rpms/ipa
7
0
Fork 0
Code Issues Pull Requests Releases Activity
c10s
ipa/0002-freeipa-disable-nis.patch
Florence Blanc-Renaud 0378d5e4e5 ipa-4.12.2.1 
- Resolves: RHEL-54545 Covscan issues: Resource Leak
- Resolves: RHEL-54304 support for python cryptography 43.0.0
- Resolves: RHEL-49805 misleading warning for missing ipa-selinux-nfast package on luna hsm h/w
- Resolves: RHEL-46897 With unreachable AD, ipa trust returns an internal error

Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
2024-08-21 21:17:57 +02:00

901 lines
41 KiB
Diff
Raw Permalink Blame History

From da1ec155fb5d5afc29b70ff4d68f0d774aa7f245 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Mon, 29 Apr 2024 10:10:08 +0300
Subject: [PATCH] Remove NIS server support
RHEL 8.3+ already deprecated support for NIS protocol.
RHEL 9 does not ship NIS client side
RHEL 10 removes NIS server emulator support
Remove NIS server integration from the migration and
management tools.
Fixes: https://pagure.io/freeipa/issue/9363
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
---
freeipa.spec.in | 2 -
install/share/Makefile.am | 2 -
install/share/nis-update.uldif | 38 ----
install/share/nis.uldif | 96 ----------
install/tools/Makefile.am | 2 -
install/tools/ipa-compat-manage.in | 17 +-
install/tools/ipa-nis-manage.in | 205 ---------------------
install/tools/man/Makefile.am | 1 -
install/tools/man/ipa-nis-manage.1 | 51 -----
install/updates/10-enable-betxn.update | 3 -
install/updates/50-nis.update | 3 -
install/updates/Makefile.am | 1 -
ipaplatform/base/paths.py | 2 -
ipaserver/install/ipa_migrate.py | 27 +--
ipaserver/install/ipa_migrate_constants.py | 24 ---
ipaserver/install/plugins/update_nis.py | 92 ---------
ipatests/test_cmdline/test_cli.py | 1 -
ipatests/test_integration/test_commands.py | 87 ---------
18 files changed, 16 insertions(+), 638 deletions(-)
delete mode 100644 install/share/nis-update.uldif
delete mode 100644 install/share/nis.uldif
delete mode 100644 install/tools/ipa-nis-manage.in
delete mode 100644 install/tools/man/ipa-nis-manage.1
delete mode 100644 install/updates/50-nis.update
delete mode 100644 ipaserver/install/plugins/update_nis.py
diff --git a/freeipa.spec.in b/freeipa.spec.in
index e370290bc..b5e33a6ac 100755
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -1508,7 +1508,6 @@ fi
%{_sbindir}/ipa-ldap-updater
%{_sbindir}/ipa-otptoken-import
%{_sbindir}/ipa-compat-manage
-%{_sbindir}/ipa-nis-manage
%{_sbindir}/ipa-managed-entries
%{_sbindir}/ipactl
%{_sbindir}/ipa-advise
@@ -1583,7 +1582,6 @@ fi
%{_mandir}/man1/ipa-ca-install.1*
%{_mandir}/man1/ipa-kra-install.1*
%{_mandir}/man1/ipa-compat-manage.1*
-%{_mandir}/man1/ipa-nis-manage.1*
%{_mandir}/man1/ipa-managed-entries.1*
%{_mandir}/man1/ipa-ldap-updater.1*
%{_mandir}/man8/ipactl.8*
diff --git a/install/share/Makefile.am b/install/share/Makefile.am
index 4029297b7..24664ca3b 100644
--- a/install/share/Makefile.am
+++ b/install/share/Makefile.am
@@ -67,8 +67,6 @@ dist_app_DATA = \
master-entry.ldif \
memberof-task.ldif \
memberof-conf.ldif \
- nis.uldif \
- nis-update.uldif \
opendnssec_conf.template \
opendnssec_kasp.template \
unique-attributes.ldif \
diff --git a/install/share/nis-update.uldif b/install/share/nis-update.uldif
deleted file mode 100644
index e602c1de0..000000000
--- a/install/share/nis-update.uldif
+++ /dev/null
@@ -1,38 +0,0 @@
-# Updates for NIS
-
-# Correct syntax error that caused users to not appear
-dn: nis-domain=$DOMAIN+nis-map=netgroup, cn=NIS Server, cn=plugins, cn=config
-replace:nis-value-format: %merge(" ","%{memberNisNetgroup}","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\\\")\",\"-\"),%{nisDomainName:-})")::%merge(" ","%{memberNisNetgroup}","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\"),%{nisDomainName:-})")
-
-# Correct syntax error that caused nested netgroups to not work
-# https://bugzilla.redhat.com/show_bug.cgi?id=788625
-dn: nis-domain=$DOMAIN+nis-map=netgroup, cn=NIS Server, cn=plugins, cn=config
-replace:nis-value-format: %merge(" ","%{memberNisNetgroup}","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\"),%{nisDomainName:-})")::%merge(" ","%deref_f(\"member\",\"(objectclass=ipanisNetgroup)\",\"cn\")","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\"),%{nisDomainName:-})")
-
-# Make the padding an expression so usercat and hostcat always gets
-# evaluated when displaying entries.
-# https://bugzilla.redhat.com/show_bug.cgi?id=767372
-dn: nis-domain=$DOMAIN+nis-map=netgroup, cn=NIS Server, cn=plugins, cn=config
-replace:nis-value-format: %merge(" ","%deref_f(\"member\",\"(objectclass=ipanisNetgroup)\",\"cn\")","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\"),%{nisDomainName:-})")::%merge(" ","%deref_f(\"member\",\"(objectclass=ipanisNetgroup)\",\"cn\")","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"-\\\")\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"-\\\")\"),%{nisDomainName:-})")
-
-dn: nis-domain=$DOMAIN+nis-map=ethers.byaddr, cn=NIS Server, cn=plugins, cn=config
-default:objectclass: top
-default:objectclass: extensibleObject
-default:nis-domain: $DOMAIN
-default:nis-map: ethers.byaddr
-default:nis-base: cn=computers, cn=accounts, $SUFFIX
-default:nis-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
-default:nis-keys-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%1:%2:%3:%4:%5:%6")
-default:nis-values-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%1:%2:%3:%4:%5:%6 %7")
-default:nis-secure: no
-
-dn: nis-domain=$DOMAIN+nis-map=ethers.byname, cn=NIS Server, cn=plugins, cn=config
-default:objectclass: top
-default:objectclass: extensibleObject
-default:nis-domain: $DOMAIN
-default:nis-map: ethers.byname
-default:nis-base: cn=computers, cn=accounts, $SUFFIX
-default:nis-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
-default:nis-keys-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%7")
-default:nis-values-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%1:%2:%3:%4:%5:%6 %7")
-default:nis-secure: no
diff --git a/install/share/nis.uldif b/install/share/nis.uldif
deleted file mode 100644
index 1735fb552..000000000
--- a/install/share/nis.uldif
+++ /dev/null
@@ -1,96 +0,0 @@
-dn: cn=NIS Server, cn=plugins, cn=config
-default:objectclass: top
-default:objectclass: nsSlapdPlugin
-default:objectclass: extensibleObject
-default:cn: NIS Server
-default:nsslapd-pluginpath: /usr/lib$LIBARCH/dirsrv/plugins/nisserver-plugin.so
-default:nsslapd-plugininitfunc: nis_plugin_init
-default:nsslapd-plugintype: object
-default:nsslapd-pluginbetxn: on
-default:nsslapd-pluginenabled: on
-default:nsslapd-pluginid: nis-server
-default:nsslapd-pluginversion: 0.10
-default:nsslapd-pluginvendor: redhat.com
-default:nsslapd-plugindescription: NIS Server Plugin
-default:nis-tcp-wrappers-name: nis-server
-
-dn: nis-domain=$DOMAIN+nis-map=passwd.byname, cn=NIS Server, cn=plugins, cn=config
-default:objectclass: top
-default:objectclass: extensibleObject
-default:nis-domain: $DOMAIN
-default:nis-map: passwd.byname
-default:nis-base: cn=users, cn=accounts, $SUFFIX
-default:nis-secure: no
-
-dn: nis-domain=$DOMAIN+nis-map=passwd.byuid, cn=NIS Server, cn=plugins, cn=config
-default:objectclass: top
-default:objectclass: extensibleObject
-default:nis-domain: $DOMAIN
-default:nis-map: passwd.byuid
-default:nis-base: cn=users, cn=accounts, $SUFFIX
-default:nis-secure: no
-
-dn: nis-domain=$DOMAIN+nis-map=group.byname, cn=NIS Server, cn=plugins, cn=config
-default:objectclass: top
-default:objectclass: extensibleObject
-default:nis-domain: $DOMAIN
-default:nis-map: group.byname
-default:nis-base: cn=groups, cn=accounts, $SUFFIX
-default:nis-secure: no
-
-dn: nis-domain=$DOMAIN+nis-map=group.bygid, cn=NIS Server, cn=plugins, cn=config
-default:objectclass: top
-default:objectclass: extensibleObject
-default:nis-domain: $DOMAIN
-default:nis-map: group.bygid
-default:nis-base: cn=groups, cn=accounts, $SUFFIX
-default:nis-secure: no
-
-dn: nis-domain=$DOMAIN+nis-map=netid.byname, cn=NIS Server, cn=plugins, cn=config
-default:objectclass: top
-default:objectclass: extensibleObject
-default:nis-domain: $DOMAIN
-default:nis-map: netid.byname
-default:nis-base: cn=users, cn=accounts, $SUFFIX
-default:nis-secure: no
-
-# Note that the escapes in this entry can be quite confusing. The trick
-# is that each level of nesting requires (2^n) - 1 escapes. So the
-# first level is \", the second is \\\", the third is \\\\\\\", etc.
-# (1, 3, 7, 15, more than that and you'll go insane)
-
-# Note that this configuration mirrors the Schema Compat configuration for
-# triples.
-dn: nis-domain=$DOMAIN+nis-map=netgroup, cn=NIS Server, cn=plugins, cn=config
-default:objectclass: top
-default:objectclass: extensibleObject
-default:nis-domain: $DOMAIN
-default:nis-map: netgroup
-default:nis-base: cn=ng, cn=alt, $SUFFIX
-default:nis-filter: (objectClass=ipanisNetgroup)
-default:nis-key-format: %{cn}
-default:nis-value-format:%merge(" ","%deref_f(\"member\",\"(objectclass=ipanisNetgroup)\",\"cn\")","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"-\\\")\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"-\\\")\"),%{nisDomainName:-})")
-default:nis-secure: no
-
-dn: nis-domain=$DOMAIN+nis-map=ethers.byaddr, cn=NIS Server, cn=plugins, cn=config
-default:objectclass: top
-default:objectclass: extensibleObject
-default:nis-domain: $DOMAIN
-default:nis-map: ethers.byaddr
-default:nis-base: cn=computers, cn=accounts, $SUFFIX
-default:nis-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
-default:nis-keys-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%1:%2:%3:%4:%5:%6")
-default:nis-values-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%1:%2:%3:%4:%5:%6 %7")
-default:nis-secure: no
-
-dn: nis-domain=$DOMAIN+nis-map=ethers.byname, cn=NIS Server, cn=plugins, cn=config
-default:objectclass: top
-default:objectclass: extensibleObject
-default:nis-domain: $DOMAIN
-default:nis-map: ethers.byname
-default:nis-base: cn=computers, cn=accounts, $SUFFIX
-default:nis-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
-default:nis-keys-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%7")
-default:nis-values-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%1:%2:%3:%4:%5:%6 %7")
-default:nis-secure: no
-
diff --git a/install/tools/Makefile.am b/install/tools/Makefile.am
index c454fad97..a5306ffe9 100644
--- a/install/tools/Makefile.am
+++ b/install/tools/Makefile.am
@@ -19,7 +19,6 @@ dist_noinst_DATA = \
ipa-server-upgrade.in \
ipactl.in \
ipa-compat-manage.in \
- ipa-nis-manage.in \
ipa-managed-entries.in \
ipa-ldap-updater.in \
ipa-otptoken-import.in \
@@ -56,7 +55,6 @@ nodist_sbin_SCRIPTS = \
ipa-server-upgrade \
ipactl \
ipa-compat-manage \
- ipa-nis-manage \
ipa-managed-entries \
ipa-ldap-updater \
ipa-otptoken-import \
diff --git a/install/tools/ipa-compat-manage.in b/install/tools/ipa-compat-manage.in
index 459f39fc8..70dd7c451 100644
--- a/install/tools/ipa-compat-manage.in
+++ b/install/tools/ipa-compat-manage.in
@@ -26,6 +26,7 @@ from ipaplatform.paths import paths
try:
from optparse import OptionParser # pylint: disable=deprecated-module
from ipapython import ipautil, config
+ from ipapython.ipaldap import realm_to_serverid
from ipaserver.install import installutils
from ipaserver.install.ldapupdate import LDAPUpdate
from ipalib import api, errors
@@ -150,9 +151,19 @@ def main():
try:
entry = get_entry(nis_config_dn)
# We can't disable schema compat if the NIS plugin is enabled
- if entry is not None and entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'on':
- print("The NIS plugin is configured, cannot disable compatibility.", file=sys.stderr)
- print("Run 'ipa-nis-manage disable' first.", file=sys.stderr)
+ if (
+ entry is not None
+ and entry.get("nsslapd-pluginenabled", [""])[0].lower() == "on"
+ ):
+ instance = realm_to_serverid(api.env.realm)
+ print(
+ "The NIS plugin is configured, cannot "
+ "disable compatibility.", file=sys.stderr,
+ )
+ print(
+ f"Run \"dsconf {instance} plugin set --enabled off "
+ "'NIS Server'\" first.", file=sys.stderr,
+ )
retval = 2
except errors.ExecutionError as lde:
print("An error occurred while talking to the server.")
diff --git a/install/tools/ipa-nis-manage.in b/install/tools/ipa-nis-manage.in
deleted file mode 100644
index 6b156ce6a..000000000
--- a/install/tools/ipa-nis-manage.in
+++ /dev/null
@@ -1,205 +0,0 @@
-#!/usr/bin/python3
-# Authors: Rob Crittenden <rcritten@redhat.com>
-# Authors: Simo Sorce <ssorce@redhat.com>
-#
-# Copyright (C) 2009 Red Hat
-# see file 'COPYING' for use and warranty information
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-
-from __future__ import print_function
-
-import sys
-import os
-from ipaplatform.paths import paths
-try:
- from optparse import OptionParser # pylint: disable=deprecated-module
- from ipapython import ipautil, config
- from ipaserver.install import installutils
- from ipaserver.install.ldapupdate import LDAPUpdate
- from ipalib import api, errors
- from ipapython.ipa_log_manager import standard_logging_setup
- from ipapython.dn import DN
- from ipaplatform import services
-except ImportError as e:
- print("""\
-There was a problem importing one of the required Python modules. The
-error was:
-
- %s
-""" % e, file=sys.stderr)
- sys.exit(1)
-
-nis_config_dn = DN(('cn', 'NIS Server'), ('cn', 'plugins'), ('cn', 'config'))
-compat_dn = DN(('cn', 'Schema Compatibility'), ('cn', 'plugins'), ('cn', 'config'))
-
-def parse_options():
- usage = "%prog [options] <enable|disable|status>\n"
- usage += "%prog [options]\n"
- parser = OptionParser(usage=usage, formatter=config.IPAFormatter())
-
- parser.add_option("-d", "--debug", action="store_true", dest="debug",
- help="Display debugging information about the update(s)")
- parser.add_option("-y", dest="password",
- help="File containing the Directory Manager password")
-
- config.add_standard_options(parser)
- options, args = parser.parse_args()
-
- return options, args
-
-def get_dirman_password():
- """Prompt the user for the Directory Manager password and verify its
- correctness.
- """
- password = installutils.read_password("Directory Manager", confirm=False, validate=False, retry=False)
-
- return password
-
-def get_entry(dn):
- """
- Return the entry for the given DN. If the entry is not found return
- None.
- """
- entry = None
- try:
- entry = api.Backend.ldap2.get_entry(dn)
- except errors.NotFound:
- pass
- return entry
-
-def main():
- retval = 0
- files = [paths.NIS_ULDIF]
- servicemsg = ""
-
- if os.getegid() != 0:
- sys.exit('Must be root to use this tool.')
-
- installutils.check_server_configuration()
-
- options, args = parse_options()
-
- if len(args) != 1:
- sys.exit("You must specify one action: enable | disable | status")
- elif args[0] not in {"enable", "disable", "status"}:
- sys.exit("Unrecognized action [" + args[0] + "]")
-
- standard_logging_setup(None, debug=options.debug)
- dirman_password = ""
- if options.password:
- try:
- pw = ipautil.template_file(options.password, [])
- except IOError:
- sys.exit("File \"%s\" not found or not readable" % options.password)
- dirman_password = pw.strip()
- else:
- dirman_password = get_dirman_password()
- if dirman_password is None:
- sys.exit("Directory Manager password required")
-
- if not dirman_password:
- sys.exit("No password supplied")
-
- api.bootstrap(
- context='cli', confdir=paths.ETC_IPA,
- debug=options.debug, in_server=True)
- api.finalize()
- api.Backend.ldap2.connect(bind_pw=dirman_password)
-
- if args[0] == "enable":
- compat = get_entry(compat_dn)
- if compat is None or compat.get('nsslapd-pluginenabled', [''])[0].lower() == 'off':
- sys.exit("The compat plugin needs to be enabled: ipa-compat-manage enable")
- entry = None
- try:
- entry = get_entry(nis_config_dn)
- except errors.ExecutionError as lde:
- print("An error occurred while talking to the server.")
- print(lde)
- retval = 1
-
- # Enable either the portmap or rpcbind service
- portmap = services.knownservices.portmap
- rpcbind = services.knownservices.rpcbind
-
- if portmap.is_installed():
- portmap.enable()
- servicemsg = portmap.service_name
- elif rpcbind.is_installed():
- rpcbind.enable()
- servicemsg = rpcbind.service_name
- else:
- print("Unable to enable either %s or %s" % (portmap.service_name, rpcbind.service_name))
- retval = 3
-
- # The cn=config entry for the plugin may already exist but it
- # could be turned off, handle both cases.
- if entry is None:
- print("Enabling plugin")
- ld = LDAPUpdate()
- if ld.update(files) != True:
- retval = 1
- elif entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'off':
- print("Enabling plugin")
- # Already configured, just enable the plugin
- entry['nsslapd-pluginenabled'] = ['on']
- api.Backend.ldap2.update_entry(entry)
- else:
- print("Plugin already Enabled")
- retval = 2
-
- elif args[0] == "disable":
- try:
- entry = api.Backend.ldap2.get_entry(nis_config_dn, ['nsslapd-pluginenabled'])
- entry['nsslapd-pluginenabled'] = ['off']
- api.Backend.ldap2.update_entry(entry)
- except (errors.NotFound, errors.EmptyModlist):
- print("Plugin is already disabled")
- retval = 2
- except errors.LDAPError as lde:
- print("An error occurred while talking to the server.")
- print(lde)
- retval = 1
-
- elif args[0] == "status":
- nis_entry = get_entry(nis_config_dn)
- enabled = (nis_entry and
- nis_entry.get(
- 'nsslapd-pluginenabled', '')[0].lower() == "on")
- if enabled:
- print("Plugin is enabled")
- retval = 0
- else:
- print("Plugin is not enabled")
- retval = 4
-
- else:
- retval = 1
-
- if retval == 0:
- if args[0] in {"enable", "disable"}:
- print("This setting will not take effect until you restart "
- "Directory Server.")
-
- if args[0] == "enable":
- print("The %s service may need to be started." % servicemsg)
-
- api.Backend.ldap2.disconnect()
-
- return retval
-
-if __name__ == '__main__':
- installutils.run_script(main, operation_name='ipa-nis-manage')
diff --git a/install/tools/man/Makefile.am b/install/tools/man/Makefile.am
index 34f359863..282407602 100644
--- a/install/tools/man/Makefile.am
+++ b/install/tools/man/Makefile.am
@@ -18,7 +18,6 @@ dist_man1_MANS = \
ipa-kra-install.1 \
ipa-ldap-updater.1 \
ipa-compat-manage.1 \
- ipa-nis-manage.1 \
ipa-managed-entries.1 \
ipa-backup.1 \
ipa-restore.1 \
diff --git a/install/tools/man/ipa-nis-manage.1 b/install/tools/man/ipa-nis-manage.1
deleted file mode 100644
index 1107b7790..000000000
--- a/install/tools/man/ipa-nis-manage.1
+++ /dev/null
@@ -1,51 +0,0 @@
-.\" A man page for ipa-nis-manage
-.\" Copyright (C) 2009 Red Hat, Inc.
-.\"
-.\" This program is free software; you can redistribute it and/or modify
-.\" it under the terms of the GNU General Public License as published by
-.\" the Free Software Foundation, either version 3 of the License, or
-.\" (at your option) any later version.
-.\"
-.\" This program is distributed in the hope that it will be useful, but
-.\" WITHOUT ANY WARRANTY; without even the implied warranty of
-.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-.\" General Public License for more details.
-.\"
-.\" You should have received a copy of the GNU General Public License
-.\" along with this program. If not, see <http://www.gnu.org/licenses/>.
-.\"
-.\" Author: Rob Crittenden <rcritten@redhat.com>
-.\"
-.TH "ipa-nis-manage" "1" "April 25 2016" "IPA" "IPA Manual Pages"
-.SH "NAME"
-ipa\-nis\-manage \- Enables or disables the NIS listener plugin
-.SH "SYNOPSIS"
-ipa\-nis\-manage [options] <enable|disable|status>
-.SH "DESCRIPTION"
-Run the command with the \fBenable\fR option to enable the NIS plugin.
-
-Run the command with the \fBdisable\fR option to disable the NIS plugin.
-
-Run the command with the \fBstatus\fR option to read status of the NIS plugin. Return code 0 indicates enabled plugin, return code 4 indicates disabled plugin.
-
-In all cases the user will be prompted to provide the Directory Manager's password unless option \fB\-y\fR is used.
-
-Directory Server will need to be restarted after the NIS listener plugin has been enabled.
-
-.SH "OPTIONS"
-.TP
-\fB\-d\fR, \fB\-\-debug\fR
-Enable debug logging when more verbose output is needed
-.TP
-\fB\-y\fR \fIfile\fR
-File containing the Directory Manager password
-.SH "EXIT STATUS"
-0 if the command was successful
-
-1 if an error occurred
-
-2 if the plugin is already in the required status (enabled or disabled)
-
-3 if RPC services cannot be enabled.
-
-4 if status command detected plugin in disabled state.
diff --git a/install/updates/10-enable-betxn.update b/install/updates/10-enable-betxn.update
index 1f89341c7..9525292cb 100644
--- a/install/updates/10-enable-betxn.update
+++ b/install/updates/10-enable-betxn.update
@@ -44,6 +44,3 @@ only: nsslapd-pluginbetxn: on
dn: cn=Schema Compatibility, cn=plugins, cn=config
onlyifexist: nsslapd-pluginbetxn: on
-
-dn: cn=NIS Server, cn=plugins, cn=config
-onlyifexist: nsslapd-pluginbetxn: on
diff --git a/install/updates/50-nis.update b/install/updates/50-nis.update
deleted file mode 100644
index 05a166f00..000000000
--- a/install/updates/50-nis.update
+++ /dev/null
@@ -1,3 +0,0 @@
-# Updates are applied only if NIS plugin has been configured
-# update definitions are located in install/share/nis-update.uldif
-plugin: update_nis_configuration
diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am
index fd96831d8..cce2670a6 100644
--- a/install/updates/Makefile.am
+++ b/install/updates/Makefile.am
@@ -52,7 +52,6 @@ app_DATA = \
50-groupuuid.update \
50-hbacservice.update \
50-krbenctypes.update \
- 50-nis.update \
50-ipaconfig.update \
55-pbacmemberof.update \
59-trusts-sysacount.update \
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index b339d2202..aed293845 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -295,8 +295,6 @@ class BasePathNamespace:
KRB_CON = "/usr/share/ipa/html/krb.con"
HTML_KRB5_INI = "/usr/share/ipa/html/krb5.ini"
HTML_KRBREALM_CON = "/usr/share/ipa/html/krbrealm.con"
- NIS_ULDIF = "/usr/share/ipa/nis.uldif"
- NIS_UPDATE_ULDIF = "/usr/share/ipa/nis-update.uldif"
SCHEMA_COMPAT_ULDIF = "/usr/share/ipa/updates/91-schema_compat.update"
SCHEMA_COMPAT_POST_ULDIF = "/usr/share/ipa/schema_compat_post.uldif"
IPA_JS_PLUGINS_DIR = "/usr/share/ipa/ui/js/plugins"
diff --git a/ipaserver/install/ipa_migrate.py b/ipaserver/install/ipa_migrate.py
index e21937401..a889143ec 100644
--- a/ipaserver/install/ipa_migrate.py
+++ b/ipaserver/install/ipa_migrate.py
@@ -31,7 +31,7 @@ from ipapython.ipa_log_manager import standard_logging_setup
from ipaserver.install.ipa_migrate_constants import (
DS_CONFIG, DB_OBJECTS, DS_INDEXES, BIND_DN, LOG_FILE_NAME,
STRIP_OP_ATTRS, STRIP_ATTRS, STRIP_OC, PROD_ATTRS,
- DNA_REGEN_VAL, DNA_REGEN_ATTRS, NIS_PLUGIN, IGNORE_ATTRS,
+ DNA_REGEN_VAL, DNA_REGEN_ATTRS, IGNORE_ATTRS,
DB_EXCLUDE_TREES
)
@@ -718,8 +718,7 @@ class IPAMigrate():
self.log_info(title)
self.log_info('-' * (len(title) - 1))
logged_something = self.log_stats(DS_CONFIG)
- if self.args.verbose or NIS_PLUGIN['count'] > 0:
- self.log_info(f" - NIS Server Plugin: {NIS_PLUGIN['count']}")
+ if self.args.verbose:
logged_something = True
if not self.log_stats(DS_INDEXES) and not logged_something:
self.log_info(" - No updates")
@@ -1847,28 +1846,6 @@ class IPAMigrate():
add_missing=True)
stats['config_processed'] += 1
- # Slapi NIS Plugin
- if DN(NIS_PLUGIN['dn']) == DN(entry['dn']):
- # Parent plugin entry
- self.process_config_entry(
- entry['dn'], entry['attrs'], NIS_PLUGIN,
- add_missing=True)
- stats['config_processed'] += 1
- elif DN(NIS_PLUGIN['dn']) in DN(entry['dn']):
- # Child NIS plugin entry
- nis_dn = entry['dn']
- lc_remote_realm = self.remote_realm.lower()
- lc_realm = self.realm.lower()
- nis_dn = nis_dn.replace(lc_remote_realm, lc_realm)
- if 'nis-domain' in entry['attrs']:
- value = entry['attrs']['nis-domain'][0]
- value = value.replace(lc_remote_realm, lc_realm)
- entry['attrs']['nis-domain'][0] = value
- # Process the entry
- self.process_config_entry(nis_dn, entry['attrs'], NIS_PLUGIN,
- add_missing=True)
- stats['config_processed'] += 1
-
#
# Migration
#
diff --git a/ipaserver/install/ipa_migrate_constants.py b/ipaserver/install/ipa_migrate_constants.py
index 0e26c7549..e0e504741 100644
--- a/ipaserver/install/ipa_migrate_constants.py
+++ b/ipaserver/install/ipa_migrate_constants.py
@@ -502,30 +502,6 @@ DS_CONFIG = {
},
}
-#
-# Slpai NIS is an optional plugin. It requires special handling
-#
-NIS_PLUGIN = {
- 'dn': 'cn=NIS Server,cn=plugins,cn=config',
- 'attrs': [
- 'nis-domain',
- 'nis-base',
- 'nis-map',
- 'nis-filter',
- 'nis-key-format:',
- 'nis-values-format:',
- 'nis-secure',
- 'nis-disallowed-chars',
- # Parent plugin entry
- 'nsslapd-pluginarg0',
- 'nsslapd-pluginenabled'
- ],
- 'multivalued': [],
- 'label': 'NIS Server Plugin',
- 'mode': 'all',
- 'count': 0,
-}
-
#
# This mapping is simliar to above but it handles container entries
# This could be built into the above mapping using the "comma" approach
diff --git a/ipaserver/install/plugins/update_nis.py b/ipaserver/install/plugins/update_nis.py
deleted file mode 100644
index c02eb5f83..000000000
--- a/ipaserver/install/plugins/update_nis.py
+++ /dev/null
@@ -1,92 +0,0 @@
-#
-# Copyright (C) 2015 FreeIPA Contributors see COPYING for license
-#
-
-from __future__ import absolute_import
-
-import logging
-
-from ipalib.plugable import Registry
-from ipalib import errors
-from ipalib import Updater
-from ipaplatform.paths import paths
-from ipapython.dn import DN
-from ipaserver.install import sysupgrade
-from ipaserver.install.ldapupdate import LDAPUpdate
-
-logger = logging.getLogger(__name__)
-
-register = Registry()
-
-
-@register()
-class update_nis_configuration(Updater):
- """Update NIS configuration
-
- NIS configuration can be updated only if NIS Server was configured via
- ipa-nis-manage command.
- """
-
- def __recover_from_missing_maps(self, ldap):
- # https://fedorahosted.org/freeipa/ticket/5507
- # if all following DNs are missing, but 'NIS Server' container exists
- # we are experiencig bug and maps should be fixed
-
- if sysupgrade.get_upgrade_state('nis',
- 'done_recover_from_missing_maps'):
- # this recover must be done only once, a user may deleted some
- # maps, we do not want to restore them again
- return
-
- logger.debug("Recovering from missing NIS maps bug")
-
- suffix = "cn=NIS Server,cn=plugins,cn=config"
- domain = self.api.env.domain
- missing_dn_list = [
- DN(nis_map.format(domain=domain, suffix=suffix)) for nis_map in [
- "nis-domain={domain}+nis-map=passwd.byname,{suffix}",
- "nis-domain={domain}+nis-map=passwd.byuid,{suffix}",
- "nis-domain={domain}+nis-map=group.byname,{suffix}",
- "nis-domain={domain}+nis-map=group.bygid,{suffix}",
- "nis-domain={domain}+nis-map=netid.byname,{suffix}",
- "nis-domain={domain}+nis-map=netgroup,{suffix}",
- ]
- ]
-
- for dn in missing_dn_list:
- try:
- ldap.get_entry(dn, attrs_list=['cn'])
- except errors.NotFound:
- pass
- else:
- # bug is not effective, at least one of 'possible missing'
- # maps was detected
- return
-
- sysupgrade.set_upgrade_state('nis', 'done_recover_from_missing_maps',
- True)
-
- # bug is effective run update to recreate missing maps
- ld = LDAPUpdate(api=self.api)
- ld.update([paths.NIS_ULDIF])
-
- def execute(self, **options):
- ldap = self.api.Backend.ldap2
- dn = DN(('cn', 'NIS Server'), ('cn', 'plugins'), ('cn', 'config'))
- try:
- ldap.get_entry(dn, attrs_list=['cn'])
- except errors.NotFound:
- # NIS is not configured on system, do not execute update
- logger.debug("Skipping NIS update, NIS Server is not configured")
-
- # container does not exist, bug #5507 is not effective
- sysupgrade.set_upgrade_state(
- 'nis', 'done_recover_from_missing_maps', True)
- else:
- self.__recover_from_missing_maps(ldap)
-
- logger.debug("Executing NIS Server update")
- ld = LDAPUpdate(api=self.api)
- ld.update([paths.NIS_UPDATE_ULDIF])
-
- return False, ()
diff --git a/ipatests/test_cmdline/test_cli.py b/ipatests/test_cmdline/test_cli.py
index ae0d059ce..718798d68 100644
--- a/ipatests/test_cmdline/test_cli.py
+++ b/ipatests/test_cmdline/test_cli.py
@@ -385,7 +385,6 @@ IPA_CLIENT_NOT_CONFIGURED = b'IPA client is not configured on this system'
'/usr/share/ipa/updates/05-pre_upgrade_plugins.update'],
2, None, IPA_NOT_CONFIGURED),
(['ipa-managed-entries'], 2, None, IPA_NOT_CONFIGURED),
- (['ipa-nis-manage'], 2, None, IPA_NOT_CONFIGURED),
(['ipa-pkinit-manage'], 2, None, IPA_NOT_CONFIGURED),
(['ipa-replica-manage', 'list'], 1, IPA_NOT_CONFIGURED, None),
(['ipa-server-certinstall'], 2, None, IPA_NOT_CONFIGURED),
diff --git a/ipatests/test_integration/test_commands.py b/ipatests/test_integration/test_commands.py
index fd34defe5..e00b0f3bb 100644
--- a/ipatests/test_integration/test_commands.py
+++ b/ipatests/test_integration/test_commands.py
@@ -1269,93 +1269,6 @@ class TestIPACommand(IntegrationTest):
serverid = realm_to_serverid(self.master.domain.realm)
return ("dirsrv@%s.service" % serverid)
- def test_ipa_nis_manage_enable(self):
- """
- This testcase checks if ipa-nis-manage enable
- command enables plugin on an IPA master
- """
- dirsrv_service = self.get_dirsrv_id()
- console_msg = (
- "Enabling plugin\n"
- "This setting will not take effect until "
- "you restart Directory Server.\n"
- "The rpcbind service may need to be started"
- )
- status_msg = "Plugin is enabled"
- tasks.kinit_admin(self.master)
- result = self.master.run_command(
- ["ipa-nis-manage", "enable"],
- stdin_text=self.master.config.admin_password,
- )
- assert console_msg in result.stdout_text
- # verify using backend
- conn = self.master.ldap_connect()
- dn = DN(('cn', 'NIS Server'), ('cn', 'plugins'), ('cn', 'config'))
- entry = conn.get_entry(dn)
- nispluginstring = entry.get('nsslapd-pluginEnabled')
- assert 'on' in nispluginstring
- # restart for changes to take effect
- self.master.run_command(["systemctl", "restart", dirsrv_service])
- self.master.run_command(["systemctl", "restart", "rpcbind"])
- time.sleep(DIRSRV_SLEEP)
- # check status msg on the console
- result = self.master.run_command(
- ["ipa-nis-manage", "status"],
- stdin_text=self.master.config.admin_password,
- )
- assert status_msg in result.stdout_text
-
- def test_ipa_nis_manage_disable(self):
- """
- This testcase checks if ipa-nis-manage disable
- command disable plugin on an IPA Master
- """
- dirsrv_service = self.get_dirsrv_id()
- msg = (
- "This setting will not take effect "
- "until you restart Directory Server."
- )
- status_msg = "Plugin is not enabled"
- tasks.kinit_admin(self.master)
- result = self.master.run_command(
- ["ipa-nis-manage", "disable"],
- stdin_text=self.master.config.admin_password,
- )
- assert msg in result.stdout_text
- # verify using backend
- conn = self.master.ldap_connect()
- dn = DN(('cn', 'NIS Server'), ('cn', 'plugins'), ('cn', 'config'))
- entry = conn.get_entry(dn)
- nispluginstring = entry.get('nsslapd-pluginEnabled')
- assert 'off' in nispluginstring
- # restart dirsrv for changes to take effect
- self.master.run_command(["systemctl", "restart", dirsrv_service])
- time.sleep(DIRSRV_SLEEP)
- # check status msg on the console
- result = self.master.run_command(
- ["ipa-nis-manage", "status"],
- stdin_text=self.master.config.admin_password,
- raiseonerr=False,
- )
- assert result.returncode == 4
- assert status_msg in result.stdout_text
-
- def test_ipa_nis_manage_enable_incorrect_password(self):
- """
- This testcase checks if ipa-nis-manage enable
- command throws error on console for invalid DS admin password
- """
- msg1 = "Insufficient access: "
- msg2 = "Invalid credentials"
- result = self.master.run_command(
- ["ipa-nis-manage", "enable"],
- stdin_text='Invalid_pwd',
- raiseonerr=False,
- )
- assert result.returncode == 1
- assert msg1 in result.stderr_text
- assert msg2 in result.stderr_text
-
def test_pkispawn_log_is_present(self):
"""
This testcase checks if pkispawn logged properly.
--
2.45.2
Reference in New Issue View Git Blame Copy Permalink