Hello community,
here is the log from the commit of package yast2-ldap-client for openSUSE:Factory
checked in at Fri Jan 14 01:54:09 CET 2011.
--------
--- yast2-ldap-client/yast2-ldap-client.changes 2011-01-07 12:59:29.000000000 +0100
+++ yast2-ldap-client/yast2-ldap-client.changes 2011-01-13 11:40:59.000000000 +0100
@@ -1,0 +2,13 @@
+Thu Jan 13 11:37:48 CET 2011 - jsuchome@suse.cz
+
+- pass certificate data to .ldap agent (bnc#662949)
+- 2.20.6
+
+-------------------------------------------------------------------
+Wed Jan 12 12:58:31 CET 2011 - jsuchome@suse.cz
+
+- write uri instead of just host name to ldap.conf and sssd.conf
+ (bnc#663012)
+- 2.20.5
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
yast2-ldap-client-2.20.4.tar.bz2
New:
----
yast2-ldap-client-2.20.6.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-ldap-client.spec ++++++
--- /var/tmp/diff_new_pack.d9BKqC/_old 2011-01-14 01:51:38.000000000 +0100
+++ /var/tmp/diff_new_pack.d9BKqC/_new 2011-01-14 01:51:38.000000000 +0100
@@ -1,5 +1,5 @@
#
-# spec file for package yast2-ldap-client (Version 2.20.4)
+# spec file for package yast2-ldap-client (Version 2.20.6)
#
# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -19,11 +19,11 @@
Name: yast2-ldap-client
-Version: 2.20.4
+Version: 2.20.6
Release: 1
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-Source0: yast2-ldap-client-2.20.4.tar.bz2
+Source0: yast2-ldap-client-2.20.6.tar.bz2
Prefix: /usr
@@ -57,7 +57,7 @@
OpenLDAP server will be used for user authentication.
%prep
-%setup -n yast2-ldap-client-2.20.4
+%setup -n yast2-ldap-client-2.20.6
%build
%{prefix}/bin/y2tool y2autoconf
++++++ yast2-ldap-client-2.20.4.tar.bz2 -> yast2-ldap-client-2.20.6.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-ldap-client-2.20.4/VERSION new/yast2-ldap-client-2.20.6/VERSION
--- old/yast2-ldap-client-2.20.4/VERSION 2011-01-07 12:58:11.000000000 +0100
+++ new/yast2-ldap-client-2.20.6/VERSION 2011-01-13 11:38:24.000000000 +0100
@@ -1 +1 @@
-2.20.4
+2.20.6
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-ldap-client-2.20.4/src/Ldap.ycp new/yast2-ldap-client-2.20.6/src/Ldap.ycp
--- old/yast2-ldap-client-2.20.4/src/Ldap.ycp 2011-01-07 12:57:30.000000000 +0100
+++ new/yast2-ldap-client-2.20.6/src/Ldap.ycp 2011-01-13 11:36:42.000000000 +0100
@@ -5,7 +5,7 @@
* Authors: Thorsten Kukuk
* Anas Nashif
*
- * $Id: Ldap.ycp 63115 2011-01-06 14:17:50Z jsuchome $
+ * $Id: Ldap.ycp 63166 2011-01-12 12:19:05Z jsuchome $
*/
{
@@ -32,6 +32,7 @@
import "Stage";
import "String";
import "Summary";
+ import "URL";
/**
* show popups with error messages?
@@ -643,6 +644,35 @@
return oes;
}
+ // convert list of uri's to list of hosts
+ string uri2servers (string uri) {
+ return mergestring (maplist (string u, splitstring (uri, " \t"), {
+ map url = URL::Parse (u);
+ string h = url["host"]:"";
+ if (url["port"]:"" != "")
+ h = sformat ("%1:%2", h, url["port"]:"");
+ return h;
+ }), " ");
+ }
+
+ /**
+ * Read values of LDAP hosts from ldap.conf
+ * get them from 'uri' or 'host' values
+ */
+ global string ReadLdapHosts () {
+ string ret = "";
+ string uri = ReadLdapConfEntry ("uri", "");
+ if (uri == "")
+ {
+ ret = ReadLdapConfEntry ("host", "");
+ }
+ else
+ {
+ ret = uri2servers (uri);
+ }
+ return ret;
+ }
+
/**
* Reads LDAP settings from the SCR
* @return success
@@ -689,7 +719,8 @@
size (nsswitch["passwd_compat"]:[]) == 0));
nis_available = nis_available && (Service::Status ("ypbind") == 0);
- server = ReadLdapConfEntry ("host", "");
+ server = ReadLdapHosts ();
+
base_dn = ReadLdapConfEntry ("base", "");
old_base_dn = base_dn;
@@ -975,7 +1006,7 @@
if (bind_pass == nil && servers == "")
{
y2milestone ("--- server not read yet or empty, reading now");
- servers = ReadLdapConfEntry ("host", "");
+ servers = ReadLdapHosts ();
}
list l_servers = splitstring (servers, " \t");
@@ -989,7 +1020,7 @@
if (bind_pass == nil && servers == "")
{
y2milestone ("--- server not read yet or empty, reading now");
- servers = ReadLdapConfEntry ("host", "");
+ servers = ReadLdapHosts ();
}
list l_servers = splitstring (servers, " \t");
@@ -1013,7 +1044,9 @@
"hostname": GetFirstServer (server),
"port": GetFirstPort (server),
"version": ldap_v2 ? 2 : 3,
- "use_tls": ldap_tls ? "yes" : "no"
+ "use_tls": ldap_tls ? "yes" : "no",
+ "cacertdir" : Ldap::tls_cacertdir,
+ "cacertfile": Ldap::tls_cacertfile
];
boolean init = (boolean) SCR::Execute (.ldap, args);
if (init == nil)
@@ -1095,7 +1128,9 @@
"hostname" : GetFirstServer (server),
"port" : GetFirstPort (server),
"version" : ldap_v2 ? 2 : 3,
- "use_tls" : ldap_tls ? "yes" : "no"
+ "use_tls" : ldap_tls ? "yes" : "no",
+ "cacertdir" : Ldap::tls_cacertdir,
+ "cacertfile" : Ldap::tls_cacertfile
];
boolean init = (boolean) SCR::Execute (.ldap, args);
// error message
@@ -1112,7 +1147,7 @@
if (args["use_tls"]:"" == "yes" &&
errmap["tls_error"]:false && ConnectWithoutTLS (errmap))
{
- args["use_tls"] = false;
+ args["use_tls"] = "no";
init = (boolean) SCR::Execute (.ldap, args);
if (init == nil)
ret = unknown;
@@ -1908,8 +1943,23 @@
map out = (map)SCR::Execute(.target.bash_output,
"/bin/rpm -V openldap2-client");
- list open_host = (list) SCR::Read
- (.etc.ldap_conf.v."/etc/openldap/ldap.conf".host);
+ list open_host = [];
+ list open_uri = (list) SCR::Read
+ (.etc.ldap_conf.v."/etc/openldap/ldap.conf".uri);
+ if (open_uri == [])
+ {
+ open_uri = (list) SCR::Read
+ (.etc.ldap_conf.v."/etc/openldap/ldap.conf".URI);
+ }
+ if (open_uri == [])
+ {
+ open_host = (list) SCR::Read
+ (.etc.ldap_conf.v."/etc/openldap/ldap.conf".host);
+ }
+ else
+ {
+ open_host = [ uri2servers (open_uri[0]:"")];
+ }
list open_base = (list) SCR::Read
(.etc.ldap_conf.v."/etc/openldap/ldap.conf".base);
@@ -1925,8 +1975,16 @@
if (write_openldap_conf)
{
// update ldap.conf
- SCR::Write (.etc.ldap_conf.v."/etc/openldap/ldap.conf".host,
- [server]);
+ SCR::Write (.etc.ldap_conf.v."/etc/openldap/ldap.conf".host, nil);
+
+ string uri = mergestring (
+ maplist (string u, splitstring (server, " \t"), {
+ return "ldap://" + u;
+ }), " ");
+
+ SCR::Write (.etc.ldap_conf.v."/etc/openldap/ldap.conf".uri,
+ [uri]);
+
SCR::Write(.etc.ldap_conf.v."/etc/openldap/ldap.conf".base,
[base_dn]);
@@ -1970,7 +2028,7 @@
path domain = add (.etc.sssd_conf.v, "domain/default");
- string uri = sformat ("ldap%1://%2", ldap_tls ? "s" : "", String::FirstChunk (server, " \t"));
+ string uri = sformat ("ldap://%1", String::FirstChunk (server, " \t"));
SCR::Write (add (domain, "ldap_uri"), uri);
SCR::Write (add (domain, "ldap_search_base"), base_dn);
SCR::Write (add (domain, "ldap_schema"), "rfc2307bis");
@@ -2433,7 +2491,12 @@
if (modified)
{
// update ldap.conf
- WriteLdapConfEntry ("host", server);
+ WriteLdapConfEntry ("host", nil);
+ string uri = mergestring (
+ maplist (string u, splitstring (server, " \t"), {
+ return "ldap://" + u;
+ }), " ");
+ WriteLdapConfEntry ("uri", uri);
WriteLdapConfEntry ("base", base_dn);
if (member_attribute != old_member_attribute)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-ldap-client-2.20.4/src/LdapPopup.ycp new/yast2-ldap-client-2.20.6/src/LdapPopup.ycp
--- old/yast2-ldap-client-2.20.4/src/LdapPopup.ycp 2010-08-18 12:35:33.000000000 +0200
+++ new/yast2-ldap-client-2.20.6/src/LdapPopup.ycp 2011-01-13 11:36:57.000000000 +0100
@@ -189,7 +189,9 @@
"hostname" : Ldap::GetFirstServer (Ldap::server),
"port" : Ldap::GetFirstPort (Ldap::server),
"version" : Ldap::ldap_v2 ? 2 : 3,
- "use_tls" : Ldap::ldap_tls ? "yes" : "no"
+ "use_tls" : Ldap::ldap_tls ? "yes" : "no",
+ "cacertdir" : Ldap::tls_cacertdir,
+ "cacertfile": Ldap::tls_cacertfile
];
string error = Ldap::LDAPInitWithTLSCheck (args);
if (error != "")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-ldap-client-2.20.4/src/ui.ycp new/yast2-ldap-client-2.20.6/src/ui.ycp
--- old/yast2-ldap-client-2.20.4/src/ui.ycp 2011-01-07 12:53:16.000000000 +0100
+++ new/yast2-ldap-client-2.20.6/src/ui.ycp 2011-01-13 11:34:05.000000000 +0100
@@ -5,7 +5,7 @@
* Authors: Thorsten Kukuk
* Anas Nashif
*
- * $Id: ui.ycp 62970 2010-12-07 15:45:14Z jsuchome $
+ * $Id: ui.ycp 63173 2011-01-12 15:57:26Z jsuchome $
*
* All user interface functions.
*/
@@ -332,6 +332,8 @@
UI::ChangeWidget (`id(`server),`ValidChars, Address::ValidChars + " ");
UI::ChangeWidget (`id(`import_cert),`Enabled, ldap_tls);
UI::ChangeWidget (`id(`sssd_cache_credentials),`Enabled, Ldap::sssd);
+ // do not alow to turn off TLS when SSSD is used
+ UI::ChangeWidget (`id (`ldaps), `Enabled, !Ldap::sssd);
symbol result = `not_next;
do {
@@ -372,7 +374,9 @@
"hostname" : Ldap::GetFirstServer (server),
"port" : Ldap::GetFirstPort (server),
"version" : Ldap::ldap_v2 ? 2 : 3,
- "use_tls" : ldap_tls ? "yes" : "no"
+ "use_tls" : ldap_tls ? "yes" : "no",
+ "cacertdir" : Ldap::tls_cacertdir,
+ "cacertfile" : Ldap::tls_cacertfile
]);
if (dn != "")
UI::ChangeWidget (`id(`ldapbasedn), `Value, dn);
@@ -759,7 +763,9 @@
"hostname" : Ldap::GetFirstServer (Ldap::server),
"port" : Ldap::GetFirstPort (Ldap::server),
"version" : Ldap::ldap_v2 ? 2 : 3,
- "use_tls" : Ldap::ldap_tls ? "yes" : "no"
+ "use_tls" : Ldap::ldap_tls ? "yes" : "no",
+ "cacertdir" : Ldap::tls_cacertdir,
+ "cacertfile": Ldap::tls_cacertfile
])
)
{
@@ -1055,7 +1061,9 @@
"hostname" : Ldap::GetFirstServer (Ldap::server),
"port" : Ldap::GetFirstPort (Ldap::server),
"version" : Ldap::ldap_v2 ? 2 : 3,
- "use_tls" : Ldap::ldap_tls ? "yes" : "no"
+ "use_tls" : Ldap::ldap_tls ? "yes" : "no",
+ "cacertdir" : Ldap::tls_cacertdir,
+ "cacertfile": Ldap::tls_cacertfile
]);
if (dn != "")
{
@@ -1130,7 +1138,9 @@
"hostname" : Ldap::GetFirstServer (Ldap::server),
"port" : Ldap::GetFirstPort (Ldap::server),
"version" : Ldap::ldap_v2 ? 2 : 3,
- "use_tls" : Ldap::ldap_tls ? "yes" : "no"
+ "use_tls" : Ldap::ldap_tls ? "yes" : "no",
+ "cacertdir" : Ldap::tls_cacertdir,
+ "cacertfile" : Ldap::tls_cacertfile
]);
if (suf != "")
UI::ReplaceWidget (`id (`rp_suf), `HBox (
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-ldap-client-2.20.4/testsuite/tests/Export.out new/yast2-ldap-client-2.20.6/testsuite/tests/Export.out
--- old/yast2-ldap-client-2.20.4/testsuite/tests/Export.out 2010-12-07 15:59:18.000000000 +0100
+++ new/yast2-ldap-client-2.20.6/testsuite/tests/Export.out 2011-01-12 13:01:52.000000000 +0100
@@ -1,4 +1,5 @@
Dump ==== reading... ============================
+Read .etc.ldap_conf.v."/etc/ldap.conf"."uri" nil
Read .etc.ldap_conf.v."/etc/ldap.conf"."host" "localhost"
Read .etc.ldap_conf.v."/etc/ldap.conf"."base" "dc=suse,dc=cz"
Read .etc.ldap_conf.v."/etc/ldap.conf"."ldap_version" nil
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-ldap-client-2.20.4/testsuite/tests/Export.ycp new/yast2-ldap-client-2.20.6/testsuite/tests/Export.ycp
--- old/yast2-ldap-client-2.20.4/testsuite/tests/Export.ycp 2010-08-18 12:34:32.000000000 +0200
+++ new/yast2-ldap-client-2.20.6/testsuite/tests/Export.ycp 2011-01-12 13:19:06.000000000 +0100
@@ -2,7 +2,7 @@
* Read.ycp
* Test of Ldap:Read function
* Author: Jiri Suchomel
- * $Id: Export.ycp 62146 2010-06-23 11:22:59Z jsuchome $
+ * $Id: Export.ycp 63166 2011-01-12 12:19:05Z jsuchome $
*/
{
@@ -31,7 +31,8 @@
"pam_password": "crypt",
"tls_cacertdir" : "/etc/openldap/cacerts/",
"tls_cacertfile": nil,
- "tls_checkpeer" : nil
+ "tls_checkpeer" : nil,
+ "uri" : nil
]
]
],
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-ldap-client-2.20.4/testsuite/tests/LDAPInit.out new/yast2-ldap-client-2.20.6/testsuite/tests/LDAPInit.out
--- old/yast2-ldap-client-2.20.4/testsuite/tests/LDAPInit.out 2010-08-18 12:34:32.000000000 +0200
+++ new/yast2-ldap-client-2.20.6/testsuite/tests/LDAPInit.out 2011-01-13 11:40:08.000000000 +0100
@@ -1,16 +1,16 @@
Dump ==== init (one server, no port set) ==============
Dump ==== value of server: "localhost"
-Execute .ldap $["hostname":"localhost", "port":389, "use_tls":"no", "version":3] true
+Execute .ldap $["cacertdir":"", "cacertfile":"", "hostname":"localhost", "port":389, "use_tls":"no", "version":3] true
Return
Dump ==== init (one server, nonsence port set) ========
Dump ==== value of server: "localhost:sdgfd#$"
-Execute .ldap $["hostname":"localhost", "port":389, "use_tls":"no", "version":3] true
+Execute .ldap $["cacertdir":"", "cacertfile":"", "hostname":"localhost", "port":389, "use_tls":"no", "version":3] true
Return
Dump ==== init (more servers set, TLS used) ===========
Dump ==== value of server: "chimera.suse.cz:333 localhost"
-Execute .ldap $["hostname":"chimera.suse.cz", "port":333, "use_tls":"yes", "version":2] true
+Execute .ldap $["cacertdir":"/etc/ssl/certs", "cacertfile":"", "hostname":"chimera.suse.cz", "port":333, "use_tls":"yes", "version":2] true
Return
Dump ==== init failed =================================
-Execute .ldap $["hostname":"chimera.suse.cz", "port":333, "use_tls":"yes", "version":2] false
+Execute .ldap $["cacertdir":"/etc/ssl/certs", "cacertfile":"", "hostname":"chimera.suse.cz", "port":333, "use_tls":"yes", "version":2] false
Read .ldap.error $["code":11, "msg":"Initialization failed"]
Return Initialization failed
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-ldap-client-2.20.4/testsuite/tests/LDAPInit.ycp new/yast2-ldap-client-2.20.6/testsuite/tests/LDAPInit.ycp
--- old/yast2-ldap-client-2.20.4/testsuite/tests/LDAPInit.ycp 2010-08-18 12:34:32.000000000 +0200
+++ new/yast2-ldap-client-2.20.6/testsuite/tests/LDAPInit.ycp 2011-01-13 11:39:40.000000000 +0100
@@ -49,6 +49,7 @@
Ldap::server = "chimera.suse.cz:333 localhost";
Ldap::ldap_v2 = true;
Ldap::ldap_tls = true;
+ Ldap::tls_cacertdir = "/etc/ssl/certs";
DUMP (sformat ("==== value of server: \"%1\"", Ldap::server));
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-ldap-client-2.20.4/testsuite/tests/Read.out new/yast2-ldap-client-2.20.6/testsuite/tests/Read.out
--- old/yast2-ldap-client-2.20.4/testsuite/tests/Read.out 2010-08-18 12:34:32.000000000 +0200
+++ new/yast2-ldap-client-2.20.6/testsuite/tests/Read.out 2011-01-12 13:03:14.000000000 +0100
@@ -1,5 +1,5 @@
Dump ==== reading... ============================
-Read .etc.ldap_conf.v."/etc/ldap.conf"."host" "localhost"
+Read .etc.ldap_conf.v."/etc/ldap.conf"."uri" "ldap://localhost:333"
Read .etc.ldap_conf.v."/etc/ldap.conf"."base" "dc=suse,dc=cz"
Read .etc.ldap_conf.v."/etc/ldap.conf"."ldap_version" nil
Read .etc.ldap_conf.v."/etc/ldap.conf"."ssl" nil
@@ -22,3 +22,4 @@
Dump nsswitch: -$["group":["compat"], "group_compat":["ldap"], "passwd":["compat"], "passwd_compat":["ldap"]]-
Dump base config DN: --
Dump bind DN: -uid=manager,dc=suse,dc=cz-
+Dump server: -localhost:333-
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-ldap-client-2.20.4/testsuite/tests/Read.ycp new/yast2-ldap-client-2.20.6/testsuite/tests/Read.ycp
--- old/yast2-ldap-client-2.20.4/testsuite/tests/Read.ycp 2010-08-18 12:34:32.000000000 +0200
+++ new/yast2-ldap-client-2.20.6/testsuite/tests/Read.ycp 2011-01-12 13:19:06.000000000 +0100
@@ -2,7 +2,7 @@
* Read.ycp
* Test of Ldap:Read function
* Author: Jiri Suchomel
- * $Id: Read.ycp 61773 2010-04-20 09:54:37Z jsuchome $
+ * $Id: Read.ycp 63166 2011-01-12 12:19:05Z jsuchome $
*/
{
@@ -31,7 +31,8 @@
"pam_password": "crypt",
"tls_cacertdir" : "/etc/openldap/cacerts/",
"tls_cacertfile": nil,
- "tls_checkpeer" : "no"
+ "tls_checkpeer" : "no",
+ "uri" : "ldap://localhost:333"
]
]
],
@@ -102,4 +103,6 @@
DUMP ( sformat ("base config DN: -%1-", Ldap::base_config_dn) );
DUMP ( sformat ("bind DN: -%1-", Ldap::bind_dn) );
+
+ DUMP ( sformat ("server: -%1-", Ldap::server) );
}
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org