[Bug 607519] New: <tls_checkpeer> in <ldap> section doesn't modify the option in ldap.conf
http://bugzilla.novell.com/show_bug.cgi?id=607519 http://bugzilla.novell.com/show_bug.cgi?id=607519#c0 Summary: <tls_checkpeer> in <ldap> section doesn't modify the option in ldap.conf Classification: openSUSE Product: openSUSE 11.3 Version: Milestone 6 Platform: x86-64 OS/Version: openSUSE 11.3 Status: NEW Severity: Normal Priority: P5 - None Component: AutoYaST AssignedTo: ug@novell.com ReportedBy: grok@warwick.ac.uk QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.1.9) Gecko/20100317 SUSE/3.5.9-0.1 Firefox/3.5.9 Adding <tls_checkpeer>no</tls_checkpeer> in the <ldap> section doesn't produce expected results Reproducible: Always Steps to Reproduce: 1. xml profile with (any) ldap settings, no certificate 2. <tls_checkpeer>no</tls_checkpeer> added inside <ldap\> 3. install Actual Results: /etc/ldap.conf contains the following line: # tls_checkpeer yes Expected Results: /etc/ldap.conf should contain: tls_checkpeer no Also tried with <tls_checkpeer config:type="boolean">false</tls_checkpeer>, no luck. This option is undocumented but managed to dig it out on the mailing list. Unsure if I'm using it probably, may be a PICNIC. If that's the case, sorry. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=607519 http://bugzilla.novell.com/show_bug.cgi?id=607519#c Uwe Gansert <ug@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |rhafer@novell.com, | |ug@novell.com AssignedTo|ug@novell.com |jsuchome@novell.com -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=607519 http://bugzilla.novell.com/show_bug.cgi?id=607519#c1 Jiří Suchomel <jsuchome@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |grok@warwick.ac.uk --- Comment #1 from Jiří Suchomel <jsuchome@novell.com> 2010-05-20 14:49:42 UTC --- Could you please attach your profile? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=607519 http://bugzilla.novell.com/show_bug.cgi?id=607519#c2 Jaroslaw Zachwieja <grok@warwick.ac.uk> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|grok@warwick.ac.uk | --- Comment #2 from Jaroslaw Zachwieja <grok@warwick.ac.uk> 2010-05-20 15:17:31 UTC --- <ldap> <base_config_dn>ou=ldapconfig,o=Example</base_config_dn> <bind_dn></bind_dn> <create_ldap config:type="boolean">false</create_ldap> <file_server config:type="boolean">false</file_server> <tls_checkpeer>no</tls_checkpeer> <ldap_domain>dc=csc,o=Example</ldap_domain> <ldap_server>ldap.example.com</ldap_server> <ldap_tls config:type="boolean">true</ldap_tls> <ldap_v2 config:type="boolean">false</ldap_v2> <login_enabled config:type="boolean">true</login_enabled> <member_attribute>member</member_attribute> <nss_base_group>ou=Groups,o=Example</nss_base_group> <nss_base_passwd>ou=People,o=Example</nss_base_passwd> <nss_base_shadow>ou=People,o=Example</nss_base_shadow> <pam_password>exop</pam_password> <start_autofs config:type="boolean">false</start_autofs> <start_ldap config:type="boolean">true</start_ldap> </ldap> Hope that's enough and you don't need the entire autoinst. If I edit /etc/ldap.conf and add 'tls_checkpeer no', the authentication works as expected. So it's just the autoyast switch that I believe doesn't work. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=607519 http://bugzilla.novell.com/show_bug.cgi?id=607519#c3 Jiří Suchomel <jsuchome@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |grok@warwick.ac.uk --- Comment #3 from Jiří Suchomel <jsuchome@novell.com> 2010-05-21 10:44:41 UTC --- I have used your profile snippet and after writing, I have tls_checkpeer set correctly to "no". Are you able to reproduce it when you just run (on installed system) yast2 ayast_setup setup filename=<path_to_your_profile> If so, please attach yast2 logs from that attempt. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=607519 http://bugzilla.novell.com/show_bug.cgi?id=607519#c4 --- Comment #4 from Jaroslaw Zachwieja <grok@warwick.ac.uk> 2010-05-21 11:44:53 UTC --- when I run this command, I get: sbin/yast2: line 399: 9113 Segmentation fault $ybindir/y2base $module "$@" "$SELECTED_GUI" $Y2_GEOMETRY $Y2UI_ARGS I'll run full reinstall and get back to you. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=607519 http://bugzilla.novell.com/show_bug.cgi?id=607519#c5 --- Comment #5 from Jaroslaw Zachwieja <grok@warwick.ac.uk> 2010-05-21 12:33:04 UTC --- Created an attachment (id=363793) --> (http://bugzilla.novell.com/attachment.cgi?id=363793) Segfault screenshot With that <ldap> section, I'm getting the install aborted with a segfault. I'll try without <tls_checkpeer> to see if it's related. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=607519 http://bugzilla.novell.com/show_bug.cgi?id=607519#c6 --- Comment #6 from Jiří Suchomel <jsuchome@novell.com> 2010-05-21 12:41:09 UTC --- Strange... the segfault is now bug 607844, but I do not think it should be related -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=607519 http://bugzilla.novell.com/show_bug.cgi?id=607519#c7 --- Comment #7 from Jaroslaw Zachwieja <grok@warwick.ac.uk> 2010-05-21 14:07:21 UTC --- I can't get the installation to finish at the moment. I'll get back to you when it works again. I'll leave it as NEEDINFO in the meantime. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=607519 http://bugzilla.novell.com/show_bug.cgi?id=607519#c8 Jaroslaw Zachwieja <grok@warwick.ac.uk> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |RESOLVED InfoProvider|grok@warwick.ac.uk | Resolution| |WORKSFORME --- Comment #8 from Jaroslaw Zachwieja <grok@warwick.ac.uk> 2010-05-21 15:47:08 UTC --- Once bug 607844 got resolved, I can now verify it's working. Perhaps it would be a good idea to update http://www.suse.com/~ug/autoyast_doc/index.html :) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=607519 http://bugzilla.novell.com/show_bug.cgi?id=607519#c Jaroslaw Zachwieja <grok@warwick.ac.uk> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com