[Bug 815506] New: LDAP user/group search bases not configured when using SSSD
https://bugzilla.novell.com/show_bug.cgi?id=815506 https://bugzilla.novell.com/show_bug.cgi?id=815506#c0 Summary: LDAP user/group search bases not configured when using SSSD Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: All OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: YaST2 AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: adaugherity@tamu.edu QAContact: jsrain@suse.com Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/536.28.10 (KHTML, like Gecko) Version/6.0.3 Safari/536.28.10 In previous YaST versions which supported nss_ldap (up through SLES 11 sp2 and openSUSE 12.1, apparently), it was possible for YaST to configure the user, group, and/or shadow search bases to a different value than the main LDAP search base. These options are no longer presented in YaST, despite SSSD supporting them (see ldap_user_search_base, ldap_group_search_base, etc. in sssd-ldap(5); there is no shadow search base option however). With an autoyast profile that configures these options, they *are* still applied when using nss_ldap (profile contains <sssd config:type="boolean">false</sssd>), but not when using SSSD. Because of this, it looks like this is a regression in the YaST LDAP module rather than autoyast. Reproducible: Always Steps to Reproduce: 1. Install with an autoyast profile configuring nss_base_group (etc.) under ldap. -OR- 1. Launch 'yast2 ldap'; choose "Advanced Configuration..." 2. Note the lack of "Naming Contexts" box containing User Map or Group Map. Actual Results: nss_base_group etc. settings in autoyast profile are ignored. YaST GUI for setting these is missing. Expected Results: Values should be mapped to sssd.conf settings: nss_base_passwd : ldap_user_search_base nss_base_group : ldap_group_search_base Applying the settings looks like a simple fix -- add a couple lines to WriteSSSDConfig() in modules/Ldap.ycp. Presenting the GUI may take a little more code, perhaps restoring some parts which were removed in 293b7ed. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=815506 https://bugzilla.novell.com/show_bug.cgi?id=815506#c1 --- Comment #1 from Andrew Daugherity <adaugherity@tamu.edu> 2013-04-16 19:00:25 UTC --- Created an attachment (id=535411) --> (http://bugzilla.novell.com/attachment.cgi?id=535411) autoyast ldap profile If the <sssd>false</sssd> tag is uncommented, LDAP is configured with nss_ldap/pam_ldap and the nss_base_group setting is applied properly. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=815506 https://bugzilla.novell.com/show_bug.cgi?id=815506#c Xiaolong Li <xlli@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |xlli@suse.com AssignedTo|bnc-team-screening@forge.pr |yast2-maintainers@suse.de |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=815506 https://bugzilla.novell.com/show_bug.cgi?id=815506#c Michal Filka <mfilka@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mfilka@suse.com AssignedTo|yast2-maintainers@suse.de |jsuchome@suse.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=815506 https://bugzilla.novell.com/show_bug.cgi?id=815506#c2 Jiří Suchomel <jsuchome@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |rhafer@suse.com --- Comment #2 from Jiří Suchomel <jsuchome@suse.com> 2013-04-22 11:20:34 UTC --- Ralf, what do you think? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=815506 https://bugzilla.novell.com/show_bug.cgi?id=815506#c4 Ralf Haferkamp <rhafer@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|rhafer@suse.com | --- Comment #4 from Ralf Haferkamp <rhafer@suse.com> 2013-06-11 03:23:31 CEST --- Though I don't think this is a regression (sssd is a completely different beast than nss_ldap), it is probably still a good idea to add those options back to the UI. The option names that Andrew pointed out in comment#0 are right and the syntax we used for the nss_base_* option should work fine with them. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=815506 https://bugzilla.novell.com/show_bug.cgi?id=815506#c5 Jiří Suchomel <jsuchome@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |adaugherity@tamu.edu --- Comment #5 from Jiří Suchomel <jsuchome@suse.com> 2013-06-14 01:39:45 UTC --- Andrew, please test with this package: https://build.opensuse.org/package/show?package=yast2-ldap-client&project=home%3Ajsuchome -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=815506 https://bugzilla.novell.com/show_bug.cgi?id=815506#c6 --- Comment #6 from Jiří Suchomel <jsuchome@suse.com> 2013-06-18 05:45:32 UTC --- any news? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=815506 https://bugzilla.novell.com/show_bug.cgi?id=815506#c7 Andrew Daugherity <adaugherity@tamu.edu> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|adaugherity@tamu.edu | --- Comment #7 from Andrew Daugherity <adaugherity@tamu.edu> 2013-06-18 17:49:34 UTC --- It works, mostly. Autoyast works too. Thanks! There are some cases where it doesn't save what's displayed in YaST for the user/group search base to sssd.conf. Also, when you open the "Naming Context" tab of "Advanced Configuration", the values shown there default to the main search base, NOT the current settings in sssd.conf. Not sure if that is intentional or a bug. I think the failure to write out changes is an interaction between both of these things, and I can trigger it by: 1) Having a user or group search base already configured (to something different than the main LDAP search base. 2) Open the Advanced/Naming Contexts page in YaST; the value for these bases is now the main LDAP search base. 3) Hit OK (twice) to save & exit YaST. /etc/sssd/sssd.conf remains unchanged, rather than updating or removing the user/group search base. If I change one of the user/group search base to something else, both values get written to sssd.conf (or removed from it, if they match the main search base). Apparently in the above procedure it doesn't think anything has changed. I guess fixing it to display the values from sssd.conf (if set) would also fix this. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=815506 https://bugzilla.novell.com/show_bug.cgi?id=815506#c8 Jiří Suchomel <jsuchome@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED --- Comment #8 from Jiří Suchomel <jsuchome@suse.com> 2013-06-19 00:28:10 UTC --- Thanks, I totally forgot about reading those values from sssd.conf. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=815506 https://bugzilla.novell.com/show_bug.cgi?id=815506#c9 Jiří Suchomel <jsuchome@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |adaugherity@tamu.edu --- Comment #9 from Jiří Suchomel <jsuchome@suse.com> 2013-06-19 03:09:00 UTC --- Please try with the latest build from https://build.opensuse.org/package/show?package=yast2-ldap-client&project=home%3Ajsuchome -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=815506 https://bugzilla.novell.com/show_bug.cgi?id=815506#c10 Andrew Daugherity <adaugherity@tamu.edu> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED InfoProvider|adaugherity@tamu.edu | --- Comment #10 from Andrew Daugherity <adaugherity@tamu.edu> 2013-06-20 16:51:01 UTC --- Looks good, thanks! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=815506 https://bugzilla.novell.com/show_bug.cgi?id=815506#c11 Jiří Suchomel <jsuchome@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #11 from Jiří Suchomel <jsuchome@suse.com> 2013-06-21 01:49:15 UTC --- fixed for Factory -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com