From afb21a264b103f79ba06226009b85d3027f843fa Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Mon, 29 Apr 2024 10:10:08 +0300 Subject: [PATCH] Remove ipa-nis-manage as we aim to disable NIS server support RHEL 8.3+ already deprecated support for NIS protocol. RHEL 9 does not ship NIS client side RHEL 10 removes NIS server emulator support Fixes: https://pagure.io/freeipa/issue/9363 Signed-off-by: Alexander Bokovoy --- freeipa.spec.in | 2 - install/share/Makefile.am | 2 - install/share/nis-update.uldif | 38 ---- install/share/nis.uldif | 96 ---------- install/tools/Makefile.am | 2 - install/tools/ipa-compat-manage.in | 17 +- install/tools/ipa-nis-manage.in | 205 --------------------- install/tools/man/Makefile.am | 1 - install/tools/man/ipa-nis-manage.1 | 51 ----- install/updates/50-nis.update | 3 - install/updates/Makefile.am | 1 - ipaplatform/base/paths.py | 2 - ipaserver/install/plugins/update_nis.py | 92 --------- ipatests/test_cmdline/test_cli.py | 1 - ipatests/test_integration/test_commands.py | 87 --------- 15 files changed, 14 insertions(+), 586 deletions(-) delete mode 100644 install/share/nis-update.uldif delete mode 100644 install/share/nis.uldif delete mode 100644 install/tools/ipa-nis-manage.in delete mode 100644 install/tools/man/ipa-nis-manage.1 delete mode 100644 install/updates/50-nis.update delete mode 100644 ipaserver/install/plugins/update_nis.py diff --git a/freeipa.spec.in b/freeipa.spec.in index b23c780e612..6a713c1f9f9 100755 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -1409,7 +1409,6 @@ fi %{_sbindir}/ipa-ldap-updater %{_sbindir}/ipa-otptoken-import %{_sbindir}/ipa-compat-manage -%{_sbindir}/ipa-nis-manage %{_sbindir}/ipa-managed-entries %{_sbindir}/ipactl %{_sbindir}/ipa-advise @@ -1481,7 +1480,6 @@ fi %{_mandir}/man1/ipa-ca-install.1* %{_mandir}/man1/ipa-kra-install.1* %{_mandir}/man1/ipa-compat-manage.1* -%{_mandir}/man1/ipa-nis-manage.1* %{_mandir}/man1/ipa-managed-entries.1* %{_mandir}/man1/ipa-ldap-updater.1* %{_mandir}/man8/ipactl.8* diff --git a/install/share/Makefile.am b/install/share/Makefile.am index e0fe4b7d175..100d0d64915 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -68,8 +68,6 @@ dist_app_DATA = \ master-entry.ldif \ memberof-task.ldif \ memberof-conf.ldif \ - nis.uldif \ - nis-update.uldif \ opendnssec_conf.template \ opendnssec_kasp.template \ unique-attributes.ldif \ diff --git a/install/share/nis-update.uldif b/install/share/nis-update.uldif deleted file mode 100644 index e602c1de061..00000000000 --- a/install/share/nis-update.uldif +++ /dev/null @@ -1,38 +0,0 @@ -# Updates for NIS - -# Correct syntax error that caused users to not appear -dn: nis-domain=$DOMAIN+nis-map=netgroup, cn=NIS Server, cn=plugins, cn=config -replace:nis-value-format: %merge(" ","%{memberNisNetgroup}","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\\\")\",\"-\"),%{nisDomainName:-})")::%merge(" ","%{memberNisNetgroup}","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\"),%{nisDomainName:-})") - -# Correct syntax error that caused nested netgroups to not work -# https://bugzilla.redhat.com/show_bug.cgi?id=788625 -dn: nis-domain=$DOMAIN+nis-map=netgroup, cn=NIS Server, cn=plugins, cn=config -replace:nis-value-format: %merge(" ","%{memberNisNetgroup}","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\"),%{nisDomainName:-})")::%merge(" ","%deref_f(\"member\",\"(objectclass=ipanisNetgroup)\",\"cn\")","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\"),%{nisDomainName:-})") - -# Make the padding an expression so usercat and hostcat always gets -# evaluated when displaying entries. -# https://bugzilla.redhat.com/show_bug.cgi?id=767372 -dn: nis-domain=$DOMAIN+nis-map=netgroup, cn=NIS Server, cn=plugins, cn=config -replace:nis-value-format: %merge(" ","%deref_f(\"member\",\"(objectclass=ipanisNetgroup)\",\"cn\")","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"-\"),%{nisDomainName:-})")::%merge(" ","%deref_f(\"member\",\"(objectclass=ipanisNetgroup)\",\"cn\")","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"-\\\")\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"-\\\")\"),%{nisDomainName:-})") - -dn: nis-domain=$DOMAIN+nis-map=ethers.byaddr, cn=NIS Server, cn=plugins, cn=config -default:objectclass: top -default:objectclass: extensibleObject -default:nis-domain: $DOMAIN -default:nis-map: ethers.byaddr -default:nis-base: cn=computers, cn=accounts, $SUFFIX -default:nis-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost)) -default:nis-keys-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%1:%2:%3:%4:%5:%6") -default:nis-values-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%1:%2:%3:%4:%5:%6 %7") -default:nis-secure: no - -dn: nis-domain=$DOMAIN+nis-map=ethers.byname, cn=NIS Server, cn=plugins, cn=config -default:objectclass: top -default:objectclass: extensibleObject -default:nis-domain: $DOMAIN -default:nis-map: ethers.byname -default:nis-base: cn=computers, cn=accounts, $SUFFIX -default:nis-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost)) -default:nis-keys-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%7") -default:nis-values-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%1:%2:%3:%4:%5:%6 %7") -default:nis-secure: no diff --git a/install/share/nis.uldif b/install/share/nis.uldif deleted file mode 100644 index 1735fb55299..00000000000 --- a/install/share/nis.uldif +++ /dev/null @@ -1,96 +0,0 @@ -dn: cn=NIS Server, cn=plugins, cn=config -default:objectclass: top -default:objectclass: nsSlapdPlugin -default:objectclass: extensibleObject -default:cn: NIS Server -default:nsslapd-pluginpath: /usr/lib$LIBARCH/dirsrv/plugins/nisserver-plugin.so -default:nsslapd-plugininitfunc: nis_plugin_init -default:nsslapd-plugintype: object -default:nsslapd-pluginbetxn: on -default:nsslapd-pluginenabled: on -default:nsslapd-pluginid: nis-server -default:nsslapd-pluginversion: 0.10 -default:nsslapd-pluginvendor: redhat.com -default:nsslapd-plugindescription: NIS Server Plugin -default:nis-tcp-wrappers-name: nis-server - -dn: nis-domain=$DOMAIN+nis-map=passwd.byname, cn=NIS Server, cn=plugins, cn=config -default:objectclass: top -default:objectclass: extensibleObject -default:nis-domain: $DOMAIN -default:nis-map: passwd.byname -default:nis-base: cn=users, cn=accounts, $SUFFIX -default:nis-secure: no - -dn: nis-domain=$DOMAIN+nis-map=passwd.byuid, cn=NIS Server, cn=plugins, cn=config -default:objectclass: top -default:objectclass: extensibleObject -default:nis-domain: $DOMAIN -default:nis-map: passwd.byuid -default:nis-base: cn=users, cn=accounts, $SUFFIX -default:nis-secure: no - -dn: nis-domain=$DOMAIN+nis-map=group.byname, cn=NIS Server, cn=plugins, cn=config -default:objectclass: top -default:objectclass: extensibleObject -default:nis-domain: $DOMAIN -default:nis-map: group.byname -default:nis-base: cn=groups, cn=accounts, $SUFFIX -default:nis-secure: no - -dn: nis-domain=$DOMAIN+nis-map=group.bygid, cn=NIS Server, cn=plugins, cn=config -default:objectclass: top -default:objectclass: extensibleObject -default:nis-domain: $DOMAIN -default:nis-map: group.bygid -default:nis-base: cn=groups, cn=accounts, $SUFFIX -default:nis-secure: no - -dn: nis-domain=$DOMAIN+nis-map=netid.byname, cn=NIS Server, cn=plugins, cn=config -default:objectclass: top -default:objectclass: extensibleObject -default:nis-domain: $DOMAIN -default:nis-map: netid.byname -default:nis-base: cn=users, cn=accounts, $SUFFIX -default:nis-secure: no - -# Note that the escapes in this entry can be quite confusing. The trick -# is that each level of nesting requires (2^n) - 1 escapes. So the -# first level is \", the second is \\\", the third is \\\\\\\", etc. -# (1, 3, 7, 15, more than that and you'll go insane) - -# Note that this configuration mirrors the Schema Compat configuration for -# triples. -dn: nis-domain=$DOMAIN+nis-map=netgroup, cn=NIS Server, cn=plugins, cn=config -default:objectclass: top -default:objectclass: extensibleObject -default:nis-domain: $DOMAIN -default:nis-map: netgroup -default:nis-base: cn=ng, cn=alt, $SUFFIX -default:nis-filter: (objectClass=ipanisNetgroup) -default:nis-key-format: %{cn} -default:nis-value-format:%merge(" ","%deref_f(\"member\",\"(objectclass=ipanisNetgroup)\",\"cn\")","(%link(\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%{externalHost}\\\\\\\",\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"%ifeq(\\\"hostCategory\\\",\\\"all\\\",\\\"\\\",\\\"-\\\")\",\",\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"%collect(\\\\\\\"%deref(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\",\\\\\\\"%deref_r(\\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\\",\\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\\")\\\\\\\")\\\")\",\"%ifeq(\\\"userCategory\\\",\\\"all\\\",\\\"\\\",\\\"-\\\")\"),%{nisDomainName:-})") -default:nis-secure: no - -dn: nis-domain=$DOMAIN+nis-map=ethers.byaddr, cn=NIS Server, cn=plugins, cn=config -default:objectclass: top -default:objectclass: extensibleObject -default:nis-domain: $DOMAIN -default:nis-map: ethers.byaddr -default:nis-base: cn=computers, cn=accounts, $SUFFIX -default:nis-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost)) -default:nis-keys-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%1:%2:%3:%4:%5:%6") -default:nis-values-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%1:%2:%3:%4:%5:%6 %7") -default:nis-secure: no - -dn: nis-domain=$DOMAIN+nis-map=ethers.byname, cn=NIS Server, cn=plugins, cn=config -default:objectclass: top -default:objectclass: extensibleObject -default:nis-domain: $DOMAIN -default:nis-map: ethers.byname -default:nis-base: cn=computers, cn=accounts, $SUFFIX -default:nis-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost)) -default:nis-keys-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%7") -default:nis-values-format: %mregsub("%{macAddress} %{fqdn}","(..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..)[:\\\|-](..) (.*)","%1:%2:%3:%4:%5:%6 %7") -default:nis-secure: no - diff --git a/install/tools/Makefile.am b/install/tools/Makefile.am index c454fad9795..a5306ffe942 100644 --- a/install/tools/Makefile.am +++ b/install/tools/Makefile.am @@ -19,7 +19,6 @@ dist_noinst_DATA = \ ipa-server-upgrade.in \ ipactl.in \ ipa-compat-manage.in \ - ipa-nis-manage.in \ ipa-managed-entries.in \ ipa-ldap-updater.in \ ipa-otptoken-import.in \ @@ -56,7 +55,6 @@ nodist_sbin_SCRIPTS = \ ipa-server-upgrade \ ipactl \ ipa-compat-manage \ - ipa-nis-manage \ ipa-managed-entries \ ipa-ldap-updater \ ipa-otptoken-import \ diff --git a/install/tools/ipa-compat-manage.in b/install/tools/ipa-compat-manage.in index 459f39fc826..70dd7c451e0 100644 --- a/install/tools/ipa-compat-manage.in +++ b/install/tools/ipa-compat-manage.in @@ -26,6 +26,7 @@ from ipaplatform.paths import paths try: from optparse import OptionParser # pylint: disable=deprecated-module from ipapython import ipautil, config + from ipapython.ipaldap import realm_to_serverid from ipaserver.install import installutils from ipaserver.install.ldapupdate import LDAPUpdate from ipalib import api, errors @@ -150,9 +151,19 @@ def main(): try: entry = get_entry(nis_config_dn) # We can't disable schema compat if the NIS plugin is enabled - if entry is not None and entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'on': - print("The NIS plugin is configured, cannot disable compatibility.", file=sys.stderr) - print("Run 'ipa-nis-manage disable' first.", file=sys.stderr) + if ( + entry is not None + and entry.get("nsslapd-pluginenabled", [""])[0].lower() == "on" + ): + instance = realm_to_serverid(api.env.realm) + print( + "The NIS plugin is configured, cannot " + "disable compatibility.", file=sys.stderr, + ) + print( + f"Run \"dsconf {instance} plugin set --enabled off " + "'NIS Server'\" first.", file=sys.stderr, + ) retval = 2 except errors.ExecutionError as lde: print("An error occurred while talking to the server.") diff --git a/install/tools/ipa-nis-manage.in b/install/tools/ipa-nis-manage.in deleted file mode 100644 index 6b156ce6a80..00000000000 --- a/install/tools/ipa-nis-manage.in +++ /dev/null @@ -1,205 +0,0 @@ -#!/usr/bin/python3 -# Authors: Rob Crittenden -# Authors: Simo Sorce -# -# Copyright (C) 2009 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# - -from __future__ import print_function - -import sys -import os -from ipaplatform.paths import paths -try: - from optparse import OptionParser # pylint: disable=deprecated-module - from ipapython import ipautil, config - from ipaserver.install import installutils - from ipaserver.install.ldapupdate import LDAPUpdate - from ipalib import api, errors - from ipapython.ipa_log_manager import standard_logging_setup - from ipapython.dn import DN - from ipaplatform import services -except ImportError as e: - print("""\ -There was a problem importing one of the required Python modules. The -error was: - - %s -""" % e, file=sys.stderr) - sys.exit(1) - -nis_config_dn = DN(('cn', 'NIS Server'), ('cn', 'plugins'), ('cn', 'config')) -compat_dn = DN(('cn', 'Schema Compatibility'), ('cn', 'plugins'), ('cn', 'config')) - -def parse_options(): - usage = "%prog [options] \n" - usage += "%prog [options]\n" - parser = OptionParser(usage=usage, formatter=config.IPAFormatter()) - - parser.add_option("-d", "--debug", action="store_true", dest="debug", - help="Display debugging information about the update(s)") - parser.add_option("-y", dest="password", - help="File containing the Directory Manager password") - - config.add_standard_options(parser) - options, args = parser.parse_args() - - return options, args - -def get_dirman_password(): - """Prompt the user for the Directory Manager password and verify its - correctness. - """ - password = installutils.read_password("Directory Manager", confirm=False, validate=False, retry=False) - - return password - -def get_entry(dn): - """ - Return the entry for the given DN. If the entry is not found return - None. - """ - entry = None - try: - entry = api.Backend.ldap2.get_entry(dn) - except errors.NotFound: - pass - return entry - -def main(): - retval = 0 - files = [paths.NIS_ULDIF] - servicemsg = "" - - if os.getegid() != 0: - sys.exit('Must be root to use this tool.') - - installutils.check_server_configuration() - - options, args = parse_options() - - if len(args) != 1: - sys.exit("You must specify one action: enable | disable | status") - elif args[0] not in {"enable", "disable", "status"}: - sys.exit("Unrecognized action [" + args[0] + "]") - - standard_logging_setup(None, debug=options.debug) - dirman_password = "" - if options.password: - try: - pw = ipautil.template_file(options.password, []) - except IOError: - sys.exit("File \"%s\" not found or not readable" % options.password) - dirman_password = pw.strip() - else: - dirman_password = get_dirman_password() - if dirman_password is None: - sys.exit("Directory Manager password required") - - if not dirman_password: - sys.exit("No password supplied") - - api.bootstrap( - context='cli', confdir=paths.ETC_IPA, - debug=options.debug, in_server=True) - api.finalize() - api.Backend.ldap2.connect(bind_pw=dirman_password) - - if args[0] == "enable": - compat = get_entry(compat_dn) - if compat is None or compat.get('nsslapd-pluginenabled', [''])[0].lower() == 'off': - sys.exit("The compat plugin needs to be enabled: ipa-compat-manage enable") - entry = None - try: - entry = get_entry(nis_config_dn) - except errors.ExecutionError as lde: - print("An error occurred while talking to the server.") - print(lde) - retval = 1 - - # Enable either the portmap or rpcbind service - portmap = services.knownservices.portmap - rpcbind = services.knownservices.rpcbind - - if portmap.is_installed(): - portmap.enable() - servicemsg = portmap.service_name - elif rpcbind.is_installed(): - rpcbind.enable() - servicemsg = rpcbind.service_name - else: - print("Unable to enable either %s or %s" % (portmap.service_name, rpcbind.service_name)) - retval = 3 - - # The cn=config entry for the plugin may already exist but it - # could be turned off, handle both cases. - if entry is None: - print("Enabling plugin") - ld = LDAPUpdate() - if ld.update(files) != True: - retval = 1 - elif entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'off': - print("Enabling plugin") - # Already configured, just enable the plugin - entry['nsslapd-pluginenabled'] = ['on'] - api.Backend.ldap2.update_entry(entry) - else: - print("Plugin already Enabled") - retval = 2 - - elif args[0] == "disable": - try: - entry = api.Backend.ldap2.get_entry(nis_config_dn, ['nsslapd-pluginenabled']) - entry['nsslapd-pluginenabled'] = ['off'] - api.Backend.ldap2.update_entry(entry) - except (errors.NotFound, errors.EmptyModlist): - print("Plugin is already disabled") - retval = 2 - except errors.LDAPError as lde: - print("An error occurred while talking to the server.") - print(lde) - retval = 1 - - elif args[0] == "status": - nis_entry = get_entry(nis_config_dn) - enabled = (nis_entry and - nis_entry.get( - 'nsslapd-pluginenabled', '')[0].lower() == "on") - if enabled: - print("Plugin is enabled") - retval = 0 - else: - print("Plugin is not enabled") - retval = 4 - - else: - retval = 1 - - if retval == 0: - if args[0] in {"enable", "disable"}: - print("This setting will not take effect until you restart " - "Directory Server.") - - if args[0] == "enable": - print("The %s service may need to be started." % servicemsg) - - api.Backend.ldap2.disconnect() - - return retval - -if __name__ == '__main__': - installutils.run_script(main, operation_name='ipa-nis-manage') diff --git a/install/tools/man/Makefile.am b/install/tools/man/Makefile.am index 34f359863af..282407602fa 100644 --- a/install/tools/man/Makefile.am +++ b/install/tools/man/Makefile.am @@ -18,7 +18,6 @@ dist_man1_MANS = \ ipa-kra-install.1 \ ipa-ldap-updater.1 \ ipa-compat-manage.1 \ - ipa-nis-manage.1 \ ipa-managed-entries.1 \ ipa-backup.1 \ ipa-restore.1 \ diff --git a/install/tools/man/ipa-nis-manage.1 b/install/tools/man/ipa-nis-manage.1 deleted file mode 100644 index 1107b779053..00000000000 --- a/install/tools/man/ipa-nis-manage.1 +++ /dev/null @@ -1,51 +0,0 @@ -.\" A man page for ipa-nis-manage -.\" Copyright (C) 2009 Red Hat, Inc. -.\" -.\" This program is free software; you can redistribute it and/or modify -.\" it under the terms of the GNU General Public License as published by -.\" the Free Software Foundation, either version 3 of the License, or -.\" (at your option) any later version. -.\" -.\" This program is distributed in the hope that it will be useful, but -.\" WITHOUT ANY WARRANTY; without even the implied warranty of -.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -.\" General Public License for more details. -.\" -.\" You should have received a copy of the GNU General Public License -.\" along with this program. If not, see . -.\" -.\" Author: Rob Crittenden -.\" -.TH "ipa-nis-manage" "1" "April 25 2016" "IPA" "IPA Manual Pages" -.SH "NAME" -ipa\-nis\-manage \- Enables or disables the NIS listener plugin -.SH "SYNOPSIS" -ipa\-nis\-manage [options] -.SH "DESCRIPTION" -Run the command with the \fBenable\fR option to enable the NIS plugin. - -Run the command with the \fBdisable\fR option to disable the NIS plugin. - -Run the command with the \fBstatus\fR option to read status of the NIS plugin. Return code 0 indicates enabled plugin, return code 4 indicates disabled plugin. - -In all cases the user will be prompted to provide the Directory Manager's password unless option \fB\-y\fR is used. - -Directory Server will need to be restarted after the NIS listener plugin has been enabled. - -.SH "OPTIONS" -.TP -\fB\-d\fR, \fB\-\-debug\fR -Enable debug logging when more verbose output is needed -.TP -\fB\-y\fR \fIfile\fR -File containing the Directory Manager password -.SH "EXIT STATUS" -0 if the command was successful - -1 if an error occurred - -2 if the plugin is already in the required status (enabled or disabled) - -3 if RPC services cannot be enabled. - -4 if status command detected plugin in disabled state. diff --git a/install/updates/50-nis.update b/install/updates/50-nis.update deleted file mode 100644 index 05a166f003a..00000000000 --- a/install/updates/50-nis.update +++ /dev/null @@ -1,3 +0,0 @@ -# Updates are applied only if NIS plugin has been configured -# update definitions are located in install/share/nis-update.uldif -plugin: update_nis_configuration diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am index fd96831d8fd..cce2670a6c3 100644 --- a/install/updates/Makefile.am +++ b/install/updates/Makefile.am @@ -52,7 +52,6 @@ app_DATA = \ 50-groupuuid.update \ 50-hbacservice.update \ 50-krbenctypes.update \ - 50-nis.update \ 50-ipaconfig.update \ 55-pbacmemberof.update \ 59-trusts-sysacount.update \ diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index e7092dd52bc..6e8e5926ae3 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -293,8 +293,6 @@ class BasePathNamespace: KRB_CON = "/usr/share/ipa/html/krb.con" HTML_KRB5_INI = "/usr/share/ipa/html/krb5.ini" HTML_KRBREALM_CON = "/usr/share/ipa/html/krbrealm.con" - NIS_ULDIF = "/usr/share/ipa/nis.uldif" - NIS_UPDATE_ULDIF = "/usr/share/ipa/nis-update.uldif" SCHEMA_COMPAT_ULDIF = "/usr/share/ipa/updates/91-schema_compat.update" SCHEMA_COMPAT_POST_ULDIF = "/usr/share/ipa/schema_compat_post.uldif" IPA_JS_PLUGINS_DIR = "/usr/share/ipa/ui/js/plugins" diff --git a/ipaserver/install/plugins/update_nis.py b/ipaserver/install/plugins/update_nis.py deleted file mode 100644 index c02eb5f838a..00000000000 --- a/ipaserver/install/plugins/update_nis.py +++ /dev/null @@ -1,92 +0,0 @@ -# -# Copyright (C) 2015 FreeIPA Contributors see COPYING for license -# - -from __future__ import absolute_import - -import logging - -from ipalib.plugable import Registry -from ipalib import errors -from ipalib import Updater -from ipaplatform.paths import paths -from ipapython.dn import DN -from ipaserver.install import sysupgrade -from ipaserver.install.ldapupdate import LDAPUpdate - -logger = logging.getLogger(__name__) - -register = Registry() - - -@register() -class update_nis_configuration(Updater): - """Update NIS configuration - - NIS configuration can be updated only if NIS Server was configured via - ipa-nis-manage command. - """ - - def __recover_from_missing_maps(self, ldap): - # https://fedorahosted.org/freeipa/ticket/5507 - # if all following DNs are missing, but 'NIS Server' container exists - # we are experiencig bug and maps should be fixed - - if sysupgrade.get_upgrade_state('nis', - 'done_recover_from_missing_maps'): - # this recover must be done only once, a user may deleted some - # maps, we do not want to restore them again - return - - logger.debug("Recovering from missing NIS maps bug") - - suffix = "cn=NIS Server,cn=plugins,cn=config" - domain = self.api.env.domain - missing_dn_list = [ - DN(nis_map.format(domain=domain, suffix=suffix)) for nis_map in [ - "nis-domain={domain}+nis-map=passwd.byname,{suffix}", - "nis-domain={domain}+nis-map=passwd.byuid,{suffix}", - "nis-domain={domain}+nis-map=group.byname,{suffix}", - "nis-domain={domain}+nis-map=group.bygid,{suffix}", - "nis-domain={domain}+nis-map=netid.byname,{suffix}", - "nis-domain={domain}+nis-map=netgroup,{suffix}", - ] - ] - - for dn in missing_dn_list: - try: - ldap.get_entry(dn, attrs_list=['cn']) - except errors.NotFound: - pass - else: - # bug is not effective, at least one of 'possible missing' - # maps was detected - return - - sysupgrade.set_upgrade_state('nis', 'done_recover_from_missing_maps', - True) - - # bug is effective run update to recreate missing maps - ld = LDAPUpdate(api=self.api) - ld.update([paths.NIS_ULDIF]) - - def execute(self, **options): - ldap = self.api.Backend.ldap2 - dn = DN(('cn', 'NIS Server'), ('cn', 'plugins'), ('cn', 'config')) - try: - ldap.get_entry(dn, attrs_list=['cn']) - except errors.NotFound: - # NIS is not configured on system, do not execute update - logger.debug("Skipping NIS update, NIS Server is not configured") - - # container does not exist, bug #5507 is not effective - sysupgrade.set_upgrade_state( - 'nis', 'done_recover_from_missing_maps', True) - else: - self.__recover_from_missing_maps(ldap) - - logger.debug("Executing NIS Server update") - ld = LDAPUpdate(api=self.api) - ld.update([paths.NIS_UPDATE_ULDIF]) - - return False, () diff --git a/ipatests/test_cmdline/test_cli.py b/ipatests/test_cmdline/test_cli.py index ae0d059ce34..718798d6808 100644 --- a/ipatests/test_cmdline/test_cli.py +++ b/ipatests/test_cmdline/test_cli.py @@ -385,7 +385,6 @@ def test_cli_fsencoding(): '/usr/share/ipa/updates/05-pre_upgrade_plugins.update'], 2, None, IPA_NOT_CONFIGURED), (['ipa-managed-entries'], 2, None, IPA_NOT_CONFIGURED), - (['ipa-nis-manage'], 2, None, IPA_NOT_CONFIGURED), (['ipa-pkinit-manage'], 2, None, IPA_NOT_CONFIGURED), (['ipa-replica-manage', 'list'], 1, IPA_NOT_CONFIGURED, None), (['ipa-server-certinstall'], 2, None, IPA_NOT_CONFIGURED), diff --git a/ipatests/test_integration/test_commands.py b/ipatests/test_integration/test_commands.py index 404697ff28f..d86665bced1 100644 --- a/ipatests/test_integration/test_commands.py +++ b/ipatests/test_integration/test_commands.py @@ -1264,93 +1264,6 @@ def get_dirsrv_id(self): serverid = realm_to_serverid(self.master.domain.realm) return("dirsrv@%s.service" % serverid) - def test_ipa_nis_manage_enable(self): - """ - This testcase checks if ipa-nis-manage enable - command enables plugin on an IPA master - """ - dirsrv_service = self.get_dirsrv_id() - console_msg = ( - "Enabling plugin\n" - "This setting will not take effect until " - "you restart Directory Server.\n" - "The rpcbind service may need to be started" - ) - status_msg = "Plugin is enabled" - tasks.kinit_admin(self.master) - result = self.master.run_command( - ["ipa-nis-manage", "enable"], - stdin_text=self.master.config.admin_password, - ) - assert console_msg in result.stdout_text - # verify using backend - conn = self.master.ldap_connect() - dn = DN(('cn', 'NIS Server'), ('cn', 'plugins'), ('cn', 'config')) - entry = conn.get_entry(dn) - nispluginstring = entry.get('nsslapd-pluginEnabled') - assert 'on' in nispluginstring - # restart for changes to take effect - self.master.run_command(["systemctl", "restart", dirsrv_service]) - self.master.run_command(["systemctl", "restart", "rpcbind"]) - time.sleep(DIRSRV_SLEEP) - # check status msg on the console - result = self.master.run_command( - ["ipa-nis-manage", "status"], - stdin_text=self.master.config.admin_password, - ) - assert status_msg in result.stdout_text - - def test_ipa_nis_manage_disable(self): - """ - This testcase checks if ipa-nis-manage disable - command disable plugin on an IPA Master - """ - dirsrv_service = self.get_dirsrv_id() - msg = ( - "This setting will not take effect " - "until you restart Directory Server." - ) - status_msg = "Plugin is not enabled" - tasks.kinit_admin(self.master) - result = self.master.run_command( - ["ipa-nis-manage", "disable"], - stdin_text=self.master.config.admin_password, - ) - assert msg in result.stdout_text - # verify using backend - conn = self.master.ldap_connect() - dn = DN(('cn', 'NIS Server'), ('cn', 'plugins'), ('cn', 'config')) - entry = conn.get_entry(dn) - nispluginstring = entry.get('nsslapd-pluginEnabled') - assert 'off' in nispluginstring - # restart dirsrv for changes to take effect - self.master.run_command(["systemctl", "restart", dirsrv_service]) - time.sleep(DIRSRV_SLEEP) - # check status msg on the console - result = self.master.run_command( - ["ipa-nis-manage", "status"], - stdin_text=self.master.config.admin_password, - raiseonerr=False, - ) - assert result.returncode == 4 - assert status_msg in result.stdout_text - - def test_ipa_nis_manage_enable_incorrect_password(self): - """ - This testcase checks if ipa-nis-manage enable - command throws error on console for invalid DS admin password - """ - msg1 = "Insufficient access: " - msg2 = "Invalid credentials" - result = self.master.run_command( - ["ipa-nis-manage", "enable"], - stdin_text='Invalid_pwd', - raiseonerr=False, - ) - assert result.returncode == 1 - assert msg1 in result.stderr_text - assert msg2 in result.stderr_text - def test_pkispawn_log_is_present(self): """ This testcase checks if pkispawn logged properly.