Author: jsuchome Date: Wed May 23 10:06:23 2007 New Revision: 38093 URL: http://svn.opensuse.org/viewcvs/yast?rev=38093&view=rev Log: - added LDAPInitWithTLSCheck function to offer fallback to uncrypted connection when start_tls method failed (#246397) - save changed settings even if PAM is not set (#248181) - 2.15.8 Modified: trunk/ldap-client/VERSION trunk/ldap-client/package/yast2-ldap-client.changes trunk/ldap-client/src/Ldap.ycp trunk/ldap-client/src/LdapPopup.ycp trunk/ldap-client/src/ldap_browser.ycp Modified: trunk/ldap-client/VERSION URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-client/VERSION?rev=38093&r1=38092&r2=38093&view=diff ============================================================================== --- trunk/ldap-client/VERSION (original) +++ trunk/ldap-client/VERSION Wed May 23 10:06:23 2007 @@ -1 +1 @@ -2.15.7 +2.15.8 Modified: trunk/ldap-client/package/yast2-ldap-client.changes URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-client/package/yast2-ldap-client.changes?rev=38093&r1=38092&r2=38093&view=diff ============================================================================== --- trunk/ldap-client/package/yast2-ldap-client.changes (original) +++ trunk/ldap-client/package/yast2-ldap-client.changes Wed May 23 10:06:23 2007 @@ -1,4 +1,12 @@ ------------------------------------------------------------------- +Wed May 23 09:50:50 CEST 2007 - jsuchome@suse.cz + +- added LDAPInitWithTLSCheck function to offer fallback to uncrypted + connection when start_tls method failed (#246397) +- save changed settings even if PAM is not set (#248181) +- 2.15.8 + +------------------------------------------------------------------- Thu May 3 13:58:40 CEST 2007 - jsuchome@suse.cz - support minimal command line for ldap_browser (#269897) Modified: trunk/ldap-client/src/Ldap.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-client/src/Ldap.ycp?rev=38093&r1=38092&r2=38093&view=diff ============================================================================== --- trunk/ldap-client/src/Ldap.ycp (original) +++ trunk/ldap-client/src/Ldap.ycp Wed May 23 10:06:23 2007 @@ -883,6 +883,103 @@ } /** + * popup shown after failed connection: ask for retry withou TLS (see bug 246397) + * @return true if user wants to retry without TLS + */ + global define boolean ConnectWithoutTLS (map errmap) { + + UI::OpenDialog (`HBox(`HSpacing (0.5), + `VBox( + `VSpacing (0.5), + // label + `Left (`Heading (Label::ErrorMsg())), + // error message + `Left (`Label (_("Connection to the LDAP server cannot be established."))), + `ReplacePoint (`id(`rp), `Empty()), + `VSpacing (0.2), + `Left (`CheckBox (`id(`details), `opt (`notify), + // checkbox label + _("&Show Details"), false)), + `VSpacing (), + `Left (`Label ( + // question following error message (yes/no buttons follow) +_("A possible cause of the failed connection may be that your client is +configured for TLS/SSL but the server does not support it. + +Retry connection without TLS/SSL?"))), + `HBox ( + `PushButton (`id(`yes), `opt(`key_F10,`default), Label::YesButton()), + `PushButton (`id(`no),`opt(`key_F9), Label::NoButton()) + ) + ), + `HSpacing(0.5)) + ); + any ret = nil; + do + { + ret = UI::UserInput(); + if (ret == `details) + { + if ((boolean)UI::QueryWidget (`id(`details), `Value)) + UI::ReplaceWidget (`id(`rp), `VBox ( + `Label (errmap["msg"]:""))); + else + UI::ReplaceWidget (`id(`rp), `Empty()); + } + } + while (ret != `yes && ret != `no); + UI::CloseDialog (); + return ret == `yes; + } + + /** + * Initializes LDAP agent, offers to turn off TLS if it failed + * @args arguments to use for initializaton (if empty, uses the current values) + */ + global define string LDAPInitWithTLSCheck (map args) { + + string ret = ""; + if (args == $[]) + args = $[ + "hostname" : GetFirstServer (server), + "port" : GetFirstPort (server), + "version" : ldap_v2 ? 2 : 3, + "use_tls" : ldap_tls ? "yes" : "no" + ]; + boolean init = (boolean) SCR::Execute (.ldap, args); + // error message + string unknown = _("Unknown error. Perhaps 'yast2-ldap' is not available."); + if (init == nil) + { + ret = unknown; + } + else + { + if (!init) + { + map errmap = Ldap::LDAPErrorMap (); + if (ldap_tls && errmap["tls_error"]:false && ConnectWithoutTLS (errmap)) + { + args["use_tls"] = false; + init = (boolean) SCR::Execute (.ldap, args); + if (init == nil) + ret = unknown; + else if (!init) + ret = LDAPError(); + } + else + { + ret = errmap["msg"]:""; + if (errmap["server_msg"]:"" != "") + ret = sformat ("%1\n%2", ret, errmap["server_msg"]:""); + } + } + ldap_initialized = init; + } + return ret; + } + + /** * Binds to LDAP server * @param pass password */ @@ -2128,21 +2225,6 @@ WriteLdapConfEntry ("ssl", "no"); Pam::Set ("mkhomedir", mkhomedir); - } - if (start) // ldap used for authentocation - { - // ---------- correct pam_password value for Novell eDirectory - if (pam_password != "nds" && expert_ui) - { - if (!nds_checked && !Mode::autoinst ()) - { - CheckNDS (); - } - if (nds) - { - pam_password = "nds"; - } - } WriteLdapConfEntry ("pam_password", pam_password); @@ -2162,6 +2244,22 @@ (nss_base_shadow != "")? nss_base_shadow : user_base); WriteLdapConfEntry ("nss_base_group", (nss_base_group != "")? nss_base_group : user_base); + } + if (start) // ldap used for authentocation + { + // ---------- correct pam_password value for Novell eDirectory + if (pam_password != "nds" && expert_ui) + { + if (!nds_checked && !Mode::autoinst ()) + { + CheckNDS (); + } + if (nds) + { + pam_password = "nds"; + } + WriteLdapConfEntry ("pam_password", pam_password); + } // override LDAPNOINIT (#217701) WriteLdapConfEntry ("tls_checkpeer", "no"); Modified: trunk/ldap-client/src/LdapPopup.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-client/src/LdapPopup.ycp?rev=38093&r1=38092&r2=38093&view=diff ============================================================================== --- trunk/ldap-client/src/LdapPopup.ycp (original) +++ trunk/ldap-client/src/LdapPopup.ycp Wed May 23 10:06:23 2007 @@ -187,10 +187,10 @@ "version" : Ldap::ldap_v2 ? 2 : 3, "use_tls" : Ldap::ldap_tls ? "yes" : "no" ]; - boolean init = (boolean) SCR::Execute (.ldap, args); - if (init == nil || !init) + string error = Ldap::LDAPInitWithTLSCheck (args); + if (error != "") { - Ldap::LDAPErrorMessage ("init", Ldap::LDAPError ()); + Ldap::LDAPErrorMessage ("init", error); return root_dn; } return BrowseTree (root_dn); Modified: trunk/ldap-client/src/ldap_browser.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-client/src/ldap_browser.ycp?rev=38093&r1=38092&r2=38093&view=diff ============================================================================== --- trunk/ldap-client/src/ldap_browser.ycp (original) +++ trunk/ldap-client/src/ldap_browser.ycp Wed May 23 10:06:23 2007 @@ -89,55 +89,6 @@ return size (tmp_data) > 0; } - /** - * popup shown after failed connection: ask for retry withou TLS (see bug 246397) - * @return true if user wants to retry without TLS - */ - define boolean connect_without_tls (map errmap) { - - UI::OpenDialog (`HBox(`HSpacing (0.5), - `VBox( - `VSpacing (0.5), - // label - `Left (`Heading (Label::ErrorMsg())), - // error message - `Left (`Label (_("Connection to the LDAP server cannot be established."))), - `ReplacePoint (`id(`rp), `Empty()), - `VSpacing (0.2), - `Left (`CheckBox (`id(`details), `opt (`notify), - // checkbox label - _("&Show Details"), false)), - `VSpacing (), - `Left (`Label ( - // question following error message (yes/no buttons follow) -_("A possible cause of the failed connection may be that your client is -configured for TLS/SSL but the server does not support it. - -Retry connection without TLS/SSL?"))), - `HBox ( - `PushButton (`id(`yes), `opt(`key_F10,`default), Label::YesButton()), - `PushButton (`id(`no),`opt(`key_F9), Label::NoButton()) - ) - ), - `HSpacing(0.5)) - ); - any ret = nil; - do - { - ret = UI::UserInput(); - if (ret == `details) - { - if ((boolean)UI::QueryWidget (`id(`details), `Value)) - UI::ReplaceWidget (`id(`rp), `VBox ( - `Label (errmap["msg"]:""))); - else - UI::ReplaceWidget (`id(`rp), `Empty()); - } - } - while (ret != `yes && ret != `no); - UI::CloseDialog (); - return ret == `yes; - } // helper: create the value that should be shown instead of whole DN in tree define string show_dn (string dn) { @@ -367,31 +318,11 @@ Ldap::bind_pass = (string) UI::QueryWidget(`id(`pw), `Value); Ldap::SetAnonymous (ret == `anon); - string error = ""; - map args = $[ - "hostname" : Ldap::GetFirstServer (Ldap::server), - "port" : Ldap::GetFirstPort (Ldap::server), - "version" : Ldap::ldap_v2 ? 2 : 3, - "use_tls" : Ldap::ldap_tls ? "yes" : "no" - ]; - if (SCR::Execute (.ldap, args) != true) + string error = Ldap::LDAPInitWithTLSCheck ($[]); + if (error != "") { - map errmap = Ldap::LDAPErrorMap (); - if (Ldap::ldap_tls && errmap["tls_error"]:false && connect_without_tls (errmap)) - { - Ldap::ldap_tls = false; - error = Ldap::LDAPInit (); - if (error != "") - { - Ldap::LDAPErrorMessage ("init", error); - continue; - } - } - else - { - Ldap::LDAPErrorMessage ("init", errmap["msg"]:""); - continue; - } + Ldap::LDAPErrorMessage ("init", error); + continue; } error = Ldap::LDAPBind (Ldap::bind_pass); -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org