From 505d5224f1c9828467fec0fbb154bc97e8b63f9f Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Thu, 18 Jun 2015 05:25:05 -0400 Subject: [PATCH] Upgrade: add scriptlet to add profile schema --- base/server/share/conf/schema-certProfile.ldif | 9 ++++++ base/server/upgrade/10.2.5/02-AddProfileSchema | 45 ++++++++++++++++++++++++++ 2 files changed, 54 insertions(+) create mode 100644 base/server/share/conf/schema-certProfile.ldif create mode 100644 base/server/upgrade/10.2.5/02-AddProfileSchema diff --git a/base/server/share/conf/schema-certProfile.ldif b/base/server/share/conf/schema-certProfile.ldif new file mode 100644 index 0000000000000000000000000000000000000000..44c79624abf34dcc41328b65e3cd57adebec5b04 --- /dev/null +++ b/base/server/share/conf/schema-certProfile.ldif @@ -0,0 +1,9 @@ +dn: cn=schema +changetype: modify +add: attributeTypes +attributeTypes: ( classId-oid NAME 'classId' DESC 'Certificate profile class ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( certProfileConfig-oid NAME 'certProfileConfig' DESC 'Certificate profile configuration' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'user defined' ) +- +add: objectClasses +objectClasses: ( certProfile-oid NAME 'certProfile' DESC 'Certificate profile' SUP top STRUCTURAL MUST cn MAY ( classId $ certProfileConfig ) X-ORIGIN 'user defined' ) +- diff --git a/base/server/upgrade/10.2.5/02-AddProfileSchema b/base/server/upgrade/10.2.5/02-AddProfileSchema new file mode 100644 index 0000000000000000000000000000000000000000..9fc8d12482b703d6587cec884b9d574d7d31a7ad --- /dev/null +++ b/base/server/upgrade/10.2.5/02-AddProfileSchema @@ -0,0 +1,45 @@ +#!/usr/bin/python +# Authors: +# Fraser Tweedale +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2015 Red Hat, Inc. +# All rights reserved. +# + +import os +import re +import subprocess + +import pki.server.upgrade + + +class AddProfileSchema(pki.server.upgrade.PKIServerUpgradeScriptlet): + def __init__(self): + super(AddProfileSchema, self).__init__() + self.message = 'Add LDAP schema for certificate profiles' + + def upgrade_instance(self, instance): + password_conf = None + with open(os.path.join(instance.conf_dir, 'password.conf')) as f: + password_conf = f.read() + match = re.search(r'^internaldb=(.*)', password_conf, re.MULTILINE) + password = match.group(1) + subprocess.check_call([ + 'ldapmodify', + '-D', 'cn=Directory Manager', + '-w', password, + '-f', '/usr/share/pki/server/conf/schema-certProfile.ldif' + ]) -- 2.1.0