[Freeipa-devel] [PATCH 0058] ipa-restore: check whether DS is running before attempting connection
Alexander Bokovoy
abokovoy at redhat.com
Tue Aug 18 12:18:14 UTC 2015
On Tue, 18 Aug 2015, Jan Cholasta wrote:
>On 18.8.2015 13:41, Martin Basti wrote:
>>
>>
>>On 08/18/2015 01:16 PM, Alexander Bokovoy wrote:
>>>On Tue, 18 Aug 2015, Martin Babinsky wrote:
>>>>https://fedorahosted.org/freeipa/ticket/4838
>>>>
>>>>--
>>>>Martin^3 Babinsky
>>>
>>>>From d86aae6c3fef4dea1afbbdbacbc978afbbfa5fcf Mon Sep 17 00:00:00 2001
>>>>From: Martin Babinsky <mbabinsk at redhat.com>
>>>>Date: Tue, 18 Aug 2015 12:47:46 +0200
>>>>Subject: [PATCH] ipa-restore: check whether DS is running before
>>>>attempting
>>>>connection
>>>>
>>>>https://fedorahosted.org/freeipa/ticket/4838
>>>>---
>>>>ipaserver/install/ipa_restore.py | 7 +++++++
>>>>1 file changed, 7 insertions(+)
>>>>
>>>>diff --git a/ipaserver/install/ipa_restore.py
>>>>b/ipaserver/install/ipa_restore.py
>>>>index
>>>>65cb49355a0567446debe9c367aa3c1bc5a12e1c..b69ea90001a6fd03d0fddde8844870d1aa9c3704
>>>>100644
>>>>--- a/ipaserver/install/ipa_restore.py
>>>>+++ b/ipaserver/install/ipa_restore.py
>>>>@@ -410,6 +410,13 @@ class Restore(admintool.AdminTool):
>>>> '''
>>>> Create an ldapi connection and bind to it using autobind as
>>>>root.
>>>> '''
>>>>+ instance_name = installutils.realm_to_serverid(api.env.realm)
>>>>+
>>>>+ if not services.knownservices.dirsrv.is_running(instance_name):
>>>>+ raise admintool.ScriptError(
>>>>+ "directory server instance is not running/configured"
>>>>+ )
>>>>+
>>>> if self._conn is not None:
>>>> return self._conn
>>>>
>>>ACK.
>>>
>>Pushed to:
>>master: 31776755b47f44f894e4f2bb256aca1c5262b8a8
>>ipa-4-2: e4b8cffdb4e017874bb7f12a7ca362b927ead67a
>>
>
>I didn't try, but I'm pretty sure this patch breaks ipa-restore on
>systems without IPA installed, which was not at all the point of the
>ticket - the point was to replace the "Unable to get connection,
>skipping disabling agreements: Unable to bind to LDAP server: [Errno
>2] No such file or directory" error message with something meaningful
>in such a case.
The code below 'if self._conn is not None:' is following:
self._conn = ipaldap.IPAdmin(host=api.env.host,
ldapi=True,
protocol='ldapi',
realm=api.env.realm)
try:
pw_name = pwd.getpwuid(os.geteuid()).pw_name
self._conn.do_external_bind(pw_name)
except Exception, e:
raise admintool.ScriptError('Unable to bind to LDAP server: %s'
% e)
return self._conn
So you'd get the same behavior as ipaldap.IPAdmin will attempt to
connect to LDAP server (it calls ldap.initialize()) and try/except block
will then fail.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list