Mailinglist Archive: opensuse-commit (861 mails)

< Previous Next >
commit yast2-ldap-client for openSUSE:Factory

Hello community,

here is the log from the commit of package yast2-ldap-client for
openSUSE:Factory
checked in at Fri Jan 14 01:54:09 CET 2011.



--------
--- yast2-ldap-client/yast2-ldap-client.changes 2011-01-07 12:59:29.000000000
+0100
+++ yast2-ldap-client/yast2-ldap-client.changes 2011-01-13 11:40:59.000000000
+0100
@@ -1,0 +2,13 @@
+Thu Jan 13 11:37:48 CET 2011 - jsuchome@xxxxxxx
+
+- pass certificate data to .ldap agent (bnc#662949)
+- 2.20.6
+
+-------------------------------------------------------------------
+Wed Jan 12 12:58:31 CET 2011 - jsuchome@xxxxxxx
+
+- write uri instead of just host name to ldap.conf and sssd.conf
+ (bnc#663012)
+- 2.20.5
+
+-------------------------------------------------------------------

calling whatdependson for head-i586


Old:
----
yast2-ldap-client-2.20.4.tar.bz2

New:
----
yast2-ldap-client-2.20.6.tar.bz2

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ yast2-ldap-client.spec ++++++
--- /var/tmp/diff_new_pack.d9BKqC/_old 2011-01-14 01:51:38.000000000 +0100
+++ /var/tmp/diff_new_pack.d9BKqC/_new 2011-01-14 01:51:38.000000000 +0100
@@ -1,5 +1,5 @@
#
-# spec file for package yast2-ldap-client (Version 2.20.4)
+# spec file for package yast2-ldap-client (Version 2.20.6)
#
# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -19,11 +19,11 @@


Name: yast2-ldap-client
-Version: 2.20.4
+Version: 2.20.6
Release: 1

BuildRoot: %{_tmppath}/%{name}-%{version}-build
-Source0: yast2-ldap-client-2.20.4.tar.bz2
+Source0: yast2-ldap-client-2.20.6.tar.bz2

Prefix: /usr

@@ -57,7 +57,7 @@
OpenLDAP server will be used for user authentication.

%prep
-%setup -n yast2-ldap-client-2.20.4
+%setup -n yast2-ldap-client-2.20.6

%build
%{prefix}/bin/y2tool y2autoconf

++++++ yast2-ldap-client-2.20.4.tar.bz2 -> yast2-ldap-client-2.20.6.tar.bz2
++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-ldap-client-2.20.4/VERSION
new/yast2-ldap-client-2.20.6/VERSION
--- old/yast2-ldap-client-2.20.4/VERSION 2011-01-07 12:58:11.000000000
+0100
+++ new/yast2-ldap-client-2.20.6/VERSION 2011-01-13 11:38:24.000000000
+0100
@@ -1 +1 @@
-2.20.4
+2.20.6
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-ldap-client-2.20.4/src/Ldap.ycp
new/yast2-ldap-client-2.20.6/src/Ldap.ycp
--- old/yast2-ldap-client-2.20.4/src/Ldap.ycp 2011-01-07 12:57:30.000000000
+0100
+++ new/yast2-ldap-client-2.20.6/src/Ldap.ycp 2011-01-13 11:36:42.000000000
+0100
@@ -5,7 +5,7 @@
* Authors: Thorsten Kukuk <kukuk@xxxxxxx>
* Anas Nashif <nashif@xxxxxxx>
*
- * $Id: Ldap.ycp 63115 2011-01-06 14:17:50Z jsuchome $
+ * $Id: Ldap.ycp 63166 2011-01-12 12:19:05Z jsuchome $
*/

{
@@ -32,6 +32,7 @@
import "Stage";
import "String";
import "Summary";
+ import "URL";

/**
* show popups with error messages?
@@ -643,6 +644,35 @@
return oes;
}

+ // convert list of uri's to list of hosts
+ string uri2servers (string uri) {
+ return mergestring (maplist (string u, splitstring (uri, " \t"), {
+ map url = URL::Parse (u);
+ string h = url["host"]:"";
+ if (url["port"]:"" != "")
+ h = sformat ("%1:%2", h, url["port"]:"");
+ return h;
+ }), " ");
+ }
+
+ /**
+ * Read values of LDAP hosts from ldap.conf
+ * get them from 'uri' or 'host' values
+ */
+ global string ReadLdapHosts () {
+ string ret = "";
+ string uri = ReadLdapConfEntry ("uri", "");
+ if (uri == "")
+ {
+ ret = ReadLdapConfEntry ("host", "");
+ }
+ else
+ {
+ ret = uri2servers (uri);
+ }
+ return ret;
+ }
+
/**
* Reads LDAP settings from the SCR
* @return success
@@ -689,7 +719,8 @@
size (nsswitch["passwd_compat"]:[]) == 0));
nis_available = nis_available && (Service::Status ("ypbind") == 0);

- server = ReadLdapConfEntry ("host", "");
+ server = ReadLdapHosts ();
+
base_dn = ReadLdapConfEntry ("base", "");

old_base_dn = base_dn;
@@ -975,7 +1006,7 @@
if (bind_pass == nil && servers == "")
{
y2milestone ("--- server not read yet or empty, reading now");
- servers = ReadLdapConfEntry ("host", "");
+ servers = ReadLdapHosts ();
}

list l_servers = splitstring (servers, " \t");
@@ -989,7 +1020,7 @@
if (bind_pass == nil && servers == "")
{
y2milestone ("--- server not read yet or empty, reading now");
- servers = ReadLdapConfEntry ("host", "");
+ servers = ReadLdapHosts ();
}

list l_servers = splitstring (servers, " \t");
@@ -1013,7 +1044,9 @@
"hostname": GetFirstServer (server),
"port": GetFirstPort (server),
"version": ldap_v2 ? 2 : 3,
- "use_tls": ldap_tls ? "yes" : "no"
+ "use_tls": ldap_tls ? "yes" : "no",
+ "cacertdir" : Ldap::tls_cacertdir,
+ "cacertfile": Ldap::tls_cacertfile
];
boolean init = (boolean) SCR::Execute (.ldap, args);
if (init == nil)
@@ -1095,7 +1128,9 @@
"hostname" : GetFirstServer (server),
"port" : GetFirstPort (server),
"version" : ldap_v2 ? 2 : 3,
- "use_tls" : ldap_tls ? "yes" : "no"
+ "use_tls" : ldap_tls ? "yes" : "no",
+ "cacertdir" : Ldap::tls_cacertdir,
+ "cacertfile" : Ldap::tls_cacertfile
];
boolean init = (boolean) SCR::Execute (.ldap, args);
// error message
@@ -1112,7 +1147,7 @@
if (args["use_tls"]:"" == "yes" &&
errmap["tls_error"]:false && ConnectWithoutTLS (errmap))
{
- args["use_tls"] = false;
+ args["use_tls"] = "no";
init = (boolean) SCR::Execute (.ldap, args);
if (init == nil)
ret = unknown;
@@ -1908,8 +1943,23 @@
map out = (map)SCR::Execute(.target.bash_output,
"/bin/rpm -V openldap2-client");

- list open_host = (list) SCR::Read
- (.etc.ldap_conf.v."/etc/openldap/ldap.conf".host);
+ list open_host = [];
+ list open_uri = (list) SCR::Read
+ (.etc.ldap_conf.v."/etc/openldap/ldap.conf".uri);
+ if (open_uri == [])
+ {
+ open_uri = (list) SCR::Read
+ (.etc.ldap_conf.v."/etc/openldap/ldap.conf".URI);
+ }
+ if (open_uri == [])
+ {
+ open_host = (list) SCR::Read
+ (.etc.ldap_conf.v."/etc/openldap/ldap.conf".host);
+ }
+ else
+ {
+ open_host = [ uri2servers (open_uri[0]:"")];
+ }
list open_base = (list) SCR::Read
(.etc.ldap_conf.v."/etc/openldap/ldap.conf".base);

@@ -1925,8 +1975,16 @@
if (write_openldap_conf)
{
// update ldap.conf
- SCR::Write (.etc.ldap_conf.v."/etc/openldap/ldap.conf".host,
- [server]);
+ SCR::Write (.etc.ldap_conf.v."/etc/openldap/ldap.conf".host, nil);
+
+ string uri = mergestring (
+ maplist (string u, splitstring (server, " \t"), {
+ return "ldap://"; + u;
+ }), " ");
+
+ SCR::Write (.etc.ldap_conf.v."/etc/openldap/ldap.conf".uri,
+ [uri]);
+
SCR::Write(.etc.ldap_conf.v."/etc/openldap/ldap.conf".base,
[base_dn]);

@@ -1970,7 +2028,7 @@

path domain = add (.etc.sssd_conf.v, "domain/default");

- string uri = sformat ("ldap%1://%2", ldap_tls ? "s" : "",
String::FirstChunk (server, " \t"));
+ string uri = sformat ("ldap://%1";, String::FirstChunk (server, "
\t"));
SCR::Write (add (domain, "ldap_uri"), uri);
SCR::Write (add (domain, "ldap_search_base"), base_dn);
SCR::Write (add (domain, "ldap_schema"), "rfc2307bis");
@@ -2433,7 +2491,12 @@
if (modified)
{
// update ldap.conf
- WriteLdapConfEntry ("host", server);
+ WriteLdapConfEntry ("host", nil);
+ string uri = mergestring (
+ maplist (string u, splitstring (server, " \t"), {
+ return "ldap://"; + u;
+ }), " ");
+ WriteLdapConfEntry ("uri", uri);
WriteLdapConfEntry ("base", base_dn);

if (member_attribute != old_member_attribute)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-ldap-client-2.20.4/src/LdapPopup.ycp
new/yast2-ldap-client-2.20.6/src/LdapPopup.ycp
--- old/yast2-ldap-client-2.20.4/src/LdapPopup.ycp 2010-08-18
12:35:33.000000000 +0200
+++ new/yast2-ldap-client-2.20.6/src/LdapPopup.ycp 2011-01-13
11:36:57.000000000 +0100
@@ -189,7 +189,9 @@
"hostname" : Ldap::GetFirstServer (Ldap::server),
"port" : Ldap::GetFirstPort (Ldap::server),
"version" : Ldap::ldap_v2 ? 2 : 3,
- "use_tls" : Ldap::ldap_tls ? "yes" : "no"
+ "use_tls" : Ldap::ldap_tls ? "yes" : "no",
+ "cacertdir" : Ldap::tls_cacertdir,
+ "cacertfile": Ldap::tls_cacertfile
];
string error = Ldap::LDAPInitWithTLSCheck (args);
if (error != "")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-ldap-client-2.20.4/src/ui.ycp
new/yast2-ldap-client-2.20.6/src/ui.ycp
--- old/yast2-ldap-client-2.20.4/src/ui.ycp 2011-01-07 12:53:16.000000000
+0100
+++ new/yast2-ldap-client-2.20.6/src/ui.ycp 2011-01-13 11:34:05.000000000
+0100
@@ -5,7 +5,7 @@
* Authors: Thorsten Kukuk <kukuk@xxxxxxx>
* Anas Nashif <nashif@xxxxxxx>
*
- * $Id: ui.ycp 62970 2010-12-07 15:45:14Z jsuchome $
+ * $Id: ui.ycp 63173 2011-01-12 15:57:26Z jsuchome $
*
* All user interface functions.
*/
@@ -332,6 +332,8 @@
UI::ChangeWidget (`id(`server),`ValidChars, Address::ValidChars + " ");
UI::ChangeWidget (`id(`import_cert),`Enabled, ldap_tls);
UI::ChangeWidget (`id(`sssd_cache_credentials),`Enabled, Ldap::sssd);
+ // do not alow to turn off TLS when SSSD is used
+ UI::ChangeWidget (`id (`ldaps), `Enabled, !Ldap::sssd);

symbol result = `not_next;
do {
@@ -372,7 +374,9 @@
"hostname" : Ldap::GetFirstServer (server),
"port" : Ldap::GetFirstPort (server),
"version" : Ldap::ldap_v2 ? 2 : 3,
- "use_tls" : ldap_tls ? "yes" : "no"
+ "use_tls" : ldap_tls ? "yes" : "no",
+ "cacertdir" : Ldap::tls_cacertdir,
+ "cacertfile" : Ldap::tls_cacertfile
]);
if (dn != "")
UI::ChangeWidget (`id(`ldapbasedn), `Value, dn);
@@ -759,7 +763,9 @@
"hostname" : Ldap::GetFirstServer (Ldap::server),
"port" : Ldap::GetFirstPort (Ldap::server),
"version" : Ldap::ldap_v2 ? 2 : 3,
- "use_tls" : Ldap::ldap_tls ? "yes" : "no"
+ "use_tls" : Ldap::ldap_tls ? "yes" : "no",
+ "cacertdir" : Ldap::tls_cacertdir,
+ "cacertfile": Ldap::tls_cacertfile
])
)
{
@@ -1055,7 +1061,9 @@
"hostname" : Ldap::GetFirstServer (Ldap::server),
"port" : Ldap::GetFirstPort (Ldap::server),
"version" : Ldap::ldap_v2 ? 2 : 3,
- "use_tls" : Ldap::ldap_tls ? "yes" : "no"
+ "use_tls" : Ldap::ldap_tls ? "yes" : "no",
+ "cacertdir" : Ldap::tls_cacertdir,
+ "cacertfile": Ldap::tls_cacertfile
]);
if (dn != "")
{
@@ -1130,7 +1138,9 @@
"hostname" : Ldap::GetFirstServer (Ldap::server),
"port" : Ldap::GetFirstPort (Ldap::server),
"version" : Ldap::ldap_v2 ? 2 : 3,
- "use_tls" : Ldap::ldap_tls ? "yes" : "no"
+ "use_tls" : Ldap::ldap_tls ? "yes" : "no",
+ "cacertdir" : Ldap::tls_cacertdir,
+ "cacertfile" : Ldap::tls_cacertfile
]);
if (suf != "")
UI::ReplaceWidget (`id (`rp_suf), `HBox (
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-ldap-client-2.20.4/testsuite/tests/Export.out
new/yast2-ldap-client-2.20.6/testsuite/tests/Export.out
--- old/yast2-ldap-client-2.20.4/testsuite/tests/Export.out 2010-12-07
15:59:18.000000000 +0100
+++ new/yast2-ldap-client-2.20.6/testsuite/tests/Export.out 2011-01-12
13:01:52.000000000 +0100
@@ -1,4 +1,5 @@
Dump ==== reading... ============================
+Read .etc.ldap_conf.v."/etc/ldap.conf"."uri" nil
Read .etc.ldap_conf.v."/etc/ldap.conf"."host" "localhost"
Read .etc.ldap_conf.v."/etc/ldap.conf"."base" "dc=suse,dc=cz"
Read .etc.ldap_conf.v."/etc/ldap.conf"."ldap_version" nil
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-ldap-client-2.20.4/testsuite/tests/Export.ycp
new/yast2-ldap-client-2.20.6/testsuite/tests/Export.ycp
--- old/yast2-ldap-client-2.20.4/testsuite/tests/Export.ycp 2010-08-18
12:34:32.000000000 +0200
+++ new/yast2-ldap-client-2.20.6/testsuite/tests/Export.ycp 2011-01-12
13:19:06.000000000 +0100
@@ -2,7 +2,7 @@
* Read.ycp
* Test of Ldap:Read function
* Author: Jiri Suchomel <jsuchome@xxxxxxx>
- * $Id: Export.ycp 62146 2010-06-23 11:22:59Z jsuchome $
+ * $Id: Export.ycp 63166 2011-01-12 12:19:05Z jsuchome $
*/

{
@@ -31,7 +31,8 @@
"pam_password": "crypt",
"tls_cacertdir" : "/etc/openldap/cacerts/",
"tls_cacertfile": nil,
- "tls_checkpeer" : nil
+ "tls_checkpeer" : nil,
+ "uri" : nil
]
]
],
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-ldap-client-2.20.4/testsuite/tests/LDAPInit.out
new/yast2-ldap-client-2.20.6/testsuite/tests/LDAPInit.out
--- old/yast2-ldap-client-2.20.4/testsuite/tests/LDAPInit.out 2010-08-18
12:34:32.000000000 +0200
+++ new/yast2-ldap-client-2.20.6/testsuite/tests/LDAPInit.out 2011-01-13
11:40:08.000000000 +0100
@@ -1,16 +1,16 @@
Dump ==== init (one server, no port set) ==============
Dump ==== value of server: "localhost"
-Execute .ldap $["hostname":"localhost", "port":389, "use_tls":"no",
"version":3] true
+Execute .ldap $["cacertdir":"", "cacertfile":"",
"hostname":"localhost", "port":389, "use_tls":"no", "version":3] true
Return
Dump ==== init (one server, nonsence port set) ========
Dump ==== value of server: "localhost:sdgfd#$"
-Execute .ldap $["hostname":"localhost", "port":389, "use_tls":"no",
"version":3] true
+Execute .ldap $["cacertdir":"", "cacertfile":"",
"hostname":"localhost", "port":389, "use_tls":"no", "version":3] true
Return
Dump ==== init (more servers set, TLS used) ===========
Dump ==== value of server: "chimera.suse.cz:333 localhost"
-Execute .ldap $["hostname":"chimera.suse.cz", "port":333,
"use_tls":"yes", "version":2] true
+Execute .ldap $["cacertdir":"/etc/ssl/certs", "cacertfile":"",
"hostname":"chimera.suse.cz", "port":333, "use_tls":"yes", "version":2] true
Return
Dump ==== init failed =================================
-Execute .ldap $["hostname":"chimera.suse.cz", "port":333,
"use_tls":"yes", "version":2] false
+Execute .ldap $["cacertdir":"/etc/ssl/certs", "cacertfile":"",
"hostname":"chimera.suse.cz", "port":333, "use_tls":"yes", "version":2] false
Read .ldap.error $["code":11, "msg":"Initialization failed"]
Return Initialization failed
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-ldap-client-2.20.4/testsuite/tests/LDAPInit.ycp
new/yast2-ldap-client-2.20.6/testsuite/tests/LDAPInit.ycp
--- old/yast2-ldap-client-2.20.4/testsuite/tests/LDAPInit.ycp 2010-08-18
12:34:32.000000000 +0200
+++ new/yast2-ldap-client-2.20.6/testsuite/tests/LDAPInit.ycp 2011-01-13
11:39:40.000000000 +0100
@@ -49,6 +49,7 @@
Ldap::server = "chimera.suse.cz:333 localhost";
Ldap::ldap_v2 = true;
Ldap::ldap_tls = true;
+ Ldap::tls_cacertdir = "/etc/ssl/certs";

DUMP (sformat ("==== value of server: \"%1\"", Ldap::server));

diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-ldap-client-2.20.4/testsuite/tests/Read.out
new/yast2-ldap-client-2.20.6/testsuite/tests/Read.out
--- old/yast2-ldap-client-2.20.4/testsuite/tests/Read.out 2010-08-18
12:34:32.000000000 +0200
+++ new/yast2-ldap-client-2.20.6/testsuite/tests/Read.out 2011-01-12
13:03:14.000000000 +0100
@@ -1,5 +1,5 @@
Dump ==== reading... ============================
-Read .etc.ldap_conf.v."/etc/ldap.conf"."host" "localhost"
+Read .etc.ldap_conf.v."/etc/ldap.conf"."uri" "ldap://localhost:333";
Read .etc.ldap_conf.v."/etc/ldap.conf"."base" "dc=suse,dc=cz"
Read .etc.ldap_conf.v."/etc/ldap.conf"."ldap_version" nil
Read .etc.ldap_conf.v."/etc/ldap.conf"."ssl" nil
@@ -22,3 +22,4 @@
Dump nsswitch: -$["group":["compat"], "group_compat":["ldap"],
"passwd":["compat"], "passwd_compat":["ldap"]]-
Dump base config DN: --
Dump bind DN: -uid=manager,dc=suse,dc=cz-
+Dump server: -localhost:333-
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-ldap-client-2.20.4/testsuite/tests/Read.ycp
new/yast2-ldap-client-2.20.6/testsuite/tests/Read.ycp
--- old/yast2-ldap-client-2.20.4/testsuite/tests/Read.ycp 2010-08-18
12:34:32.000000000 +0200
+++ new/yast2-ldap-client-2.20.6/testsuite/tests/Read.ycp 2011-01-12
13:19:06.000000000 +0100
@@ -2,7 +2,7 @@
* Read.ycp
* Test of Ldap:Read function
* Author: Jiri Suchomel <jsuchome@xxxxxxx>
- * $Id: Read.ycp 61773 2010-04-20 09:54:37Z jsuchome $
+ * $Id: Read.ycp 63166 2011-01-12 12:19:05Z jsuchome $
*/

{
@@ -31,7 +31,8 @@
"pam_password": "crypt",
"tls_cacertdir" : "/etc/openldap/cacerts/",
"tls_cacertfile": nil,
- "tls_checkpeer" : "no"
+ "tls_checkpeer" : "no",
+ "uri" : "ldap://localhost:333";
]
]
],
@@ -102,4 +103,6 @@
DUMP ( sformat ("base config DN: -%1-", Ldap::base_config_dn) );

DUMP ( sformat ("bind DN: -%1-", Ldap::bind_dn) );
+
+ DUMP ( sformat ("server: -%1-", Ldap::server) );
}


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...

--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-commit+help@xxxxxxxxxxxx

< Previous Next >
This Thread