Author: jsuchome Date: Wed Mar 23 08:47:34 2011 New Revision: 63626 URL: http://svn.opensuse.org/viewcvs/yast?rev=63626&view=rev Log: - remove 'ldap' from nsswitch.conf when sssd is configured (bnc#681818) - remove ldap and ldap-account_only PAM modules when sssd is set - 2.21.3 Modified: trunk/ldap-client/VERSION trunk/ldap-client/package/yast2-ldap-client.changes trunk/ldap-client/src/Ldap.ycp Modified: trunk/ldap-client/VERSION URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-client/VERSION?rev=63626&r1=63625&r2=63626&view=diff ============================================================================== --- trunk/ldap-client/VERSION (original) +++ trunk/ldap-client/VERSION Wed Mar 23 08:47:34 2011 @@ -1 +1 @@ -2.21.2 +2.21.3 Modified: trunk/ldap-client/package/yast2-ldap-client.changes URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-client/package/yast2-ldap-client.changes?rev=63626&r1=63625&r2=63626&view=diff ============================================================================== --- trunk/ldap-client/package/yast2-ldap-client.changes (original) +++ trunk/ldap-client/package/yast2-ldap-client.changes Wed Mar 23 08:47:34 2011 @@ -1,4 +1,12 @@ ------------------------------------------------------------------- +Wed Mar 23 08:45:31 CET 2011 - jsuchome@suse.cz + +- remove 'ldap' from nsswitch.conf when sssd is configured + (bnc#681818) +- remove ldap and ldap-account_only PAM modules when sssd is set +- 2.21.3 + +------------------------------------------------------------------- Fri Mar 18 15:29:33 CET 2011 - jsuchome@suse.cz - added command line options for SSSD (bnc#680848) Modified: trunk/ldap-client/src/Ldap.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-client/src/Ldap.ycp?rev=63626&r1=63625&r2=63626&view=diff ============================================================================== --- trunk/ldap-client/src/Ldap.ycp (original) +++ trunk/ldap-client/src/Ldap.ycp Wed Mar 23 08:47:34 2011 @@ -2648,15 +2648,36 @@ { Pam::Add ("sss"); // Add "sss" to the passwd and group databases in nsswitch.conf - Nsswitch::WriteDb ("passwd", (list<string>) - union (nsswitch["passwd"]:[], ["sss"])); - Nsswitch::WriteDb ("group", (list<string>) - union (nsswitch["group"]:[], ["sss"])); + + foreach (string db, [ "passwd", "group" ], { + // replace 'ldap' with sss + nsswitch [db] = filter ( + string v, nsswitch[db]:[], ``(v != "ldap")); + nsswitch [db] = union (nsswitch[db]:[], ["sss"]); + Nsswitch::WriteDb (db, nsswitch[db]:["sss"]); + + // remove 'ldap' from _compat entries + string new_db = db+"_compat"; + nsswitch [new_db] = filter ( + string v, nsswitch[new_db]:[], ``(v != "ldap")); + Nsswitch::WriteDb (new_db, nsswitch[new_db]:[]); + }); + // remove ldap entries from ldap-only db's + foreach (string db, ["services" ,"netgroup", "aliases" ], { + list<string> db_l = (list<string>) filter ( + string v, Nsswitch::ReadDb (db), ``(v != "ldap")); + if (db_l == []) + db_l = ["files"]; + Nsswitch::WriteDb (db, db_l); + }); + if (Pam::Enabled("krb5")) { y2milestone ("configuring 'sss', so 'krb5' will be removed"); + Pam::Remove ("ldap-account_only"); Pam::Remove ("krb5"); } + Pam::Remove ("ldap"); } else { @@ -2705,7 +2726,6 @@ } else if (!oes) // ldap is not used { - //TODO: first check, if nss needs to be updated... foreach (string db, [ "passwd", "group" ], ``{ string new_db = db+"_compat"; nsswitch [db] = filter ( -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org