Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

# Authors: Rob Crittenden <rcritten@redhat.com> 

# 

# Copyright (C) 2011  Red Hat 

# see file 'COPYING' for use and warranty information 

# 

# This program is free software; you can redistribute it and/or modify 

# it under the terms of the GNU General Public License as published by 

# the Free Software Foundation, either version 3 of the License, or 

# (at your option) any later version. 

# 

# This program is distributed in the hope that it will be useful, 

# but WITHOUT ANY WARRANTY; without even the implied warranty of 

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the 

# GNU General Public License for more details. 

# 

# You should have received a copy of the GNU General Public License 

# along with this program.  If not, see <http://www.gnu.org/licenses/>. 

# 

 

import os 

from ipaserver.install.plugins import FIRST, MIDDLE, LAST 

from ipaserver.install.plugins import POST_UPDATE 

from ipaserver.install.plugins.baseupdate import DSRestart 

from ipaserver.install.ldapupdate import LDAPUpdate 

from ipapython.ipautil import wait_for_open_socket 

from ipalib import api 

from ipalib import backend 

from ipapython.dn import DN 

import ldap as _ldap 

 

class updateclient(backend.Executioner): 

    """ 

    Backend used for applying LDAP updates via plugins 

 

    An update plugin can be executed before the file-based plugins or 

    afterward. Each plugin returns three values: 

 

    1. restart: dirsrv needs to be restarted BEFORE this update is 

                 applied. 

    2. apply_now: when True the update is applied when the plugin 

                  returns. Otherwise the update is cached until all 

                  plugins of that update type are complete, then they 

                  are applied together. 

    3. updates: A dictionary of updates to be applied. 

 

    updates is a dictionary keyed on dn. The value of an update is a 

    dictionary with the following possible values: 

      - dn: DN, equal to the dn attribute 

      - updates: list of updates against the dn 

      - default: list of the default entry to be added if it doesn't 

                 exist 

      - deleteentry: list of dn's to be deleted (typically single dn) 

 

    For example, this update file: 

 

      dn: cn=global_policy,cn=$REALM,cn=kerberos,$SUFFIX 

      replace:krbPwdLockoutDuration:10::600 

      replace: krbPwdMaxFailure:3::6 

 

    Generates this update dictionary: 

 

    dict('cn=global_policy,cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com': 

      dict( 

        'dn': 'cn=global_policy,cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com', 

        'updates': ['replace:krbPwdLockoutDuration:10::600', 

                    'replace:krbPwdMaxFailure:3::6'] 

      ) 

    ) 

 

    Here is another example showing how a default entry is configured: 

 

      dn: cn=Managed Entries,cn=etc,$SUFFIX 

      default: objectClass: nsContainer 

      default: objectClass: top 

      default: cn: Managed Entries 

 

    This generates: 

 

    dict('cn=Managed Entries,cn=etc,dc=example,dc=com', 

      dict( 

        'dn': 'cn=Managed Entries,cn=etc,dc=example,dc=com', 

        'default': ['objectClass:nsContainer', 

                    'objectClass:top', 

                    'cn:Managed Entries' 

                   ] 

       ) 

    ) 

 

    Note that the variable substitution in both examples has been completed. 

 

    A PRE_UPDATE plugin is executed before file-based updates. 

 

    A POST_UPDATE plugin is executed after file-based updates. 

 

    Plugins are executed automatically when ipa-ldap-updater is run 

    in upgrade mode (--upgrade). They are not executed normally otherwise. 

    To execute plugins as well use the --plugins flag. 

 

    Either may make changes directly in LDAP or can return updates in 

    update format. 

    """ 

    def create_context(self, dm_password): 

        if dm_password: 

            autobind = False 

        else: 

            autobind = True 

        self.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')), bind_pw=dm_password, autobind=autobind) 

 

    def order(self, updatetype): 

        """Return plugins of the given updatetype in sorted order. 

        """ 

        ordered = [plugin for plugin in api.Updater()  # pylint: disable=E1101 

                   if plugin.updatetype == updatetype] 

        ordered.sort(key=lambda p: p.order) 

        return ordered 

 

    def update(self, updatetype, dm_password, ldapi, live_run): 

        """ 

        Execute all update plugins of type updatetype. 

        """ 

        self.create_context(dm_password) 

        kw = dict(live_run=live_run) 

        result = [] 

        ld = LDAPUpdate(dm_password=dm_password, sub_dict={}, live_run=live_run, ldapi=ldapi) 

        for update in self.order(updatetype): 

            (restart, apply_now, res) = self.run(update.name, **kw) 

            if restart: 

                self.restart(dm_password, live_run) 

 

            if apply_now: 

                updates = {} 

                for entry in res: 

                    updates.update(entry) 

                ld.update_from_dict(updates) 

            elif res: 

                result.extend(res) 

 

        self.destroy_context() 

 

        return result 

 

    def run(self, method, **kw): 

        """ 

        Execute the update plugin. 

        """ 

        return self.Updater[method](**kw) #pylint: disable=E1101 

 

    def restart(self, dm_password, live_run): 

        dsrestart = DSRestart() 

        socket_name = '/var/run/slapd-%s.socket' % \ 

            api.env.realm.replace('.','-') 

        if live_run: 

            self.destroy_context() 

            dsrestart.create_instance() 

            wait_for_open_socket(socket_name) 

            self.create_context(dm_password) 

        else: 

            self.log.warn("Test mode, skipping restart") 

 

api.register(updateclient)