Author: jsuchome Date: Wed Apr 20 15:49:13 2011 New Revision: 63843 URL: http://svn.opensuse.org/viewcvs/yast?rev=63843&view=rev Log: - if sssd is removed in GUI, remove also the pam module (bnc#680184) - added command line options for SSSD (bnc#680848) - remove 'ldap' from nsswitch.conf when sssd is configured (bnc#681818) - remove ldap and ldap-account_only PAM modules when sssd is set - 2.20.14.1 Modified: branches/SuSE-Linux-11_4-Branch/ldap-client/VERSION branches/SuSE-Linux-11_4-Branch/ldap-client/package/yast2-ldap-client.changes branches/SuSE-Linux-11_4-Branch/ldap-client/src/Ldap.ycp branches/SuSE-Linux-11_4-Branch/ldap-client/src/ldap.ycp Modified: branches/SuSE-Linux-11_4-Branch/ldap-client/VERSION URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Linux-11_4-Branch/ldap-client/VERSION?rev=63843&r1=63842&r2=63843&view=diff ============================================================================== --- branches/SuSE-Linux-11_4-Branch/ldap-client/VERSION (original) +++ branches/SuSE-Linux-11_4-Branch/ldap-client/VERSION Wed Apr 20 15:49:13 2011 @@ -1 +1 @@ -2.20.14 +2.20.14.1 Modified: branches/SuSE-Linux-11_4-Branch/ldap-client/package/yast2-ldap-client.changes URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Linux-11_4-Branch/ldap-client/package/yast2-ldap-client.changes?rev=63843&r1=63842&r2=63843&view=diff ============================================================================== --- branches/SuSE-Linux-11_4-Branch/ldap-client/package/yast2-ldap-client.changes (original) +++ branches/SuSE-Linux-11_4-Branch/ldap-client/package/yast2-ldap-client.changes Wed Apr 20 15:49:13 2011 @@ -1,4 +1,14 @@ ------------------------------------------------------------------- +Mon Apr 18 10:50:28 CEST 2011 - jsuchome@suse.cz + +- if sssd is removed in GUI, remove also the pam module (bnc#680184) +- added command line options for SSSD (bnc#680848) +- remove 'ldap' from nsswitch.conf when sssd is configured + (bnc#681818) +- remove ldap and ldap-account_only PAM modules when sssd is set +- 2.20.14.1 + +------------------------------------------------------------------- Fri Feb 4 08:57:50 CET 2011 - jsuchome@suse.cz - reset connection when TLS status has been changed (bnc#662949) Modified: branches/SuSE-Linux-11_4-Branch/ldap-client/src/Ldap.ycp URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Linux-11_4-Branch/ldap-client/src/Ldap.ycp?rev=63843&r1=63842&r2=63843&view=diff ============================================================================== --- branches/SuSE-Linux-11_4-Branch/ldap-client/src/Ldap.ycp (original) +++ branches/SuSE-Linux-11_4-Branch/ldap-client/src/Ldap.ycp Wed Apr 20 15:49:13 2011 @@ -2641,15 +2641,36 @@ { Pam::Add ("sss"); // Add "sss" to the passwd and group databases in nsswitch.conf - Nsswitch::WriteDb ("passwd", (list<string>) - union (nsswitch["passwd"]:[], ["sss"])); - Nsswitch::WriteDb ("group", (list<string>) - union (nsswitch["group"]:[], ["sss"])); + + foreach (string db, [ "passwd", "group" ], { + // replace 'ldap' with sss + nsswitch [db] = filter ( + string v, nsswitch[db]:[], ``(v != "ldap")); + nsswitch [db] = union (nsswitch[db]:[], ["sss"]); + Nsswitch::WriteDb (db, nsswitch[db]:["sss"]); + + // remove 'ldap' from _compat entries + string new_db = db+"_compat"; + nsswitch [new_db] = filter ( + string v, nsswitch[new_db]:[], ``(v != "ldap")); + Nsswitch::WriteDb (new_db, nsswitch[new_db]:[]); + }); + // remove ldap entries from ldap-only db's + foreach (string db, ["services" ,"netgroup", "aliases" ], { + list<string> db_l = (list<string>) filter ( + string v, Nsswitch::ReadDb (db), ``(v != "ldap")); + if (db_l == []) + db_l = ["files"]; + Nsswitch::WriteDb (db, db_l); + }); + if (Pam::Enabled("krb5")) { y2milestone ("configuring 'sss', so 'krb5' will be removed"); + Pam::Remove ("ldap-account_only"); Pam::Remove ("krb5"); } + Pam::Remove ("ldap"); } else { @@ -2665,6 +2686,11 @@ { Pam::Add ("ldap"); } + // sss was removed, using pam_ldap (bnc#680184) + if (Pam::Enabled ("sss")) + { + Pam::Remove ("sss"); + } // modify sources in /etc/nsswitch.conf Nsswitch::WriteDb ("passwd", ["compat"]); @@ -2693,7 +2719,6 @@ } else if (!oes) // ldap is not used { - //TODO: first check, if nss needs to be updated... foreach (string db, [ "passwd", "group" ], ``{ string new_db = db+"_compat"; nsswitch [db] = filter ( Modified: branches/SuSE-Linux-11_4-Branch/ldap-client/src/ldap.ycp URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Linux-11_4-Branch/ldap-client/src/ldap.ycp?rev=63843&r1=63842&r2=63843&view=diff ============================================================================== --- branches/SuSE-Linux-11_4-Branch/ldap-client/src/ldap.ycp (original) +++ branches/SuSE-Linux-11_4-Branch/ldap-client/src/ldap.ycp Wed Apr 20 15:49:13 2011 @@ -93,6 +93,50 @@ } } + if (options["sssd"]:"" != "") + { + boolean sssd = (options["sssd"]:"" == "yes"); + if (Ldap::sssd != sssd) + { + Ldap::sssd = sssd; + Ldap::modified = true; + } + } + + if (options["cache_credentials"]:"" != "") + { + boolean cache_credentials = (options["cache_credentials"]:"" == "yes"); + if (Ldap::sssd_cache_credentials!= cache_credentials) + { + Ldap::sssd_cache_credentials= cache_credentials; + Ldap::modified = true; + } + } + + if (options["realm"]:"" != "") + { + string realm = options["realm"]:""; + if (Ldap::krb5_realm != realm) + { + Ldap::krb5_realm = realm; + Ldap::modified = true; + } + } + if (options["kdc"]:"" != "") + { + string kdc = options["kdc"]:""; + if (Ldap::krb5_kdcip != kdc) + { + Ldap::krb5_kdcip = kdc; + Ldap::modified = true; + } + } + + if (Ldap::krb5_kdcip != "" && Ldap::krb5_realm != "") + { + Ldap::sssd_with_krb = true; + } + if (haskey (options, "createconfig")) { if (Ldap::bind_pass == nil) @@ -202,14 +246,38 @@ "type" : "enum", "typespec" : [ "yes", "no" ], ], + "sssd" : $[ + // help text for the 'sssd' option + "help" : _("Use System Security Services Daemon (SSSD)"), + "type" : "enum", + "typespec" : [ "yes", "no" ], + ], + "cache_credentials" : $[ + // help text for the 'cache_credentials' option + "help" : _("SSSD Offline Authentication"), + "type" : "enum", + "typespec" : [ "yes", "no" ], + ], + "realm" :$[ + // command line help text for the 'realm' option + "help" : _("Kerberos Realm"), + "type" : "string" + ], + "kdc" :$[ + // command line help text for the 'kdc' option + "help" : _("KDC Server Address"), + "type" : "string" + ], ], "mappings" : $[ "pam" : [ "enable", "disable", "server", "base", - "createconfig", "ldappw", "automounter", "mkhomedir", "tls" + "createconfig", "ldappw", "automounter", "mkhomedir", "tls", + "sssd", "realm", "kdc", "cache_credentials" ], "summary" : [], "configure" : [ "server", "base", "createconfig", "ldappw", - "automounter", "mkhomedir", "tls" + "automounter", "mkhomedir", "tls", + "sssd", "realm", "kdc", "cache_credentials" ], ] ]; -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org