[Bug 729174] New: "yast2 kerberos" and "yast2 ldap" do not generate valid sssd.conf for multiple servers
https://bugzilla.novell.com/show_bug.cgi?id=729174 https://bugzilla.novell.com/show_bug.cgi?id=729174#c0 Summary: "yast2 kerberos" and "yast2 ldap" do not generate valid sssd.conf for multiple servers Classification: openSUSE Product: openSUSE 11.4 Version: Final Platform: All OS/Version: openSUSE 11.4 Status: NEW Severity: Normal Priority: P5 - None Component: YaST2 AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: volker.maibaum@eberspaecher.com QAContact: jsrain@suse.com Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux i686; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 It is possible to set multiple ldap server in "yast2 ldap" seperated by spaces e.g.: Addresses of LDAP Servers: ldapserver1 ldapserver2 Yast generates the following statement in /etc/ldap.conf: uri ldap://ldapserver1 ldap://ldapserver2 Yast also generates the following statement in /etc/sssd/sssd.conf: ldap_uri ldap://ldapserver1 --> This is wrong, because the second ldap server is missing. ldap_uri should be as followed: ldap_uri ldap://ldapserver1, ldap://ldapserver2 A similar error, but even worse, is produces by "yast2 kerberos". I can specify multiple kdc server seperated by spaces. E.g.: KDC Server Address: kdcserver1 kdcserver2 Yast generates the following statements in krb5.conf: MY.REALM = { [...] kdc = kdcserver1 kdc = kdcserver2 [...] } Yast also generates the following statements in sssd.conf krb5_kdcip = kdcserver1 kdcserver2 This statement is invalid an produces errors like this: (Wed Nov 9 10:38:49 2011) [sssd[be[default]]] [be_resolve_server_done] (6): Couldn't resolve server (kdcserver1 kdcserver2), resolver returned (4) Yast should generate the following statement in sssd.conf krb5_kdcip = kdcserver1, kdcserver2 Reproducible: Always Steps to Reproduce: 1. Configure multiple ldap servers with "yast2 ldap" 2. Configure multiple kerberos servers with "yast2 kerberos" 3. Actual Results: Invalid/incomplete statements in /etc/sssd/sssd.conf Expected Results: Yast2 should have generated valid entries in sssd.conf as described above -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=729174 https://bugzilla.novell.com/show_bug.cgi?id=729174#c zj jia <zjjia@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |zjjia@suse.com AssignedTo|bnc-team-screening@forge.pr |yast2-maintainers@suse.de |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=729174 https://bugzilla.novell.com/show_bug.cgi?id=729174#c Martin Vidner <mvidner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|yast2-maintainers@suse.de |jsuchome@suse.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=729174 https://bugzilla.novell.com/show_bug.cgi?id=729174#c Jiří Suchomel <jsuchome@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium Status|NEW |ASSIGNED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=729174 https://bugzilla.novell.com/show_bug.cgi?id=729174#c2 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |maint:running:44203:low --- Comment #2 from Swamp Workflow Management <swamp@suse.de> 2011-11-15 18:52:17 UTC --- The SWAMPID for this issue is 44203. This issue was rated as low. Please submit fixed packages until 2011-12-13. Also create a patchinfo file using this link: https://swamp.suse.de/webswamp/wf/44203 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=729174 https://bugzilla.novell.com/show_bug.cgi?id=729174#c4 --- Comment #4 from Jiří Suchomel <jsuchome@suse.com> 2011-11-16 13:11:41 UTC --- Created an attachment (id=462367) --> (http://bugzilla.novell.com/attachment.cgi?id=462367) patch for /usr/share/YaST2/modules/Ldap.ycp -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=729174 https://bugzilla.novell.com/show_bug.cgi?id=729174#c5 --- Comment #5 from Jiří Suchomel <jsuchome@suse.com> 2011-11-16 13:12:28 UTC --- Created an attachment (id=462368) --> (http://bugzilla.novell.com/attachment.cgi?id=462368) patch for /usr/share/YaST2/modules/Kerberos.ycp -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=729174 https://bugzilla.novell.com/show_bug.cgi?id=729174#c6 Jiří Suchomel <jsuchome@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO CC| |rhafer@suse.com InfoProvider| |volker.maibaum@eberspaecher | |.com --- Comment #6 from Jiří Suchomel <jsuchome@suse.com> 2011-11-16 13:13:40 UTC --- Volker, could you plese patch your /usr/share/YaST2/modules/Ldap.ycp and /usr/share/YaST2/modules/Kerberos.ycp, run 'ycpc -c /usr/share/YaST2/modules/Ldap.ycp' 'ycpc -c /usr/share/YaST2/modules/Kerberos.ycp' and try again, if it fixes your issues? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=729174 https://bugzilla.novell.com/show_bug.cgi?id=729174#c7 --- Comment #7 from Volker Maibaum <volker.maibaum@eberspaecher.com> 2011-11-16 13:38:11 UTC --- I patched the files and tried again. The ldap_uri is now created correct. The krb5_kdcip still doesn't contain the kdcs seperated by comma. This is what I did: hostname:/tmp/patch_yast # patch -b /usr/share/YaST2/modules/Ldap.ycp bug-729174_Ldap.diff patching file /usr/share/YaST2/modules/Ldap.ycp Hunk #1 succeeded at 581 (offset -25 lines). Hunk #2 succeeded at 2110 with fuzz 1 (offset -128 lines). hostname:/tmp/patch_yast # patch -b /usr/share/YaST2/modules/Kerberos.ycp bug-729174_Kerberos.diff patching file /usr/share/YaST2/modules/Kerberos.ycp Hunk #1 succeeded at 495 (offset -8 lines). hostname:/tmp/patch_yast # ycpc -c /usr/share/YaST2/modules/Ldap.ycp compiling to '/usr/share/YaST2/modules/Ldap.ybc' parsing '/usr/share/YaST2/modules/Ldap.ycp' ldap/routines.ycp:15 [Parser] Warning: Ignoring self-import modules/Ldap.ycp:986 [Parser] Warning: Format string is not constant, no parameter checking possible modules/Ldap.ycp:987 [Parser] Warning: Format string is not constant, no parameter checking possible done saving ... hostname:/tmp/patch_yast # ycpc -c /usr/share/YaST2/modules/Kerberos.ycp compiling to '/usr/share/YaST2/modules/Kerberos.ybc' parsing '/usr/share/YaST2/modules/Kerberos.ycp' modules/Kerberos.ycp:737 [Parser] Warning: Definition shadows global symbol modules/Kerberos.ycp:737 [Parser] Warning: 'packages' defined in /usr/share/YaST2/modules/Kerberos.ycp:85. done saving ... yast2 ldap: - Addresses of LDAP Servers: ldap1 ldap2 --> sssd.conf ldap_uri = ldap://ldap1,ldap://ldap2 # OK yast2 kerberos: - KDC Server Address: kdc1 kdc2 --> sssd.conf krb5_kdcip = kdc1 kdc2 # NOT OK -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=729174 https://bugzilla.novell.com/show_bug.cgi?id=729174#c8 --- Comment #8 from Volker Maibaum <volker.maibaum@eberspaecher.com> 2011-11-16 13:50:48 UTC --- I think you modified the kdc string but output the original string // divide by commas: krb5_kdcip = kdcserver1, kdcserver2 (bnc#729174) string krb5_kdcip = mergestring (splitstring (kdc, " "), ","); SCR::Write (add (domain, "krb5_kdcip"), kdc); probably shoud read ? // divide by commas: krb5_kdcip = kdcserver1, kdcserver2 (bnc#729174) string krb5_kdcip = mergestring (splitstring (kdc, " "), ","); SCR::Write (add (domain, "krb5_kdcip"), krb5_kdcip); -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=729174 https://bugzilla.novell.com/show_bug.cgi?id=729174#c9 --- Comment #9 from Volker Maibaum <volker.maibaum@eberspaecher.com> 2011-11-16 14:00:52 UTC --- With the following patch it works: --- Kerberos.ycp.orig_sav 2011-11-16 14:51:28.846535755 +0100 +++ Kerberos.ycp 2011-11-16 14:55:43.976778275 +0100 @@ -495,7 +495,9 @@ SCR::Write (add (domain, "auth_provider"), "krb5"); SCR::Write (add (domain, "chpass_provider"), "krb5"); SCR::Write (add (domain, "krb5_realm"), default_realm); - SCR::Write (add (domain, "krb5_kdcip"), kdc); + // divide by commas: krb5_kdcip = kdcserver1, kdcserver2 (bnc#729174) + string krb5_kdcip = mergestring (splitstring (kdc, " "), ","); + SCR::Write (add (domain, "krb5_kdcip"), krb5_kdcip); if (!SCR::Write(.etc.sssd_conf, nil)) { y2error ("error writing ldap.conf file"); -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=729174 https://bugzilla.novell.com/show_bug.cgi?id=729174#c10 Jiří Suchomel <jsuchome@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED InfoProvider|volker.maibaum@eberspaecher | |.com | --- Comment #10 from Jiří Suchomel <jsuchome@suse.com> 2011-11-16 14:03:58 UTC --- (In reply to comment #8)
I think you modified the kdc string but output the original string
Yes, exactly :-) Thanks for noticing. Now I'll prepare the update. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=729174 https://bugzilla.novell.com/show_bug.cgi?id=729174#c11 --- Comment #11 from Bernhard Wiedemann <bwiedemann@suse.com> 2011-11-16 16:00:11 CET --- This is an autogenerated message for OBS integration: This bug (729174) was mentioned in https://build.opensuse.org/request/show/91815 Factory / yast2-ldap-client https://build.opensuse.org/request/show/91817 Factory / yast2-kerberos-client -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=729174 https://bugzilla.novell.com/show_bug.cgi?id=729174#c14 Jiří Suchomel <jsuchome@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #14 from Jiří Suchomel <jsuchome@suse.com> 2011-11-16 16:32:57 UTC --- Submitted to Factory openSUSE:11.4:Update:Test openSUSE:12.1:Update:Test SUSE:SLE-11-SP2:GA -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=729174 https://bugzilla.novell.com/show_bug.cgi?id=729174#c15 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:44203:low |maint:running:44203:low | |maint:released:11.4:44209 --- Comment #15 from Swamp Workflow Management <swamp@suse.de> 2011-11-23 10:32:37 UTC --- Update released for: yast2-kerberos-client, yast2-ldap-client Products: openSUSE 11.4 (i586) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=729174 https://bugzilla.novell.com/show_bug.cgi?id=729174#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:44203:low |maint:released:11.4:44209 |maint:released:11.4:44209 | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com