|
|
|
e3ffab |
+ root_logger.debug("update_idrange_baserid: all affected "
|
|
|
e3ffab |
+ "idranges updated")
|
|
|
e3ffab |
+
|
|
|
e3ffab |
+ return (False, False, [])
|
|
|
e3ffab |
+
|
|
|
e3ffab |
api.register(update_idrange_type)
|
|
|
e3ffab |
+api.register(update_idrange_baserid)
|
|
|
e3ffab |
--
|
|
|
e3ffab |
2.1.0
|
|
|
e3ffab |
|