|
 |
e0ab38 |
From e22b4320033803331ce8960d05113666fe9192ec Mon Sep 17 00:00:00 2001
|
|
|
e0ab38 |
From: Martin Basti <mbasti@redhat.com>
|
|
|
e0ab38 |
Date: Wed, 6 Jan 2016 19:47:22 +0100
|
|
|
e0ab38 |
Subject: [PATCH] Upgrade: Fix upgrade of NIS Server configuration
|
|
|
e0ab38 |
|
|
|
e0ab38 |
Former upgrade file always created the NIS Server container, that caused
|
|
|
e0ab38 |
the ipa-nis-manage did not set all required NIS maps. Default creation
|
|
|
e0ab38 |
of container has been removed.
|
|
|
e0ab38 |
|
|
|
e0ab38 |
Updating of NIS Server configuration and
|
|
|
e0ab38 |
NIS maps is done only if the NIS Server container exists.
|
|
|
e0ab38 |
|
|
|
e0ab38 |
https://fedorahosted.org/freeipa/ticket/5507
|
|
|
e0ab38 |
|
|
|
e0ab38 |
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
e0ab38 |
---
|
|
|
e0ab38 |
install/share/Makefile.am | 1 +
|
|
|
e0ab38 |
install/share/nis-update.uldif | 38 +++++++++++++++
|
|
|
e0ab38 |
install/updates/50-nis.update | 58 ++--------------------
|
|
|
e0ab38 |
ipaplatform/base/paths.py | 1 +
|
|
|
e0ab38 |
ipaserver/install/plugins/update_nis.py | 86 +++++++++++++++++++++++++++++++++
|
|
|
e0ab38 |
5 files changed, 129 insertions(+), 55 deletions(-)
|
|
|
e0ab38 |
create mode 100644 install/share/nis-update.uldif
|
|
|
e0ab38 |
create mode 100644 ipaserver/install/plugins/update_nis.py
|
|
|
e0ab38 |
|
|
|
e0ab38 |
diff --git a/install/share/Makefile.am b/install/share/Makefile.am
|
|
|
e0ab38 |
index e4cca8708ab0042d6cb37eba31341e53e3cdac4d..09a341ce177e16e14e7d606e5628e6ca21ddf872 100644
|
|
|
e0ab38 |
--- a/install/share/Makefile.am
|
|
|
e0ab38 |
+++ b/install/share/Makefile.am
|
|
|
e0ab38 |
@@ -60,6 +60,7 @@ app_DATA = \
|
|
|
e0ab38 |
memberof-task.ldif \
|
|
|
e0ab38 |
memberof-conf.ldif \
|
|
|
e0ab38 |
nis.uldif \
|
|
|
e0ab38 |
+ nis-update.uldif \
|
|
|
e0ab38 |
opendnssec_conf.template \
|
|
|
e0ab38 |
opendnssec_kasp.template \
|
|
|
e0ab38 |
unique-attributes.ldif \
|
|
|
e0ab38 |
diff --git a/install/share/nis-update.uldif b/install/share/nis-update.uldif
|
|
|
e0ab38 |
new file mode 100644
|
|
|
e0ab38 |
index 0000000000000000000000000000000000000000..e602c1de061fbcece349b2d86970c4db5051473b
|
|
|
e0ab38 |
--- /dev/null
|
|
|
e0ab38 |
+++ b/install/share/nis-update.uldif
|
|
|
e0ab38 |
@@ -0,0 +1,38 @@
|
|
|
e0ab38 |
+# Updates for NIS
|
|
|
e0ab38 |
+
|
|
|
e0ab38 |
+# Correct syntax error that caused users to not appear
|
|
|
e0ab38 |
+dn: nis-domain=$DOMAIN+nis-map=netgroup, cn=NIS Server, cn=plugins, cn=config
|
|
|
e0ab38 |
+replace:nis-value-format: %merge(" ","%{memberNisNetgroup}","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\\\")\",\"-\"),%{nisDomainName:-})")::%merge(" ","%{memberNisNetgroup}","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\"),%{nisDomainName:-})")
|
|
|
e0ab38 |
+
|
|
|
e0ab38 |
+# Correct syntax error that caused nested netgroups to not work
|
|
|
e0ab38 |
+# https://bugzilla.redhat.com/show_bug.cgi?id=788625
|
|
|
e0ab38 |
+dn: nis-domain=$DOMAIN+nis-map=netgroup, cn=NIS Server, cn=plugins, cn=config
|
|
|
e0ab38 |
+replace:nis-value-format: %merge(" ","%{memberNisNetgroup}","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\"),%{nisDomainName:-})")::%merge(" ","%deref_f(\"member\",\"(objectclass=ipanisNetgroup)\",\"cn\")","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\"),%{nisDomainName:-})")
|
|
|
e0ab38 |
+
|
|
|
e0ab38 |
+# Make the padding an expression so usercat and hostcat always gets
|
|
|
e0ab38 |
+# evaluated when displaying entries.
|
|
|
e0ab38 |
+# https://bugzilla.redhat.com/show_bug.cgi?id=767372
|
|
|
e0ab38 |
+dn: nis-domain=$DOMAIN+nis-map=netgroup, cn=NIS Server, cn=plugins, cn=config
|
|
|
e0ab38 |
+replace:nis-value-format: %merge(" ","%deref_f(\"member\",\"(objectclass=ipanisNetgroup)\",\"cn\")","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\"),%{nisDomainName:-})")::%merge(" ","%deref_f(\"member\",\"(objectclass=ipanisNetgroup)\",\"cn\")","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"-\\\")\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"-\\\")\"),%{nisDomainName:-})")
|
|
|
e0ab38 |
+
|
|
|
e0ab38 |
+dn: nis-domain=$DOMAIN+nis-map=ethers.byaddr, cn=NIS Server, cn=plugins, cn=config
|
|
|
e0ab38 |
+default:objectclass: top
|
|
|
e0ab38 |
+default:objectclass: extensibleObject
|
|
|
e0ab38 |
+default:nis-domain: $DOMAIN
|
|
|
e0ab38 |
+default:nis-map: ethers.byaddr
|
|
|
e0ab38 |
+default:nis-base: cn=computers, cn=accounts, $SUFFIX
|
|
|
e0ab38 |
+default:nis-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
|
|
|
e0ab38 |
+default:nis-keys-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%1:%2:%3:%4:%5:%6")
|
|
|
e0ab38 |
+default:nis-values-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%1:%2:%3:%4:%5:%6 %7")
|
|
|
e0ab38 |
+default:nis-secure: no
|
|
|
e0ab38 |
+
|
|
|
e0ab38 |
+dn: nis-domain=$DOMAIN+nis-map=ethers.byname, cn=NIS Server, cn=plugins, cn=config
|
|
|
e0ab38 |
+default:objectclass: top
|
|
|
e0ab38 |
+default:objectclass: extensibleObject
|
|
|
e0ab38 |
+default:nis-domain: $DOMAIN
|
|
|
e0ab38 |
+default:nis-map: ethers.byname
|
|
|
e0ab38 |
+default:nis-base: cn=computers, cn=accounts, $SUFFIX
|
|
|
e0ab38 |
+default:nis-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
|
|
|
e0ab38 |
+default:nis-keys-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%7")
|
|
|
e0ab38 |
+default:nis-values-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%1:%2:%3:%4:%5:%6 %7")
|
|
|
e0ab38 |
+default:nis-secure: no
|
|
|
e0ab38 |
diff --git a/install/updates/50-nis.update b/install/updates/50-nis.update
|
|
|
e0ab38 |
index 149889ec7bdb38073eb6df88628792526cfe58e6..05a166f003aefc50fc25f10f01f7364d752425bc 100644
|
|
|
e0ab38 |
--- a/install/updates/50-nis.update
|
|
|
e0ab38 |
+++ b/install/updates/50-nis.update
|
|
|
e0ab38 |
@@ -1,55 +1,3 @@
|
|
|
e0ab38 |
-# NIS Server plugin must be disabled by default
|
|
|
e0ab38 |
-# command 'ipa-nis-manage enable' enables NIS server
|
|
|
e0ab38 |
-dn: cn=NIS Server,cn=plugins,cn=config
|
|
|
e0ab38 |
-default:objectclass: top
|
|
|
e0ab38 |
-default:objectclass: nsSlapdPlugin
|
|
|
e0ab38 |
-default:objectclass: extensibleObject
|
|
|
e0ab38 |
-default:cn: NIS Server
|
|
|
e0ab38 |
-default:nsslapd-pluginpath: /usr/lib$LIBARCH/dirsrv/plugins/nisserver-plugin.so
|
|
|
e0ab38 |
-default:nsslapd-plugininitfunc: nis_plugin_init
|
|
|
e0ab38 |
-default:nsslapd-plugintype: object
|
|
|
e0ab38 |
-default:nsslapd-pluginbetxn: on
|
|
|
e0ab38 |
-default:nsslapd-pluginenabled: off
|
|
|
e0ab38 |
-default:nsslapd-pluginid: nis-server
|
|
|
e0ab38 |
-default:nsslapd-pluginversion: 0.10
|
|
|
e0ab38 |
-default:nsslapd-pluginvendor: redhat.com
|
|
|
e0ab38 |
-default:nsslapd-plugindescription: NIS Server Plugin
|
|
|
e0ab38 |
-default:nis-tcp-wrappers-name: nis-server
|
|
|
e0ab38 |
-
|
|
|
e0ab38 |
-# Correct syntax error that caused users to not appear
|
|
|
e0ab38 |
-dn: nis-domain=$DOMAIN+nis-map=netgroup, cn=NIS Server, cn=plugins, cn=config
|
|
|
e0ab38 |
-replace:nis-value-format: %merge(" ","%{memberNisNetgroup}","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\\\")\",\"-\"),%{nisDomainName:-})")::%merge(" ","%{memberNisNetgroup}","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\"),%{nisDomainName:-})")
|
|
|
e0ab38 |
-
|
|
|
e0ab38 |
-# Correct syntax error that caused nested netgroups to not work
|
|
|
e0ab38 |
-# https://bugzilla.redhat.com/show_bug.cgi?id=788625
|
|
|
e0ab38 |
-dn: nis-domain=$DOMAIN+nis-map=netgroup, cn=NIS Server, cn=plugins, cn=config
|
|
|
e0ab38 |
-replace:nis-value-format: %merge(" ","%{memberNisNetgroup}","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\"),%{nisDomainName:-})")::%merge(" ","%deref_f(\"member\",\"(objectclass=ipanisNetgroup)\",\"cn\")","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\"),%{nisDomainName:-})")
|
|
|
e0ab38 |
-
|
|
|
e0ab38 |
-# Make the padding an expression so usercat and hostcat always gets
|
|
|
e0ab38 |
-# evaluated when displaying entries.
|
|
|
e0ab38 |
-# https://bugzilla.redhat.com/show_bug.cgi?id=767372
|
|
|
e0ab38 |
-dn: nis-domain=$DOMAIN+nis-map=netgroup, cn=NIS Server, cn=plugins, cn=config
|
|
|
e0ab38 |
-replace:nis-value-format: %merge(" ","%deref_f(\"member\",\"(objectclass=ipanisNetgroup)\",\"cn\")","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\"),%{nisDomainName:-})")::%merge(" ","%deref_f(\"member\",\"(objectclass=ipanisNetgroup)\",\"cn\")","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"-\\\")\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"-\\\")\"),%{nisDomainName:-})")
|
|
|
e0ab38 |
-
|
|
|
e0ab38 |
-dn: nis-domain=$DOMAIN+nis-map=ethers.byaddr, cn=NIS Server, cn=plugins, cn=config
|
|
|
e0ab38 |
-default:objectclass: top
|
|
|
e0ab38 |
-default:objectclass: extensibleObject
|
|
|
e0ab38 |
-default:nis-domain: $DOMAIN
|
|
|
e0ab38 |
-default:nis-map: ethers.byaddr
|
|
|
e0ab38 |
-default:nis-base: cn=computers, cn=accounts, $SUFFIX
|
|
|
e0ab38 |
-default:nis-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
|
|
|
e0ab38 |
-default:nis-keys-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%1:%2:%3:%4:%5:%6")
|
|
|
e0ab38 |
-default:nis-values-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%1:%2:%3:%4:%5:%6 %7")
|
|
|
e0ab38 |
-default:nis-secure: no
|
|
|
e0ab38 |
-
|
|
|
e0ab38 |
-dn: nis-domain=$DOMAIN+nis-map=ethers.byname, cn=NIS Server, cn=plugins, cn=config
|
|
|
e0ab38 |
-default:objectclass: top
|
|
|
e0ab38 |
-default:objectclass: extensibleObject
|
|
|
e0ab38 |
-default:nis-domain: $DOMAIN
|
|
|
e0ab38 |
-default:nis-map: ethers.byname
|
|
|
e0ab38 |
-default:nis-base: cn=computers, cn=accounts, $SUFFIX
|
|
|
e0ab38 |
-default:nis-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
|
|
|
e0ab38 |
-default:nis-keys-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%7")
|
|
|
e0ab38 |
-default:nis-values-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%1:%2:%3:%4:%5:%6 %7")
|
|
|
e0ab38 |
-default:nis-secure: no
|
|
|
e0ab38 |
-
|
|
|
e0ab38 |
+# Updates are applied only if NIS plugin has been configured
|
|
|
e0ab38 |
+# update definitions are located in install/share/nis-update.uldif
|
|
|
e0ab38 |
+plugin: update_nis_configuration
|
|
|
e0ab38 |
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
|
|
|
e0ab38 |
index 215caf90ea1ca4e5db8f43f8f09002ce5d5cd280..12eb50bb2edd1680313c1e23c7ec83ede9fbd70c 100644
|
|
|
e0ab38 |
--- a/ipaplatform/base/paths.py
|
|
|
e0ab38 |
+++ b/ipaplatform/base/paths.py
|
|
|
e0ab38 |
@@ -247,6 +247,7 @@ class BasePathNamespace(object):
|
|
|
e0ab38 |
HTML_KRBREALM_CON = "/usr/share/ipa/html/krbrealm.con"
|
|
|
e0ab38 |
PREFERENCES_HTML = "/usr/share/ipa/html/preferences.html"
|
|
|
e0ab38 |
NIS_ULDIF = "/usr/share/ipa/nis.uldif"
|
|
|
e0ab38 |
+ NIS_UPDATE_ULDIF = "/usr/share/ipa/nis-update.uldif"
|
|
|
e0ab38 |
IPA_PLUGINS = "/usr/share/ipa/plugins"
|
|
|
e0ab38 |
SCHEMA_COMPAT_ULDIF = "/usr/share/ipa/schema_compat.uldif"
|
|
|
e0ab38 |
IPA_JS_PLUGINS_DIR = "/usr/share/ipa/ui/js/plugins"
|
|
|
e0ab38 |
diff --git a/ipaserver/install/plugins/update_nis.py b/ipaserver/install/plugins/update_nis.py
|
|
|
e0ab38 |
new file mode 100644
|
|
|
e0ab38 |
index 0000000000000000000000000000000000000000..6e12fed8c26cd3b12052700f4d4be5734121fc64
|
|
|
e0ab38 |
--- /dev/null
|
|
|
e0ab38 |
+++ b/ipaserver/install/plugins/update_nis.py
|
|
|
e0ab38 |
@@ -0,0 +1,86 @@
|
|
|
e0ab38 |
+#
|
|
|
e0ab38 |
+# Copyright (C) 2015 FreeIPA Contributors see COPYING for license
|
|
|
e0ab38 |
+#
|
|
|
e0ab38 |
+
|
|
|
e0ab38 |
+from ipalib.plugable import Registry
|
|
|
e0ab38 |
+from ipalib import errors
|
|
|
e0ab38 |
+from ipalib import Updater
|
|
|
e0ab38 |
+from ipaplatform.paths import paths
|
|
|
e0ab38 |
+from ipapython.dn import DN
|
|
|
e0ab38 |
+from ipaserver.install import sysupgrade
|
|
|
e0ab38 |
+from ipaserver.install.ldapupdate import LDAPUpdate
|
|
|
e0ab38 |
+
|
|
|
e0ab38 |
+register = Registry()
|
|
|
e0ab38 |
+
|
|
|
e0ab38 |
+
|
|
|
e0ab38 |
+@register()
|
|
|
e0ab38 |
+class update_nis_configuration(Updater):
|
|
|
e0ab38 |
+ """Update NIS configuration
|
|
|
e0ab38 |
+
|
|
|
e0ab38 |
+ NIS configuration can be updated only if NIS Server was configured via
|
|
|
e0ab38 |
+ ipa-nis-manage command.
|
|
|
e0ab38 |
+ """
|
|
|
e0ab38 |
+
|
|
|
e0ab38 |
+ def __recover_from_missing_maps(self, ldap):
|
|
|
e0ab38 |
+ # https://fedorahosted.org/freeipa/ticket/5507
|
|
|
e0ab38 |
+ # if all following DNs are missing, but 'NIS Server' container exists
|
|
|
e0ab38 |
+ # we are experiencig bug and maps should be fixed
|
|
|
e0ab38 |
+
|
|
|
e0ab38 |
+ if sysupgrade.get_upgrade_state('nis',
|
|
|
e0ab38 |
+ 'done_recover_from_missing_maps'):
|
|
|
e0ab38 |
+ # this recover must be done only once, a user may deleted some
|
|
|
e0ab38 |
+ # maps, we do not want to restore them again
|
|
|
e0ab38 |
+ return
|
|
|
e0ab38 |
+
|
|
|
e0ab38 |
+ self.log.debug("Recovering from missing NIS maps bug")
|
|
|
e0ab38 |
+
|
|
|
e0ab38 |
+ suffix = "cn=NIS Server,cn=plugins,cn=config"
|
|
|
e0ab38 |
+ domain = self.api.env.domain
|
|
|
e0ab38 |
+ missing_dn_list = [
|
|
|
e0ab38 |
+ DN(nis_map.format(domain=domain, suffix=suffix)) for nis_map in [
|
|
|
e0ab38 |
+ "nis-domain={domain}+nis-map=passwd.byname,{suffix}",
|
|
|
e0ab38 |
+ "nis-domain={domain}+nis-map=passwd.byuid,{suffix}",
|
|
|
e0ab38 |
+ "nis-domain={domain}+nis-map=group.byname,{suffix}",
|
|
|
e0ab38 |
+ "nis-domain={domain}+nis-map=group.bygid,{suffix}",
|
|
|
e0ab38 |
+ "nis-domain={domain}+nis-map=netid.byname,{suffix}",
|
|
|
e0ab38 |
+ "nis-domain={domain}+nis-map=netgroup,{suffix}",
|
|
|
e0ab38 |
+ ]
|
|
|
e0ab38 |
+ ]
|
|
|
e0ab38 |
+
|
|
|
e0ab38 |
+ for dn in missing_dn_list:
|
|
|
e0ab38 |
+ try:
|
|
|
e0ab38 |
+ ldap.get_entry(dn, attrs_list=['cn'])
|
|
|
e0ab38 |
+ except errors.NotFound:
|
|
|
e0ab38 |
+ pass
|
|
|
e0ab38 |
+ else:
|
|
|
e0ab38 |
+ # bug is not effective, at least one of 'possible missing'
|
|
|
e0ab38 |
+ # maps was detected
|
|
|
e0ab38 |
+ return
|
|
|
e0ab38 |
+
|
|
|
e0ab38 |
+ sysupgrade.set_upgrade_state('nis', 'done_recover_from_missing_maps',
|
|
|
e0ab38 |
+ True)
|
|
|
e0ab38 |
+
|
|
|
e0ab38 |
+ # bug is effective run update to recreate missing maps
|
|
|
e0ab38 |
+ ld = LDAPUpdate(sub_dict={}, ldapi=True)
|
|
|
e0ab38 |
+ ld.update([paths.NIS_ULDIF])
|
|
|
e0ab38 |
+
|
|
|
e0ab38 |
+ def execute(self, **options):
|
|
|
e0ab38 |
+ ldap = self.api.Backend.ldap2
|
|
|
e0ab38 |
+ dn = DN(('cn', 'NIS Server'), ('cn', 'plugins'), ('cn', 'config'))
|
|
|
e0ab38 |
+ try:
|
|
|
e0ab38 |
+ ldap.get_entry(dn, attrs_list=['cn'])
|
|
|
e0ab38 |
+ except errors.NotFound:
|
|
|
e0ab38 |
+ # NIS is not configured on system, do not execute update
|
|
|
e0ab38 |
+ self.log.debug("Skipping NIS update, NIS Server is not configured")
|
|
|
e0ab38 |
+
|
|
|
e0ab38 |
+ # container does not exist, bug #5507 is not effective
|
|
|
e0ab38 |
+ sysupgrade.set_upgrade_state(
|
|
|
e0ab38 |
+ 'nis', 'done_recover_from_missing_maps', True)
|
|
|
e0ab38 |
+ else:
|
|
|
e0ab38 |
+ self.__recover_from_missing_maps(ldap)
|
|
|
e0ab38 |
+
|
|
|
e0ab38 |
+ self.log.debug("Executing NIS Server update")
|
|
|
e0ab38 |
+ ld = LDAPUpdate(sub_dict={}, ldapi=True)
|
|
|
e0ab38 |
+ ld.update([paths.NIS_UPDATE_ULDIF])
|
|
|
e0ab38 |
+
|
|
|
e0ab38 |
+ return False, ()
|
|
|
e0ab38 |
--
|
|
|
e0ab38 |
2.4.3
|
|
|
e0ab38 |
|