rpms/ipa
6
0
Fork 0
Code Issues Pull Requests Releases Activity
7b095b326d
ipa/0003-Revert-Remove-NIS-server-support.patch
Florence Blanc-Renaud 7b095b326d ipa-4.13.0-1 
- Resolves: RHEL-134542 Add modern WebUI as submodule and enable routing in Apache
- Resolves: RHEL-134540 Switch IPA to use the PKI python API directly rather than RPC calls
- Resolves: RHEL-134196 After upgrade from 9.7 to 9.8 ipactl restart fails to restart winbind service
- Resolves: RHEL-132334 Include latest fixes in python3-ipatests package
- Resolves: RHEL-129224 Fix ipatests for kdcproxy after CVE-2025-59088 fix
- Resolves: RHEL-126974 Minor typo in ipa_idrange_fix.py
- Resolves: RHEL-120954 Rebase ipa to latest 4.13.x version for RHEL 9.8

Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
2025-12-15 17:36:43 +01:00

891 lines
42 KiB
Diff
Raw Blame History

From 941d6a54e163ca0d5eee6ac391c0d2f5afb6cf55 Mon Sep 17 00:00:00 2001
From: Florence Blanc-Renaud <flo@redhat.com>
Date: Tue, 9 Dec 2025 10:27:12 +0100
Subject: [PATCH] Revert "Remove NIS server support"
This reverts commit e98a80827bcc42dc16b516355077fed844220107.
---
freeipa.spec.in | 2 +
install/share/Makefile.am | 2 +
install/share/nis-update.uldif | 38 ++++
install/share/nis.uldif | 96 ++++++++++
install/tools/Makefile.am | 2 +
install/tools/ipa-compat-manage.in | 17 +-
install/tools/ipa-nis-manage.in | 205 +++++++++++++++++++++
install/tools/man/Makefile.am | 1 +
install/tools/man/ipa-nis-manage.1 | 51 +++++
install/updates/10-enable-betxn.update | 3 +
install/updates/50-nis.update | 3 +
install/updates/Makefile.am | 1 +
ipaplatform/base/paths.py | 2 +
ipaserver/install/ipa_migrate.py | 27 ++-
ipaserver/install/ipa_migrate_constants.py | 24 +++
ipaserver/install/plugins/update_nis.py | 92 +++++++++
ipatests/test_cmdline/test_cli.py | 1 +
ipatests/test_integration/test_commands.py | 87 +++++++++
18 files changed, 638 insertions(+), 16 deletions(-)
create mode 100644 install/share/nis-update.uldif
create mode 100644 install/share/nis.uldif
create mode 100644 install/tools/ipa-nis-manage.in
create mode 100644 install/tools/man/ipa-nis-manage.1
create mode 100644 install/updates/50-nis.update
create mode 100644 ipaserver/install/plugins/update_nis.py
diff --git a/freeipa.spec.in b/freeipa.spec.in
index b93199a5783a89e0ff58affd3d416556f72dd00c..6ee0f43f059dad4bba2288b1b0d3a63437371861 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -1619,6 +1619,7 @@ fi
%{_sbindir}/ipa-ldap-updater
%{_sbindir}/ipa-otptoken-import
%{_sbindir}/ipa-compat-manage
+%{_sbindir}/ipa-nis-manage
%{_sbindir}/ipa-managed-entries
%{_sbindir}/ipactl
%{_sbindir}/ipa-advise
@@ -1694,6 +1695,7 @@ fi
%{_mandir}/man1/ipa-ca-install.1*
%{_mandir}/man1/ipa-kra-install.1*
%{_mandir}/man1/ipa-compat-manage.1*
+%{_mandir}/man1/ipa-nis-manage.1*
%{_mandir}/man1/ipa-managed-entries.1*
%{_mandir}/man1/ipa-ldap-updater.1*
%{_mandir}/man8/ipactl.8*
diff --git a/install/share/Makefile.am b/install/share/Makefile.am
index bb2eb7531b083e36827ba1ee111e39c29589acaa..87578d29644f897622f46a56c06cb24c7df3efe6 100644
--- a/install/share/Makefile.am
+++ b/install/share/Makefile.am
@@ -66,6 +66,8 @@ dist_app_DATA = \
master-entry.ldif \
memberof-task.ldif \
memberof-conf.ldif \
+ nis.uldif \
+ nis-update.uldif \
opendnssec_conf.template \
opendnssec_kasp.template \
unique-attributes.ldif \
diff --git a/install/share/nis-update.uldif b/install/share/nis-update.uldif
new file mode 100644
index 0000000000000000000000000000000000000000..e602c1de061fbcece349b2d86970c4db5051473b
--- /dev/null
+++ b/install/share/nis-update.uldif
@@ -0,0 +1,38 @@
+# Updates for NIS
+
+# Correct syntax error that caused users to not appear
+dn: nis-domain=$DOMAIN+nis-map=netgroup, cn=NIS Server, cn=plugins, cn=config
+replace:nis-value-format: %merge(" ","%{memberNisNetgroup}","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\\\")\",\"-\"),%{nisDomainName:-})")::%merge(" ","%{memberNisNetgroup}","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\"),%{nisDomainName:-})")
+
+# Correct syntax error that caused nested netgroups to not work
+# https://bugzilla.redhat.com/show_bug.cgi?id=788625
+dn: nis-domain=$DOMAIN+nis-map=netgroup, cn=NIS Server, cn=plugins, cn=config
+replace:nis-value-format: %merge(" ","%{memberNisNetgroup}","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\"),%{nisDomainName:-})")::%merge(" ","%deref_f(\"member\",\"(objectclass=ipanisNetgroup)\",\"cn\")","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\"),%{nisDomainName:-})")
+
+# Make the padding an expression so usercat and hostcat always gets
+# evaluated when displaying entries.
+# https://bugzilla.redhat.com/show_bug.cgi?id=767372
+dn: nis-domain=$DOMAIN+nis-map=netgroup, cn=NIS Server, cn=plugins, cn=config
+replace:nis-value-format: %merge(" ","%deref_f(\"member\",\"(objectclass=ipanisNetgroup)\",\"cn\")","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\"),%{nisDomainName:-})")::%merge(" ","%deref_f(\"member\",\"(objectclass=ipanisNetgroup)\",\"cn\")","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"-\\\")\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"-\\\")\"),%{nisDomainName:-})")
+
+dn: nis-domain=$DOMAIN+nis-map=ethers.byaddr, cn=NIS Server, cn=plugins, cn=config
+default:objectclass: top
+default:objectclass: extensibleObject
+default:nis-domain: $DOMAIN
+default:nis-map: ethers.byaddr
+default:nis-base: cn=computers, cn=accounts, $SUFFIX
+default:nis-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
+default:nis-keys-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%1:%2:%3:%4:%5:%6")
+default:nis-values-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%1:%2:%3:%4:%5:%6 %7")
+default:nis-secure: no
+
+dn: nis-domain=$DOMAIN+nis-map=ethers.byname, cn=NIS Server, cn=plugins, cn=config
+default:objectclass: top
+default:objectclass: extensibleObject
+default:nis-domain: $DOMAIN
+default:nis-map: ethers.byname
+default:nis-base: cn=computers, cn=accounts, $SUFFIX
+default:nis-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
+default:nis-keys-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%7")
+default:nis-values-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%1:%2:%3:%4:%5:%6 %7")
+default:nis-secure: no
diff --git a/install/share/nis.uldif b/install/share/nis.uldif
new file mode 100644
index 0000000000000000000000000000000000000000..1735fb55299d28ab40d864b24062309fca43241f
--- /dev/null
+++ b/install/share/nis.uldif
@@ -0,0 +1,96 @@
+dn: cn=NIS Server, cn=plugins, cn=config
+default:objectclass: top
+default:objectclass: nsSlapdPlugin
+default:objectclass: extensibleObject
+default:cn: NIS Server
+default:nsslapd-pluginpath: /usr/lib$LIBARCH/dirsrv/plugins/nisserver-plugin.so
+default:nsslapd-plugininitfunc: nis_plugin_init
+default:nsslapd-plugintype: object
+default:nsslapd-pluginbetxn: on
+default:nsslapd-pluginenabled: on
+default:nsslapd-pluginid: nis-server
+default:nsslapd-pluginversion: 0.10
+default:nsslapd-pluginvendor: redhat.com
+default:nsslapd-plugindescription: NIS Server Plugin
+default:nis-tcp-wrappers-name: nis-server
+
+dn: nis-domain=$DOMAIN+nis-map=passwd.byname, cn=NIS Server, cn=plugins, cn=config
+default:objectclass: top
+default:objectclass: extensibleObject
+default:nis-domain: $DOMAIN
+default:nis-map: passwd.byname
+default:nis-base: cn=users, cn=accounts, $SUFFIX
+default:nis-secure: no
+
+dn: nis-domain=$DOMAIN+nis-map=passwd.byuid, cn=NIS Server, cn=plugins, cn=config
+default:objectclass: top
+default:objectclass: extensibleObject
+default:nis-domain: $DOMAIN
+default:nis-map: passwd.byuid
+default:nis-base: cn=users, cn=accounts, $SUFFIX
+default:nis-secure: no
+
+dn: nis-domain=$DOMAIN+nis-map=group.byname, cn=NIS Server, cn=plugins, cn=config
+default:objectclass: top
+default:objectclass: extensibleObject
+default:nis-domain: $DOMAIN
+default:nis-map: group.byname
+default:nis-base: cn=groups, cn=accounts, $SUFFIX
+default:nis-secure: no
+
+dn: nis-domain=$DOMAIN+nis-map=group.bygid, cn=NIS Server, cn=plugins, cn=config
+default:objectclass: top
+default:objectclass: extensibleObject
+default:nis-domain: $DOMAIN
+default:nis-map: group.bygid
+default:nis-base: cn=groups, cn=accounts, $SUFFIX
+default:nis-secure: no
+
+dn: nis-domain=$DOMAIN+nis-map=netid.byname, cn=NIS Server, cn=plugins, cn=config
+default:objectclass: top
+default:objectclass: extensibleObject
+default:nis-domain: $DOMAIN
+default:nis-map: netid.byname
+default:nis-base: cn=users, cn=accounts, $SUFFIX
+default:nis-secure: no
+
+# Note that the escapes in this entry can be quite confusing. The trick
+# is that each level of nesting requires (2^n) - 1 escapes. So the
+# first level is \", the second is \\\", the third is \\\\\\\", etc.
+# (1, 3, 7, 15, more than that and you'll go insane)
+
+# Note that this configuration mirrors the Schema Compat configuration for
+# triples.
+dn: nis-domain=$DOMAIN+nis-map=netgroup, cn=NIS Server, cn=plugins, cn=config
+default:objectclass: top
+default:objectclass: extensibleObject
+default:nis-domain: $DOMAIN
+default:nis-map: netgroup
+default:nis-base: cn=ng, cn=alt, $SUFFIX
+default:nis-filter: (objectClass=ipanisNetgroup)
+default:nis-key-format: %{cn}
+default:nis-value-format:%merge(" ","%deref_f(\"member\",\"(objectclass=ipanisNetgroup)\",\"cn\")","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"-\\\")\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"-\\\")\"),%{nisDomainName:-})")
+default:nis-secure: no
+
+dn: nis-domain=$DOMAIN+nis-map=ethers.byaddr, cn=NIS Server, cn=plugins, cn=config
+default:objectclass: top
+default:objectclass: extensibleObject
+default:nis-domain: $DOMAIN
+default:nis-map: ethers.byaddr
+default:nis-base: cn=computers, cn=accounts, $SUFFIX
+default:nis-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
+default:nis-keys-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%1:%2:%3:%4:%5:%6")
+default:nis-values-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%1:%2:%3:%4:%5:%6 %7")
+default:nis-secure: no
+
+dn: nis-domain=$DOMAIN+nis-map=ethers.byname, cn=NIS Server, cn=plugins, cn=config
+default:objectclass: top
+default:objectclass: extensibleObject
+default:nis-domain: $DOMAIN
+default:nis-map: ethers.byname
+default:nis-base: cn=computers, cn=accounts, $SUFFIX
+default:nis-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
+default:nis-keys-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%7")
+default:nis-values-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%1:%2:%3:%4:%5:%6 %7")
+default:nis-secure: no
+
diff --git a/install/tools/Makefile.am b/install/tools/Makefile.am
index 74cd11c67dd3af623dd29802935ae63fe82fcecb..ca484ec37969c9c06ae7b408b55fa30cd4e8e4fe 100644
--- a/install/tools/Makefile.am
+++ b/install/tools/Makefile.am
@@ -19,6 +19,7 @@ dist_noinst_DATA = \
ipa-server-upgrade.in \
ipactl.in \
ipa-compat-manage.in \
+ ipa-nis-manage.in \
ipa-managed-entries.in \
ipa-ldap-updater.in \
ipa-otptoken-import.in \
@@ -56,6 +57,7 @@ nodist_sbin_SCRIPTS = \
ipa-server-upgrade \
ipactl \
ipa-compat-manage \
+ ipa-nis-manage \
ipa-managed-entries \
ipa-ldap-updater \
ipa-otptoken-import \
diff --git a/install/tools/ipa-compat-manage.in b/install/tools/ipa-compat-manage.in
index fb25c22edd5b2fac123144846ffc232cb5bbecc7..9650abd6f83ebc0a8ef347fee83989d4e9f13f09 100644
--- a/install/tools/ipa-compat-manage.in
+++ b/install/tools/ipa-compat-manage.in
@@ -25,7 +25,6 @@ import sys
from ipaplatform.paths import paths
try:
from ipapython import ipautil, config
- from ipapython.ipaldap import realm_to_serverid
from ipaserver.install import installutils
from ipaserver.install.ldapupdate import LDAPUpdate
from ipalib import api, errors
@@ -153,19 +152,9 @@ def main():
try:
entry = get_entry(nis_config_dn)
# We can't disable schema compat if the NIS plugin is enabled
- if (
- entry is not None
- and entry.get("nsslapd-pluginenabled", [""])[0].lower() == "on"
- ):
- instance = realm_to_serverid(api.env.realm)
- print(
- "The NIS plugin is configured, cannot "
- "disable compatibility.", file=sys.stderr,
- )
- print(
- f"Run \"dsconf {instance} plugin set --enabled off "
- "'NIS Server'\" first.", file=sys.stderr,
- )
+ if entry is not None and entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'on':
+ print("The NIS plugin is configured, cannot disable compatibility.", file=sys.stderr)
+ print("Run 'ipa-nis-manage disable' first.", file=sys.stderr)
retval = 2
except errors.ExecutionError as lde:
print("An error occurred while talking to the server.")
diff --git a/install/tools/ipa-nis-manage.in b/install/tools/ipa-nis-manage.in
new file mode 100644
index 0000000000000000000000000000000000000000..6b156ce6a80d05d9cd2d7cab48e6dba08b0954f5
--- /dev/null
+++ b/install/tools/ipa-nis-manage.in
@@ -0,0 +1,205 @@
+#!/usr/bin/python3
+# Authors: Rob Crittenden <rcritten@redhat.com>
+# Authors: Simo Sorce <ssorce@redhat.com>
+#
+# Copyright (C) 2009 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import print_function
+
+import sys
+import os
+from ipaplatform.paths import paths
+try:
+ from optparse import OptionParser # pylint: disable=deprecated-module
+ from ipapython import ipautil, config
+ from ipaserver.install import installutils
+ from ipaserver.install.ldapupdate import LDAPUpdate
+ from ipalib import api, errors
+ from ipapython.ipa_log_manager import standard_logging_setup
+ from ipapython.dn import DN
+ from ipaplatform import services
+except ImportError as e:
+ print("""\
+There was a problem importing one of the required Python modules. The
+error was:
+
+ %s
+""" % e, file=sys.stderr)
+ sys.exit(1)
+
+nis_config_dn = DN(('cn', 'NIS Server'), ('cn', 'plugins'), ('cn', 'config'))
+compat_dn = DN(('cn', 'Schema Compatibility'), ('cn', 'plugins'), ('cn', 'config'))
+
+def parse_options():
+ usage = "%prog [options] <enable|disable|status>\n"
+ usage += "%prog [options]\n"
+ parser = OptionParser(usage=usage, formatter=config.IPAFormatter())
+
+ parser.add_option("-d", "--debug", action="store_true", dest="debug",
+ help="Display debugging information about the update(s)")
+ parser.add_option("-y", dest="password",
+ help="File containing the Directory Manager password")
+
+ config.add_standard_options(parser)
+ options, args = parser.parse_args()
+
+ return options, args
+
+def get_dirman_password():
+ """Prompt the user for the Directory Manager password and verify its
+ correctness.
+ """
+ password = installutils.read_password("Directory Manager", confirm=False, validate=False, retry=False)
+
+ return password
+
+def get_entry(dn):
+ """
+ Return the entry for the given DN. If the entry is not found return
+ None.
+ """
+ entry = None
+ try:
+ entry = api.Backend.ldap2.get_entry(dn)
+ except errors.NotFound:
+ pass
+ return entry
+
+def main():
+ retval = 0
+ files = [paths.NIS_ULDIF]
+ servicemsg = ""
+
+ if os.getegid() != 0:
+ sys.exit('Must be root to use this tool.')
+
+ installutils.check_server_configuration()
+
+ options, args = parse_options()
+
+ if len(args) != 1:
+ sys.exit("You must specify one action: enable | disable | status")
+ elif args[0] not in {"enable", "disable", "status"}:
+ sys.exit("Unrecognized action [" + args[0] + "]")
+
+ standard_logging_setup(None, debug=options.debug)
+ dirman_password = ""
+ if options.password:
+ try:
+ pw = ipautil.template_file(options.password, [])
+ except IOError:
+ sys.exit("File \"%s\" not found or not readable" % options.password)
+ dirman_password = pw.strip()
+ else:
+ dirman_password = get_dirman_password()
+ if dirman_password is None:
+ sys.exit("Directory Manager password required")
+
+ if not dirman_password:
+ sys.exit("No password supplied")
+
+ api.bootstrap(
+ context='cli', confdir=paths.ETC_IPA,
+ debug=options.debug, in_server=True)
+ api.finalize()
+ api.Backend.ldap2.connect(bind_pw=dirman_password)
+
+ if args[0] == "enable":
+ compat = get_entry(compat_dn)
+ if compat is None or compat.get('nsslapd-pluginenabled', [''])[0].lower() == 'off':
+ sys.exit("The compat plugin needs to be enabled: ipa-compat-manage enable")
+ entry = None
+ try:
+ entry = get_entry(nis_config_dn)
+ except errors.ExecutionError as lde:
+ print("An error occurred while talking to the server.")
+ print(lde)
+ retval = 1
+
+ # Enable either the portmap or rpcbind service
+ portmap = services.knownservices.portmap
+ rpcbind = services.knownservices.rpcbind
+
+ if portmap.is_installed():
+ portmap.enable()
+ servicemsg = portmap.service_name
+ elif rpcbind.is_installed():
+ rpcbind.enable()
+ servicemsg = rpcbind.service_name
+ else:
+ print("Unable to enable either %s or %s" % (portmap.service_name, rpcbind.service_name))
+ retval = 3
+
+ # The cn=config entry for the plugin may already exist but it
+ # could be turned off, handle both cases.
+ if entry is None:
+ print("Enabling plugin")
+ ld = LDAPUpdate()
+ if ld.update(files) != True:
+ retval = 1
+ elif entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'off':
+ print("Enabling plugin")
+ # Already configured, just enable the plugin
+ entry['nsslapd-pluginenabled'] = ['on']
+ api.Backend.ldap2.update_entry(entry)
+ else:
+ print("Plugin already Enabled")
+ retval = 2
+
+ elif args[0] == "disable":
+ try:
+ entry = api.Backend.ldap2.get_entry(nis_config_dn, ['nsslapd-pluginenabled'])
+ entry['nsslapd-pluginenabled'] = ['off']
+ api.Backend.ldap2.update_entry(entry)
+ except (errors.NotFound, errors.EmptyModlist):
+ print("Plugin is already disabled")
+ retval = 2
+ except errors.LDAPError as lde:
+ print("An error occurred while talking to the server.")
+ print(lde)
+ retval = 1
+
+ elif args[0] == "status":
+ nis_entry = get_entry(nis_config_dn)
+ enabled = (nis_entry and
+ nis_entry.get(
+ 'nsslapd-pluginenabled', '')[0].lower() == "on")
+ if enabled:
+ print("Plugin is enabled")
+ retval = 0
+ else:
+ print("Plugin is not enabled")
+ retval = 4
+
+ else:
+ retval = 1
+
+ if retval == 0:
+ if args[0] in {"enable", "disable"}:
+ print("This setting will not take effect until you restart "
+ "Directory Server.")
+
+ if args[0] == "enable":
+ print("The %s service may need to be started." % servicemsg)
+
+ api.Backend.ldap2.disconnect()
+
+ return retval
+
+if __name__ == '__main__':
+ installutils.run_script(main, operation_name='ipa-nis-manage')
diff --git a/install/tools/man/Makefile.am b/install/tools/man/Makefile.am
index bffce402c7df428a47c1710bdc47d59a95993a0d..e9542a77bbbb88054eae1e64311d6e9ec5bee499 100644
--- a/install/tools/man/Makefile.am
+++ b/install/tools/man/Makefile.am
@@ -18,6 +18,7 @@ dist_man1_MANS = \
ipa-kra-install.1 \
ipa-ldap-updater.1 \
ipa-compat-manage.1 \
+ ipa-nis-manage.1 \
ipa-managed-entries.1 \
ipa-backup.1 \
ipa-restore.1 \
diff --git a/install/tools/man/ipa-nis-manage.1 b/install/tools/man/ipa-nis-manage.1
new file mode 100644
index 0000000000000000000000000000000000000000..1107b7790531aa695defd660040734143c02474d
--- /dev/null
+++ b/install/tools/man/ipa-nis-manage.1
@@ -0,0 +1,51 @@
+.\" A man page for ipa-nis-manage
+.\" Copyright (C) 2009 Red Hat, Inc.
+.\"
+.\" This program is free software; you can redistribute it and/or modify
+.\" it under the terms of the GNU General Public License as published by
+.\" the Free Software Foundation, either version 3 of the License, or
+.\" (at your option) any later version.
+.\"
+.\" This program is distributed in the hope that it will be useful, but
+.\" WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+.\" General Public License for more details.
+.\"
+.\" You should have received a copy of the GNU General Public License
+.\" along with this program. If not, see <http://www.gnu.org/licenses/>.
+.\"
+.\" Author: Rob Crittenden <rcritten@redhat.com>
+.\"
+.TH "ipa-nis-manage" "1" "April 25 2016" "IPA" "IPA Manual Pages"
+.SH "NAME"
+ipa\-nis\-manage \- Enables or disables the NIS listener plugin
+.SH "SYNOPSIS"
+ipa\-nis\-manage [options] <enable|disable|status>
+.SH "DESCRIPTION"
+Run the command with the \fBenable\fR option to enable the NIS plugin.
+
+Run the command with the \fBdisable\fR option to disable the NIS plugin.
+
+Run the command with the \fBstatus\fR option to read status of the NIS plugin. Return code 0 indicates enabled plugin, return code 4 indicates disabled plugin.
+
+In all cases the user will be prompted to provide the Directory Manager's password unless option \fB\-y\fR is used.
+
+Directory Server will need to be restarted after the NIS listener plugin has been enabled.
+
+.SH "OPTIONS"
+.TP
+\fB\-d\fR, \fB\-\-debug\fR
+Enable debug logging when more verbose output is needed
+.TP
+\fB\-y\fR \fIfile\fR
+File containing the Directory Manager password
+.SH "EXIT STATUS"
+0 if the command was successful
+
+1 if an error occurred
+
+2 if the plugin is already in the required status (enabled or disabled)
+
+3 if RPC services cannot be enabled.
+
+4 if status command detected plugin in disabled state.
diff --git a/install/updates/10-enable-betxn.update b/install/updates/10-enable-betxn.update
index 9525292cb2d66a738a2dec9cd881dbf960d2d944..1f89341c7f68616161d03b8a2e0c34f499bc3317 100644
--- a/install/updates/10-enable-betxn.update
+++ b/install/updates/10-enable-betxn.update
@@ -44,3 +44,6 @@ only: nsslapd-pluginbetxn: on
dn: cn=Schema Compatibility, cn=plugins, cn=config
onlyifexist: nsslapd-pluginbetxn: on
+
+dn: cn=NIS Server, cn=plugins, cn=config
+onlyifexist: nsslapd-pluginbetxn: on
diff --git a/install/updates/50-nis.update b/install/updates/50-nis.update
new file mode 100644
index 0000000000000000000000000000000000000000..05a166f003aefc50fc25f10f01f7364d752425bc
--- /dev/null
+++ b/install/updates/50-nis.update
@@ -0,0 +1,3 @@
+# Updates are applied only if NIS plugin has been configured
+# update definitions are located in install/share/nis-update.uldif
+plugin: update_nis_configuration
diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am
index cce2670a6c31803dc534ac5b0093ec0aa317233e..fd96831d8fd4904b51d933847865d37c58a3508c 100644
--- a/install/updates/Makefile.am
+++ b/install/updates/Makefile.am
@@ -52,6 +52,7 @@ app_DATA = \
50-groupuuid.update \
50-hbacservice.update \
50-krbenctypes.update \
+ 50-nis.update \
50-ipaconfig.update \
55-pbacmemberof.update \
59-trusts-sysacount.update \
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index 5bc0e3ac3eed257fd7fa6a0830e3e2dbeb3d01d2..b84925bfc7d9af8584d9d4b185aa04b635c1e325 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -297,6 +297,8 @@ class BasePathNamespace:
CA_TOPOLOGY_ULDIF = "/usr/share/ipa/ca-topology.uldif"
IPA_HTML_DIR = "/usr/share/ipa/html"
CA_CRT = "/usr/share/ipa/html/ca.crt"
+ NIS_ULDIF = "/usr/share/ipa/nis.uldif"
+ NIS_UPDATE_ULDIF = "/usr/share/ipa/nis-update.uldif"
SCHEMA_COMPAT_ULDIF = "/usr/share/ipa/updates/91-schema_compat.update"
SCHEMA_COMPAT_POST_ULDIF = "/usr/share/ipa/schema_compat_post.uldif"
SUBID_GENERATORS_ULDIF = "/usr/share/ipa/subid-generators.uldif"
diff --git a/ipaserver/install/ipa_migrate.py b/ipaserver/install/ipa_migrate.py
index f07a878e739002346df894f93745ea60345e0557..b0a27de5dd40aa661271faa3a8a0855226b5892f 100644
--- a/ipaserver/install/ipa_migrate.py
+++ b/ipaserver/install/ipa_migrate.py
@@ -32,7 +32,7 @@ from ipapython.admintool import admin_cleanup_global_argv
from ipaserver.install.ipa_migrate_constants import (
DS_CONFIG, DB_OBJECTS, DS_INDEXES, BIND_DN, LOG_FILE_NAME,
STRIP_OP_ATTRS, STRIP_ATTRS, STRIP_OC, PROD_ATTRS,
- DNA_REGEN_VAL, DNA_REGEN_ATTRS, IGNORE_ATTRS,
+ DNA_REGEN_VAL, DNA_REGEN_ATTRS, NIS_PLUGIN, IGNORE_ATTRS,
DB_EXCLUDE_TREES, POLICY_OP_ATTRS, STATE_OPTIONS
)
@@ -749,7 +749,8 @@ class IPAMigrate():
self.log_info(title)
self.log_info('-' * (len(title) - 1))
logged_something = self.log_stats(DS_CONFIG)
- if self.args.verbose:
+ if self.args.verbose or NIS_PLUGIN['count'] > 0:
+ self.log_info(f" - NIS Server Plugin: {NIS_PLUGIN['count']}")
logged_something = True
if not self.log_stats(DS_INDEXES) and not logged_something:
self.log_info(" - No updates")
@@ -1983,6 +1984,28 @@ class IPAMigrate():
add_missing=True)
stats['config_processed'] += 1
+ # Slapi NIS Plugin
+ if DN(NIS_PLUGIN['dn']) == DN(entry['dn']):
+ # Parent plugin entry
+ self.process_config_entry(
+ entry['dn'], entry['attrs'], NIS_PLUGIN,
+ add_missing=True)
+ stats['config_processed'] += 1
+ elif DN(NIS_PLUGIN['dn']) in DN(entry['dn']):
+ # Child NIS plugin entry
+ nis_dn = entry['dn']
+ lc_remote_realm = self.remote_realm.lower()
+ lc_realm = self.realm.lower()
+ nis_dn = nis_dn.replace(lc_remote_realm, lc_realm)
+ if 'nis-domain' in entry['attrs']:
+ value = entry['attrs']['nis-domain'][0]
+ value = value.replace(lc_remote_realm, lc_realm)
+ entry['attrs']['nis-domain'][0] = value
+ # Process the entry
+ self.process_config_entry(nis_dn, entry['attrs'], NIS_PLUGIN,
+ add_missing=True)
+ stats['config_processed'] += 1
+
#
# Migration
#
diff --git a/ipaserver/install/ipa_migrate_constants.py b/ipaserver/install/ipa_migrate_constants.py
index 65e920d4bdc7511adb60bbdf87db88beb2630645..4fe8b467978936e4f8d621b7297ff577127c7298 100644
--- a/ipaserver/install/ipa_migrate_constants.py
+++ b/ipaserver/install/ipa_migrate_constants.py
@@ -527,6 +527,30 @@ DS_CONFIG = {
},
}
+#
+# Slpai NIS is an optional plugin. It requires special handling
+#
+NIS_PLUGIN = {
+ 'dn': 'cn=NIS Server,cn=plugins,cn=config',
+ 'attrs': [
+ 'nis-domain',
+ 'nis-base',
+ 'nis-map',
+ 'nis-filter',
+ 'nis-key-format:',
+ 'nis-values-format:',
+ 'nis-secure',
+ 'nis-disallowed-chars',
+ # Parent plugin entry
+ 'nsslapd-pluginarg0',
+ 'nsslapd-pluginenabled'
+ ],
+ 'multivalued': [],
+ 'label': 'NIS Server Plugin',
+ 'mode': 'all',
+ 'count': 0,
+}
+
#
# This mapping is simliar to above but it handles container entries
# This could be built into the above mapping using the "comma" approach
diff --git a/ipaserver/install/plugins/update_nis.py b/ipaserver/install/plugins/update_nis.py
new file mode 100644
index 0000000000000000000000000000000000000000..c02eb5f838a99b27cdd21e4aee17e5104f0e22e2
--- /dev/null
+++ b/ipaserver/install/plugins/update_nis.py
@@ -0,0 +1,92 @@
+#
+# Copyright (C) 2015 FreeIPA Contributors see COPYING for license
+#
+
+from __future__ import absolute_import
+
+import logging
+
+from ipalib.plugable import Registry
+from ipalib import errors
+from ipalib import Updater
+from ipaplatform.paths import paths
+from ipapython.dn import DN
+from ipaserver.install import sysupgrade
+from ipaserver.install.ldapupdate import LDAPUpdate
+
+logger = logging.getLogger(__name__)
+
+register = Registry()
+
+
+@register()
+class update_nis_configuration(Updater):
+ """Update NIS configuration
+
+ NIS configuration can be updated only if NIS Server was configured via
+ ipa-nis-manage command.
+ """
+
+ def __recover_from_missing_maps(self, ldap):
+ # https://fedorahosted.org/freeipa/ticket/5507
+ # if all following DNs are missing, but 'NIS Server' container exists
+ # we are experiencig bug and maps should be fixed
+
+ if sysupgrade.get_upgrade_state('nis',
+ 'done_recover_from_missing_maps'):
+ # this recover must be done only once, a user may deleted some
+ # maps, we do not want to restore them again
+ return
+
+ logger.debug("Recovering from missing NIS maps bug")
+
+ suffix = "cn=NIS Server,cn=plugins,cn=config"
+ domain = self.api.env.domain
+ missing_dn_list = [
+ DN(nis_map.format(domain=domain, suffix=suffix)) for nis_map in [
+ "nis-domain={domain}+nis-map=passwd.byname,{suffix}",
+ "nis-domain={domain}+nis-map=passwd.byuid,{suffix}",
+ "nis-domain={domain}+nis-map=group.byname,{suffix}",
+ "nis-domain={domain}+nis-map=group.bygid,{suffix}",
+ "nis-domain={domain}+nis-map=netid.byname,{suffix}",
+ "nis-domain={domain}+nis-map=netgroup,{suffix}",
+ ]
+ ]
+
+ for dn in missing_dn_list:
+ try:
+ ldap.get_entry(dn, attrs_list=['cn'])
+ except errors.NotFound:
+ pass
+ else:
+ # bug is not effective, at least one of 'possible missing'
+ # maps was detected
+ return
+
+ sysupgrade.set_upgrade_state('nis', 'done_recover_from_missing_maps',
+ True)
+
+ # bug is effective run update to recreate missing maps
+ ld = LDAPUpdate(api=self.api)
+ ld.update([paths.NIS_ULDIF])
+
+ def execute(self, **options):
+ ldap = self.api.Backend.ldap2
+ dn = DN(('cn', 'NIS Server'), ('cn', 'plugins'), ('cn', 'config'))
+ try:
+ ldap.get_entry(dn, attrs_list=['cn'])
+ except errors.NotFound:
+ # NIS is not configured on system, do not execute update
+ logger.debug("Skipping NIS update, NIS Server is not configured")
+
+ # container does not exist, bug #5507 is not effective
+ sysupgrade.set_upgrade_state(
+ 'nis', 'done_recover_from_missing_maps', True)
+ else:
+ self.__recover_from_missing_maps(ldap)
+
+ logger.debug("Executing NIS Server update")
+ ld = LDAPUpdate(api=self.api)
+ ld.update([paths.NIS_UPDATE_ULDIF])
+
+ return False, ()
diff --git a/ipatests/test_cmdline/test_cli.py b/ipatests/test_cmdline/test_cli.py
index 6c86bbb657a0d9a7b74ef34ad20a796a10073315..4acf8dd5290c687723a9c43a21e194bf663b6a3b 100644
--- a/ipatests/test_cmdline/test_cli.py
+++ b/ipatests/test_cmdline/test_cli.py
@@ -372,6 +372,7 @@ IPA_CLIENT_NOT_CONFIGURED = b'IPA client is not configured on this system'
'/usr/share/ipa/updates/05-pre_upgrade_plugins.update'],
2, None, IPA_NOT_CONFIGURED),
(['ipa-managed-entries'], 2, None, IPA_NOT_CONFIGURED),
+ (['ipa-nis-manage'], 2, None, IPA_NOT_CONFIGURED),
(['ipa-pkinit-manage'], 2, None, IPA_NOT_CONFIGURED),
(['ipa-replica-manage', 'list'], 1, IPA_NOT_CONFIGURED, None),
(['ipa-server-certinstall'], 2, None, IPA_NOT_CONFIGURED),
diff --git a/ipatests/test_integration/test_commands.py b/ipatests/test_integration/test_commands.py
index 5bc871ab71bc05ec1c26df8352e996a9e627b466..8f8548494eaec3afd00961c096772b9d0b1ab3a4 100644
--- a/ipatests/test_integration/test_commands.py
+++ b/ipatests/test_integration/test_commands.py
@@ -1382,6 +1382,93 @@ class TestIPACommand(IntegrationTest):
serverid = realm_to_serverid(self.master.domain.realm)
return ("dirsrv@%s.service" % serverid)
+ def test_ipa_nis_manage_enable(self):
+ """
+ This testcase checks if ipa-nis-manage enable
+ command enables plugin on an IPA master
+ """
+ dirsrv_service = self.get_dirsrv_id()
+ console_msg = (
+ "Enabling plugin\n"
+ "This setting will not take effect until "
+ "you restart Directory Server.\n"
+ "The rpcbind service may need to be started"
+ )
+ status_msg = "Plugin is enabled"
+ tasks.kinit_admin(self.master)
+ result = self.master.run_command(
+ ["ipa-nis-manage", "enable"],
+ stdin_text=self.master.config.admin_password,
+ )
+ assert console_msg in result.stdout_text
+ # verify using backend
+ conn = self.master.ldap_connect()
+ dn = DN(('cn', 'NIS Server'), ('cn', 'plugins'), ('cn', 'config'))
+ entry = conn.get_entry(dn)
+ nispluginstring = entry.get('nsslapd-pluginEnabled')
+ assert 'on' in nispluginstring
+ # restart for changes to take effect
+ self.master.run_command(["systemctl", "restart", dirsrv_service])
+ self.master.run_command(["systemctl", "restart", "rpcbind"])
+ time.sleep(DIRSRV_SLEEP)
+ # check status msg on the console
+ result = self.master.run_command(
+ ["ipa-nis-manage", "status"],
+ stdin_text=self.master.config.admin_password,
+ )
+ assert status_msg in result.stdout_text
+
+ def test_ipa_nis_manage_disable(self):
+ """
+ This testcase checks if ipa-nis-manage disable
+ command disable plugin on an IPA Master
+ """
+ dirsrv_service = self.get_dirsrv_id()
+ msg = (
+ "This setting will not take effect "
+ "until you restart Directory Server."
+ )
+ status_msg = "Plugin is not enabled"
+ tasks.kinit_admin(self.master)
+ result = self.master.run_command(
+ ["ipa-nis-manage", "disable"],
+ stdin_text=self.master.config.admin_password,
+ )
+ assert msg in result.stdout_text
+ # verify using backend
+ conn = self.master.ldap_connect()
+ dn = DN(('cn', 'NIS Server'), ('cn', 'plugins'), ('cn', 'config'))
+ entry = conn.get_entry(dn)
+ nispluginstring = entry.get('nsslapd-pluginEnabled')
+ assert 'off' in nispluginstring
+ # restart dirsrv for changes to take effect
+ self.master.run_command(["systemctl", "restart", dirsrv_service])
+ time.sleep(DIRSRV_SLEEP)
+ # check status msg on the console
+ result = self.master.run_command(
+ ["ipa-nis-manage", "status"],
+ stdin_text=self.master.config.admin_password,
+ raiseonerr=False,
+ )
+ assert result.returncode == 4
+ assert status_msg in result.stdout_text
+
+ def test_ipa_nis_manage_enable_incorrect_password(self):
+ """
+ This testcase checks if ipa-nis-manage enable
+ command throws error on console for invalid DS admin password
+ """
+ msg1 = "Insufficient access: "
+ msg2 = "Invalid credentials"
+ result = self.master.run_command(
+ ["ipa-nis-manage", "enable"],
+ stdin_text='Invalid_pwd',
+ raiseonerr=False,
+ )
+ assert result.returncode == 1
+ assert msg1 in result.stderr_text
+ assert msg2 in result.stderr_text
+
def test_pkispawn_log_is_present(self):
"""
This testcase checks if pkispawn logged properly.
--
2.52.0
Reference in New Issue View Git Blame Copy Permalink