install/python-installer/scripts/traf_ldap.py - trafodion - Git at Google

 #!/usr/bin/env python

 # @@@ START COPYRIGHT @@@
 #
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 #
 # @@@ END COPYRIGHT @@@

 ### this script should be run on all nodes with trafodion user ###

 import os
 import sys
 import json
 from common import run_cmd, mod_file, err

 def run():
     """ setup LDAP security """
     dbcfgs = json.loads(dbcfgs_json)

     db_root_user = dbcfgs['db_root_user']
     traf_home = os.environ['TRAF_HOME']
     sqenv_file = traf_home + '/sqenvcom.sh'
     traf_auth_config = '%s/sql/scripts/.traf_authentication_config' % traf_home
     traf_auth_template = '%s/sql/scripts/traf_authentication_config' % traf_home

     ldap_hostname = ''
     for host in dbcfgs['ldap_hosts'].split(','):
         ldap_hostname += 'LDAPHostName:%s\n' % host
     unique_identifier = ''
     for identifier in dbcfgs['ldap_identifiers'].split(';'):
         unique_identifier += 'UniqueIdentifier:%s\n' % identifier

     # set traf_authentication_config file
     change_items = {
         'LDAPHostName:.*': ldap_hostname.strip(),
         'LDAPPort:.*': 'LDAPPort:%s' % dbcfgs['ldap_port'],
         'UniqueIdentifier:.*': unique_identifier.strip(),
         'LDAPSSL:.*': 'LDAPSSL:%s' % dbcfgs['ldap_encrypt'],
         'TLS_CACERTFilename:.*': 'TLS_CACERTFilename:%s' % dbcfgs['ldap_certpath'],
         'LDAPSearchDN:.*': 'LDAPSearchDN:%s' % dbcfgs['ldap_user'],
         'LDAPSearchPwd:.*': 'LDAPSearchPwd:%s' % dbcfgs['ldap_pwd']
     }

     print 'Modify authentication config file'
     run_cmd('cp %s %s' % (traf_auth_template, traf_auth_config))
     mod_file(traf_auth_config, change_items)

     print 'Check LDAP Configuration file for errors'
     run_cmd('ldapconfigcheck -file %s' % traf_auth_config)

     print 'Verify that LDAP user %s exists' % db_root_user
     run_cmd('ldapcheck --verbose --username=%s' % db_root_user)
     #if not 'Authentication successful' in ldapcheck_result:
     #    err('Failed to access LDAP server with user %s' % db_root_user)

     print 'Modfiy sqenvcom.sh to turn on authentication'
     mod_file(sqenv_file, {'TRAFODION_ENABLE_AUTHENTICATION=.*':'TRAFODION_ENABLE_AUTHENTICATION=YES'})

 # main
 try:
     dbcfgs_json = sys.argv[1]
 except IndexError:
     err('No db config found')
 run()
	#!/usr/bin/env python

	# @@@ START COPYRIGHT @@@
	#
	# Licensed to the Apache Software Foundation (ASF) under one
	# or more contributor license agreements. See the NOTICE file
	# distributed with this work for additional information
	# regarding copyright ownership. The ASF licenses this file
	# to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance
	# with the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing,
	# software distributed under the License is distributed on an
	# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	# KIND, either express or implied. See the License for the
	# specific language governing permissions and limitations
	# under the License.
	#
	# @@@ END COPYRIGHT @@@

	### this script should be run on all nodes with trafodion user ###

	import os
	import sys
	import json
	from common import run_cmd, mod_file, err

	def run():
	""" setup LDAP security """
	dbcfgs = json.loads(dbcfgs_json)

	db_root_user = dbcfgs['db_root_user']
	traf_home = os.environ['TRAF_HOME']
	sqenv_file = traf_home + '/sqenvcom.sh'
	traf_auth_config = '%s/sql/scripts/.traf_authentication_config' % traf_home
	traf_auth_template = '%s/sql/scripts/traf_authentication_config' % traf_home

	ldap_hostname = ''
	for host in dbcfgs['ldap_hosts'].split(','):
	ldap_hostname += 'LDAPHostName:%s\n' % host
	unique_identifier = ''
	for identifier in dbcfgs['ldap_identifiers'].split(';'):
	unique_identifier += 'UniqueIdentifier:%s\n' % identifier

	# set traf_authentication_config file
	change_items = {
	'LDAPHostName:.*': ldap_hostname.strip(),
	'LDAPPort:.*': 'LDAPPort:%s' % dbcfgs['ldap_port'],
	'UniqueIdentifier:.*': unique_identifier.strip(),
	'LDAPSSL:.*': 'LDAPSSL:%s' % dbcfgs['ldap_encrypt'],
	'TLS_CACERTFilename:.*': 'TLS_CACERTFilename:%s' % dbcfgs['ldap_certpath'],
	'LDAPSearchDN:.*': 'LDAPSearchDN:%s' % dbcfgs['ldap_user'],
	'LDAPSearchPwd:.*': 'LDAPSearchPwd:%s' % dbcfgs['ldap_pwd']
	}

	print 'Modify authentication config file'
	run_cmd('cp %s %s' % (traf_auth_template, traf_auth_config))
	mod_file(traf_auth_config, change_items)

	print 'Check LDAP Configuration file for errors'
	run_cmd('ldapconfigcheck -file %s' % traf_auth_config)

	print 'Verify that LDAP user %s exists' % db_root_user
	run_cmd('ldapcheck --verbose --username=%s' % db_root_user)
	#if not 'Authentication successful' in ldapcheck_result:
	# err('Failed to access LDAP server with user %s' % db_root_user)

	print 'Modfiy sqenvcom.sh to turn on authentication'
	mod_file(sqenv_file, {'TRAFODION_ENABLE_AUTHENTICATION=.*':'TRAFODION_ENABLE_AUTHENTICATION=YES'})

	# main
	try:
	dbcfgs_json = sys.argv[1]
	except IndexError:
	err('No db config found')
	run()