Script 'mail_helper' called by ro
Hello packager,
This is just FYI. Your package was checked in in distribution "sle12"
by autobuild-member: ro.
Here comes the log...
---------------------------%<------------------------------
Hi,
here is the log from ci_new_pac /mounts/work_src_done/SLE12/yast2-auth-server -> sle12
Changes:
--------
--- /work/SRC/SUSE:SLE-12:GA/yast2-auth-server/yast2-auth-server.changes 2014-02-06 12:11:21.000000000 +0100
+++ /mounts/work_src_done/SLE12/yast2-auth-server/yast2-auth-server.changes 2014-02-12 17:34:25.000000000 +0100
@@ -1,0 +2,5 @@
+Wed Feb 12 10:13:07 UTC 2014 - ckornacker@suse.com
+
+- rename ldap-server.rnc autoyast profile to auth-server.rnc
+- replace deprecated Service calls
+
calling whatdependson for sle12-i586
Packages directly triggered for rebuild:
- yast2-auth-server
- yast2-mail
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/SUSE:SLE-12:GA/yast2-auth-server (Old)
and /mounts/work_src_done/SLE12/yast2-auth-server (BS:build ID:32544 MAIL:yast-commit@opensuse.org) (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-auth-server", Maintainer is "yast-commit@opensuse.org"
Old:
----
yast2-auth-server-3.1.2.tar.bz2
New:
----
yast2-auth-server-3.1.3.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-auth-server.spec ++++++
--- /var/tmp/diff_new_pack.qBwenb/_old 2014-02-12 17:59:08.000000000 +0100
+++ /var/tmp/diff_new_pack.qBwenb/_new 2014-02-12 17:59:08.000000000 +0100
@@ -17,7 +17,7 @@
Name: yast2-auth-server
-Version: 3.1.2
+Version: 3.1.3
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -32,6 +32,7 @@
# users/ldap_dialogs.ycp
Requires: yast2-users >= 2.22.3
+Requires: yast2-ldap >= 3.1.0
# Wizard::SetDesktopTitleAndIcon
Requires: yast2 >= 2.21.22
@@ -81,9 +82,10 @@
%{yast_desktopdir}/auth-server.desktop
%{yast_desktopdir}/openldap-mirrormode.desktop
%{yast_plugindir}/libpy2ag_slapdconfig.*
-%{yast_schemadir}/autoyast/rnc/ldap-server.rnc
+%{yast_schemadir}/autoyast/rnc/auth-server.rnc
%{yast_scrconfdir}/*
%{yast_agentdir}/*
%{yast_ybindir}/ldap-server-ssl-check
%doc %{yast_docdir}
%doc COPYING.MIT
+%doc COPYING
++++++ yast2-auth-server-3.1.2.tar.bz2 -> yast2-auth-server-3.1.3.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-server-3.1.2/MAINTAINER new/yast2-auth-server-3.1.3/MAINTAINER
--- old/yast2-auth-server-3.1.2/MAINTAINER 2014-02-05 14:37:16.000000000 +0100
+++ new/yast2-auth-server-3.1.3/MAINTAINER 2014-02-12 17:30:20.000000000 +0100
@@ -1 +1 @@
-Peter Varkoly
+Christian Kornacker
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-server-3.1.2/package/yast2-auth-server.changes new/yast2-auth-server-3.1.3/package/yast2-auth-server.changes
--- old/yast2-auth-server-3.1.2/package/yast2-auth-server.changes 2014-02-05 14:37:16.000000000 +0100
+++ new/yast2-auth-server-3.1.3/package/yast2-auth-server.changes 2014-02-12 17:30:20.000000000 +0100
@@ -1,4 +1,9 @@
-------------------------------------------------------------------
+Wed Feb 12 10:13:07 UTC 2014 - ckornacker@suse.com
+
+- rename ldap-server.rnc autoyast profile to auth-server.rnc
+- replace deprecated Service calls
+
Fri Jan 31 23:44:25 UTC 2014 - varkoly@suse.com
- Fix the requirement yast2-ldap-client -> yast2-ldap
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-server-3.1.2/package/yast2-auth-server.spec new/yast2-auth-server-3.1.3/package/yast2-auth-server.spec
--- old/yast2-auth-server-3.1.2/package/yast2-auth-server.spec 2014-02-05 14:37:16.000000000 +0100
+++ new/yast2-auth-server-3.1.3/package/yast2-auth-server.spec 2014-02-12 17:30:20.000000000 +0100
@@ -17,7 +17,7 @@
Name: yast2-auth-server
-Version: 3.1.2
+Version: 3.1.3
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -32,6 +32,7 @@
# users/ldap_dialogs.ycp
Requires: yast2-users >= 2.22.3
+Requires: yast2-ldap >= 3.1.0
# Wizard::SetDesktopTitleAndIcon
Requires: yast2 >= 2.21.22
@@ -81,9 +82,10 @@
%{yast_desktopdir}/auth-server.desktop
%{yast_desktopdir}/openldap-mirrormode.desktop
%{yast_plugindir}/libpy2ag_slapdconfig.*
-%{yast_schemadir}/autoyast/rnc/ldap-server.rnc
+%{yast_schemadir}/autoyast/rnc/auth-server.rnc
%{yast_scrconfdir}/*
%{yast_agentdir}/*
%{yast_ybindir}/ldap-server-ssl-check
%doc %{yast_docdir}
%doc COPYING.MIT
+%doc COPYING
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-server-3.1.2/src/Makefile.am new/yast2-auth-server-3.1.3/src/Makefile.am
--- old/yast2-auth-server-3.1.2/src/Makefile.am 2014-02-05 14:37:16.000000000 +0100
+++ new/yast2-auth-server-3.1.3/src/Makefile.am 2014-02-12 17:30:20.000000000 +0100
@@ -34,7 +34,7 @@
schemafilesdir = $(schemadir)/autoyast/rnc
schemafiles_DATA = \
- autoyast-rnc/ldap-server.rnc
+ autoyast-rnc/auth-server.rnc
agent_SCRIPTS = \
servers_non_y2/ag_kadmin \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-server-3.1.2/src/autoyast-rnc/auth-server.rnc new/yast2-auth-server-3.1.3/src/autoyast-rnc/auth-server.rnc
--- old/yast2-auth-server-3.1.2/src/autoyast-rnc/auth-server.rnc 1970-01-01 01:00:00.000000000 +0100
+++ new/yast2-auth-server-3.1.3/src/autoyast-rnc/auth-server.rnc 2014-02-12 17:30:20.000000000 +0100
@@ -0,0 +1,86 @@
+default namespace = "http://www.suse.com/1.0/yast2ns"
+namespace a = "http://relaxng.org/ns/compatibility/annotations/1.0"
+namespace config = "http://www.suse.com/1.0/configns"
+
+#start = element profile { auth-server }
+#include '/usr/share/YaST2/schema/autoyast/rnc/common.rnc'
+
+auth-server = element auth-server {
+ element daemon {
+ element listeners {
+ LIST,
+ element listentry { text }+
+ }? &
+ element serviceEnabled { BOOLEAN }? &
+ element slp { BOOLEAN }?
+ }? &
+ element databases {
+ LIST,
+ element listentry {
+ element access {
+ LIST,
+ element listentry {
+ element access {
+ LIST,
+ element listentry {
+ element level { text } &
+ element type { text } &
+ element value { text }?
+ }+
+ }+ &
+ element target {
+ element attrs { text }? &
+ element filter { text }? &
+ element dn {
+ element style { text }? &
+ element value { text }?
+ }?
+ }?
+ }*
+ }* &
+ element indexes { Anything }* &
+ element checkpoint {
+ LIST,
+ element listentry { text }+
+ }? &
+ element directory { text }? &
+ element entrycache { text }? &
+ element idlcache { text }? &
+ element rootdn { text }? &
+ element rootpw { text }? &
+ element suffix { text }? &
+ element type { text }?
+ }*
+ }? &
+ element globals {
+ element allow {
+ LIST,
+ element listentry { text }*
+ }? &
+ element disallow {
+ LIST,
+ element listentry { text }*
+ }? &
+ element loglevel {
+ LIST,
+ element listentry { text }*
+ }? &
+ element tlsconfig {
+ element caCertDir { text }? &
+ element caCertFile { text }? &
+ element certFile { text }? &
+ element certKeyFile { text }? &
+ element crlCheck { text }? &
+ element crlFile { text }? &
+ element verifyClient { text }?
+ }?
+ }? &
+ element schema {
+ LIST,
+ element listentry {
+ element includeldif { text }? &
+ element includeschema { text }?
+ }*
+ }?
+}
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-server-3.1.2/src/autoyast-rnc/ldap-server.rnc new/yast2-auth-server-3.1.3/src/autoyast-rnc/ldap-server.rnc
--- old/yast2-auth-server-3.1.2/src/autoyast-rnc/ldap-server.rnc 2014-02-05 14:37:16.000000000 +0100
+++ new/yast2-auth-server-3.1.3/src/autoyast-rnc/ldap-server.rnc 1970-01-01 01:00:00.000000000 +0100
@@ -1,86 +0,0 @@
-default namespace = "http://www.suse.com/1.0/yast2ns"
-namespace a = "http://relaxng.org/ns/compatibility/annotations/1.0"
-namespace config = "http://www.suse.com/1.0/configns"
-
-#start = element profile { ldap-server }
-#include '/usr/share/YaST2/schema/autoyast/rnc/common.rnc'
-
-ldap-server = element ldap-server {
- element daemon {
- element listeners {
- LIST,
- element listentry { text }+
- }? &
- element serviceEnabled { BOOLEAN }? &
- element slp { BOOLEAN }?
- }? &
- element databases {
- LIST,
- element listentry {
- element access {
- LIST,
- element listentry {
- element access {
- LIST,
- element listentry {
- element level { text } &
- element type { text } &
- element value { text }?
- }+
- }+ &
- element target {
- element attrs { text }? &
- element filter { text }? &
- element dn {
- element style { text }? &
- element value { text }?
- }?
- }?
- }*
- }* &
- element indexes { Anything }* &
- element checkpoint {
- LIST,
- element listentry { text }+
- }? &
- element directory { text }? &
- element entrycache { text }? &
- element idlcache { text }? &
- element rootdn { text }? &
- element rootpw { text }? &
- element suffix { text }? &
- element type { text }?
- }*
- }? &
- element globals {
- element allow {
- LIST,
- element listentry { text }*
- }? &
- element disallow {
- LIST,
- element listentry { text }*
- }? &
- element loglevel {
- LIST,
- element listentry { text }*
- }? &
- element tlsconfig {
- element caCertDir { text }? &
- element caCertFile { text }? &
- element certFile { text }? &
- element certKeyFile { text }? &
- element crlCheck { text }? &
- element crlFile { text }? &
- element verifyClient { text }?
- }?
- }? &
- element schema {
- LIST,
- element listentry {
- element includeldif { text }? &
- element includeschema { text }?
- }*
- }?
-}
-
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-server-3.1.2/src/clients/auth-server.rb new/yast2-auth-server-3.1.3/src/clients/auth-server.rb
--- old/yast2-auth-server-3.1.2/src/clients/auth-server.rb 2014-02-05 14:37:16.000000000 +0100
+++ new/yast2-auth-server-3.1.3/src/clients/auth-server.rb 2014-02-12 17:30:20.000000000 +0100
@@ -1,7 +1,7 @@
# encoding: utf-8
# File: clients/auth-server.rb
-# Package: Configuration of ldap-server
+# Package: Configuration of auth-server
# Summary: Main file
# Authors: Andreas Bauer
#
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-server-3.1.2/src/clients/auth-server_auto.rb new/yast2-auth-server-3.1.3/src/clients/auth-server_auto.rb
--- old/yast2-auth-server-3.1.2/src/clients/auth-server_auto.rb 2014-02-05 14:37:16.000000000 +0100
+++ new/yast2-auth-server-3.1.3/src/clients/auth-server_auto.rb 2014-02-12 17:30:20.000000000 +0100
@@ -93,7 +93,7 @@
end
Builtins.y2debug("ret=%1", @ret)
- Builtins.y2milestone("LdapServer auto finished")
+ Builtins.y2milestone("AuthServer auto finished")
Builtins.y2milestone("----------------------------------------")
deep_copy(@ret)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-server-3.1.2/src/clients/openldap-mirrormode.rb new/yast2-auth-server-3.1.3/src/clients/openldap-mirrormode.rb
--- old/yast2-auth-server-3.1.2/src/clients/openldap-mirrormode.rb 2014-02-05 14:37:16.000000000 +0100
+++ new/yast2-auth-server-3.1.3/src/clients/openldap-mirrormode.rb 2014-02-12 17:30:20.000000000 +0100
@@ -17,6 +17,8 @@
textdomain "auth-server"
+ Yast.import "AuthServer"
+
# The main ()
Builtins.y2milestone("----------------------------------------")
Builtins.y2milestone("OpenLDAP MirrorMode module started")
@@ -35,8 +37,8 @@
"Configuration of OpenLDAP MirrorMode replication"
),
"guihandler" => fun_ref(method(:MirrorModeSequence), "any ()"),
- "initialize" => fun_ref(LdapServer.method(:Read), "boolean ()"),
- "finish" => fun_ref(LdapServer.method(:Write), "boolean ()")
+ "initialize" => fun_ref(AuthServer.method(:Read), "boolean ()"),
+ "finish" => fun_ref(AuthServer.method(:Write), "boolean ()")
}
# main ui function
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-server-3.1.2/src/desktop/auth-server.desktop new/yast2-auth-server-3.1.3/src/desktop/auth-server.desktop
--- old/yast2-auth-server-3.1.2/src/desktop/auth-server.desktop 2014-02-05 14:37:16.000000000 +0100
+++ new/yast2-auth-server-3.1.3/src/desktop/auth-server.desktop 2014-02-12 17:30:20.000000000 +0100
@@ -5,7 +5,7 @@
X-KDE-ModuleType=Library
X-KDE-HasReadOnlyMode=true
X-KDE-Library=yast2
-X-SuSE-YaST-Call=ldap-server
+X-SuSE-YaST-Call=auth-server
X-SuSE-YaST-Group=Net_advanced
X-SuSE-YaST-Argument=
@@ -18,7 +18,7 @@
X-SuSE-YaST-AutoInstRequires=lan,ca_mgm
X-SuSE-YaST-AutoInstSchema=auth-server.rnc
-Icon=yast-auth-server
+Icon=yast-ldap-server
Exec=xdg-su -c "/sbin/yast2 auth-server"
Name=Authentication Server
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-server-3.1.2/src/include/auth-server/complex.rb new/yast2-auth-server-3.1.3/src/include/auth-server/complex.rb
--- old/yast2-auth-server-3.1.2/src/include/auth-server/complex.rb 2014-02-05 14:37:16.000000000 +0100
+++ new/yast2-auth-server-3.1.3/src/include/auth-server/complex.rb 2014-02-12 17:30:20.000000000 +0100
@@ -16,8 +16,6 @@
Yast.import "Label"
Yast.import "Popup"
Yast.import "Wizard"
- #Yast.import "LdapServer"
- #Yast.import "KerberosServer"
Yast.import "AuthServer"
Yast.import "Package"
Yast.import "Service"
@@ -197,7 +195,7 @@
def DoMigration
AuthServer.UseLdapiForConfig(true)
if !AuthServer.MigrateSlapdConf
- Builtins.y2milestone("LdapServer::MigrateSlapdConf failed")
+ Builtins.y2milestone("AuthServer::MigrateSlapdConf failed")
DisplayError(AuthServer.ReadError)
return :abort
end
@@ -223,7 +221,6 @@
DisplayError(AuthServer.ReadError)
return :abort
end
- # ret = LdapServer::WritePPolicyObjects();
ret ? :next : :abort
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-server-3.1.2/src/include/auth-server/dialogs.rb new/yast2-auth-server-3.1.3/src/include/auth-server/dialogs.rb
--- old/yast2-auth-server-3.1.2/src/include/auth-server/dialogs.rb 2014-02-05 14:37:16.000000000 +0100
+++ new/yast2-auth-server-3.1.3/src/include/auth-server/dialogs.rb 2014-02-12 17:30:20.000000000 +0100
@@ -179,7 +179,7 @@
else
Builtins.y2error(
Builtins.sformat(
- "LdapServer Module: illegal handler '%1' for item '%2'",
+ "AuthServer Module: illegal handler '%1' for item '%2'",
handler,
item
)
@@ -586,7 +586,6 @@
UI.SetFocus(Id(:pw1))
next
end
- AuthServer.AddKerberosEntries
end
break
@@ -697,7 +696,7 @@
ret = Convert.to_symbol(UI.UserInput)
if ret == :abort || ret == :cancel
- if ReallyAbort()
+ if Popup.ReallyAbort(true)
break
else
next
@@ -909,7 +908,7 @@
Report.Error(
Ops.add(
Ops.add(
- "LdapServer Module: illegal input handler for item '",
+ "AuthServer Module: illegal input handler for item '",
@current_tree_item
),
"'"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-server-3.1.2/src/include/auth-server/tree_structure.rb new/yast2-auth-server-3.1.3/src/include/auth-server/tree_structure.rb
--- old/yast2-auth-server-3.1.2/src/include/auth-server/tree_structure.rb 2014-02-05 14:37:16.000000000 +0100
+++ new/yast2-auth-server-3.1.3/src/include/auth-server/tree_structure.rb 2014-02-12 17:30:20.000000000 +0100
@@ -162,6 +162,9 @@
def cb_read_daemon
Builtins.y2milestone("calling read handler for item \"daemon\"")
enabled = AuthServer.ReadServiceEnabled
+ kerberos = AuthServer.ReadKerberosEnabled
+ Builtins.y2milestone("openldap is: '%1'", enabled)
+ Builtins.y2milestone("kerberos is: '%1'", kerberos)
CWMFirewallInterfaces.OpenFirewallInit(@fw_widget, "")
if enabled
UI.ChangeWidget(:rb_service_enable, :CurrentButton, :rb_yes)
@@ -173,6 +176,10 @@
else
UI.ChangeWidget(:cb_register_slp, :Value, false)
end
+
+ krb_button = kerberos ? :rb_kerberos_yes : :rb_kerberos_no
+ UI.ChangeWidget(:rb_kerberos_enable, :CurrentButton, krb_button)
+
if AuthServer.ReadProtocolListenerEnabled("ldap")
UI.ChangeWidget(:cb_interface_ldap, :Value, true)
else
@@ -199,6 +206,9 @@
AuthServer.WriteServiceEnabled(false)
end
+ kerberosEnabled = UI.QueryWidget(Id(:rb_kerberos_enable), :CurrentButton)
+ AuthServer.WriteKerberosEnabled(kerberosEnabled == :rb_kerberos_yes)
+
AuthServer.WriteSLPEnabled(
Convert.to_boolean(UI.QueryWidget(Id(:cb_register_slp), :Value))
)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-server-3.1.2/src/include/auth-server/widgets.rb new/yast2-auth-server-3.1.3/src/include/auth-server/widgets.rb
--- old/yast2-auth-server-3.1.2/src/include/auth-server/widgets.rb 2014-02-05 14:37:16.000000000 +0100
+++ new/yast2-auth-server-3.1.3/src/include/auth-server/widgets.rb 2014-02-12 17:30:20.000000000 +0100
@@ -12,12 +12,11 @@
textdomain "auth-server"
Yast.import "CWMFirewallInterfaces"
Yast.import "Label"
- Yast.import "Ldap"
Yast.import "Popup"
Yast.import "Wizard"
@firewall_settings = {
- "services" => ["service:openldap"],
+ "services" => ["service:openldap", "service:kdc", "service:kadmind"],
"display_details" => true
}
@@ -62,6 +61,29 @@
)
),
HStretch()
+ )
+ )
+ ),
+ VSpacing(),
+ VBox(
+ Frame(
+ _("&Start Kerberos Server"),
+ VBox(
+ RadioButtonGroup(
+ Id(:rb_kerberos_enable),
+ VBox(
+ Left(RadioButton(Id(:rb_kerberos_no), Opt(:notify), Label.NoButton)),
+ Left(
+ RadioButton(
+ Id(:rb_kerberos_yes),
+ Opt(:notify),
+ Label.YesButton,
+ true
+ )
+ )
+ )
+ ),
+ HStretch()
)
)
),
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-server-3.1.2/src/include/auth-server/wizards.rb new/yast2-auth-server-3.1.3/src/include/auth-server/wizards.rb
--- old/yast2-auth-server-3.1.2/src/include/auth-server/wizards.rb 2014-02-05 14:37:16.000000000 +0100
+++ new/yast2-auth-server-3.1.3/src/include/auth-server/wizards.rb 2014-02-12 17:30:20.000000000 +0100
@@ -97,6 +97,11 @@
:advanced => "kerberos_adv",
:abort => :abort
},
+ "kerberos_adv" => {
+ :abort => :abort,
+ :next => "kerberos",
+ :back => "kerberos"
+ },
"mastersetup" => { :next => :next, :abort => :abort }
}
@@ -166,6 +171,11 @@
:next => "summary",
:advanced => "kerberos_adv"
},
+ "kerberos_adv" => {
+ :abort => :abort,
+ :next => "kerberos",
+ :back => "kerberos"
+ },
"mastersetup" => { :next => "summary", :abort => :abort },
"summary" => {
:next => "write",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-server-3.1.2/src/modules/AuthServer.pm new/yast2-auth-server-3.1.3/src/modules/AuthServer.pm
--- old/yast2-auth-server-3.1.2/src/modules/AuthServer.pm 2014-02-05 14:37:16.000000000 +0100
+++ new/yast2-auth-server-3.1.3/src/modules/AuthServer.pm 2014-02-12 17:30:20.000000000 +0100
@@ -1,5 +1,5 @@
#! /usr/bin/perl -w
-# File: modules/LdapServer.pm
+# File: modules/AuthServer.pm
# Package: Configuration of ldap-server
# Summary: LdapServer settings, input and output functions
# Authors: Ralf Haferkamp , Andreas Bauer
@@ -147,6 +147,20 @@
]
}
];
+my $krb5acl = [
+ {
+ 'target' => {
+ 'attrs' => "krbPrincipalKey,krbExtraData"
+ },
+ 'access' => [
+ {
+ 'level' => 'none',
+ 'type' => '*'
+ }
+ ]
+ }
+ ];
+
my $defaultIndexes = [
{ "name" => "objectclass",
"eq" => YaST::YCP::Boolean(1)
@@ -278,18 +292,12 @@
Progress->New(_("Initializing Authentication Server Configuration"), " ", 3, $progressItems, $progressItems, "");
Progress->NextStage();
- my $serviceInfo = Service->FullInfo("ldap");
- y2milestone("Serviceinfo ldap: ". Data::Dumper->Dump([$serviceInfo]));
- my $isRunning = ( defined $serviceInfo->{"started"}) && ($serviceInfo->{"started"} == 0); # 0 == "running"
- my $isEnabled = scalar(@{$serviceInfo->{"start"}}) > 0;
- $serviceEnabled = $isEnabled;
- $serviceRunning = $isRunning;
-
- $serviceInfo = Service->FullInfo("krb5kdc");
- y2milestone("Serviceinfo krb5: ". Data::Dumper->Dump([$serviceInfo]));
- $kerberosEnabled = scalar(@{$serviceInfo->{"start"}}) > 0;
+ $serviceEnabled = Service->Enabled("slapd");
+ $serviceRunning = Service->Status("slapd") == 0;
+
+ $kerberosEnabled = Service->Enabled("krb5kdc");
- y2milestone("ldap IsRunning: " . $isRunning . " ldap IsEnabled: " . $isEnabled . " krb5 IsEnabled: " . $kerberosEnabled);
+ y2milestone("ldap Running: " . $serviceRunning . " ldap Enabled: " . $serviceEnabled . " krb5 Enabled: " . $kerberosEnabled);
$use_ldapi_listener = ( "yes" eq SCR->Read('.sysconfig.openldap.OPENLDAP_START_LDAPI') );
$ldapi_interfaces = SCR->Read('.sysconfig.openldap.OPENLDAP_LDAPI_INTERFACES');
@@ -309,7 +317,7 @@
if ( $configBackend eq "ldap" )
{
$usesBackConfig = 1;
- if ( $isRunning )
+ if ( $serviceRunning )
{
# assume a changed config as we don't ship a default for back-config
$slapdConfChanged = 1;
@@ -742,29 +750,23 @@
my $uriParts = URL->Parse($ldapdb->{ldap_servers});
- if($uriParts->{scheme} eq "ldapi")
+ if($uriParts->{scheme} eq "ldapi" || $uriParts->{scheme} eq "ldaps" || $uriParts->{scheme} eq "ldap")
{
# local ldap server; use hostname and domain
$ldapMap->{ldap_servers} = $self->ReadHostnameFQ(); # == ldap server IP address or name
}
- elsif(($uriParts->{scheme} eq "ldaps" || $uriParts->{scheme} eq "ldap") && $uriParts->{host} ne "")
- {
- # local ldap server; use hostname and domain
- $ldapMap->{ldap_servers} = $uriParts->{host}; # == ldap server IP address or name
- $ldapMap->{ldap_port} = $uriParts->{port};
- }
- else
- {
- y2error("Wrong LDAP URI: scheme ".$uriParts->{scheme}." not allowed");
- $self->SetError(_("Invalid LDAP URI scheme."), $uriParts->{scheme}." is not allowed.");
- return 0;
- }
-
- if(!exists $ldapMap->{ldap_port} || !defined $ldapMap->{ldap_port} || $ldapMap->{ldap_port} eq "")
- {
- # ldaps on 636 is not supported by the ldap agent
- $ldapMap->{ldap_port} = 389;
- }
+ else
+ {
+ y2error("Wrong LDAP URI: scheme ".$uriParts->{scheme}." not allowed");
+ $self->SetError(_("Invalid LDAP URI scheme."), $uriParts->{scheme}." is not allowed.");
+ return 0;
+ }
+
+ if(!exists $ldapMap->{ldap_port} || !defined $ldapMap->{ldap_port} || $ldapMap->{ldap_port} eq "")
+ {
+ # ldaps on 636 is not supported by the ldap agent
+ $ldapMap->{ldap_port} = 389;
+ }
}
if (! SCR->Execute(".ldap", {"hostname" => $ldapMap->{'ldap_servers'},
@@ -1075,12 +1077,12 @@
}
}
- if(Service->Status("krb5kdc") == 0 && getServiceEnabled())
+ if(Service->Status("krb5kdc") == 0 && $self->ReadKerberosEnabled())
{
Service->Adjust("krb5kdc", "enable");
Service->RunInitScript ("krb5kdc", "restart");
}
- elsif(getServiceEnabled())
+ elsif($self->ReadKerberosEnabled())
{
Service->Adjust("krb5kdc", "enable");
Service->RunInitScript ("krb5kdc", "start");
@@ -1091,12 +1093,12 @@
Service->RunInitScript ("krb5kdc", "stop");
}
- if(Service->Status("kadmind") == 0 && getServiceEnabled())
+ if(Service->Status("kadmind") == 0 && $self->ReadKerberosEnabled())
{
Service->Adjust("kadmind", "enable");
Service->RunInitScript ("kadmind", "restart");
}
- elsif(getServiceEnabled())
+ elsif($self->ReadKerberosEnabled())
{
Service->Adjust("kadmind", "enable");
Service->RunInitScript ("kadmind", "start");
@@ -1445,7 +1447,7 @@
SCR->Write('.sysconfig.openldap.OPENLDAP_START_LDAPS', 'no');
}
SuSEFirewall->Write();
- my $wasEnabled = Service->Enabled("ldap");
+ my $wasEnabled = Service->Enabled("slapd");
if ( !$wasEnabled && $serviceEnabled )
{
# service was disabled during this session, just disable the service
@@ -1455,9 +1457,9 @@
];
Progress->New(_("Activating OpenLDAP Server"), "", 2, $progressItems, $progressItems, "");
Progress->NextStage();
- Service->Enable("ldap");
+ Service->Enable("slapd");
Progress->NextStage();
- Service->Start("ldap");
+ Service->Start("slapd");
Progress->Finish();
return 0;
}
@@ -1466,7 +1468,23 @@
my $progressItems = [_("Starting LDAP Server") ];
Progress->New(_("Restarting OpenLDAP Server"), "", 1, $progressItems, $progressItems, "");
Progress->NextStage();
- Service->Start("ldap");
+ Service->Start("slapd");
+ Progress->Finish();
+ return 0;
+ }
+ my $kerberosWasEnabled = Service->Enabled("krb5kdc");
+ if ( !$wasEnabled && $kerberosEnabled )
+ {
+ my $progressItems = [ _("Enabling Kerberos Server"),
+ _("Starting Kerberos Server")
+ ];
+ Progress->New(_("Activating Kerberos Server"), "", 2, $progressItems, $progressItems, "");
+ Progress->NextStage();
+ Service->Enable("krb5kdc");
+ Service->Enable("kadmind");
+ Progress->NextStage();
+ Service->Start("krb5kdc");
+ Service->Start("kadmind");
Progress->Finish();
return 0;
}
@@ -1496,7 +1514,7 @@
_("Starting OpenLDAP Server"),
_("Creating Base Objects"),
_("Saving Kerberos Configuration") ];
- Progress->New(_("Writing OpenLDAP Server Configuration"), "", 6, $progressItems, $progressItems, "");
+ Progress->New(_("Writing Auth Server Configuration"), "", 6, $progressItems, $progressItems, "");
Progress->NextStage();
@@ -1590,7 +1608,7 @@
}
Progress->NextStage();
- $rc = Service->Enable("ldap");
+ $rc = Service->Enable("slapd");
if ( ! $rc )
{
y2error("Error while enabing the LDAP Service: ". Service->Error() );
@@ -1606,7 +1624,7 @@
{
SCR->Write('.sysconfig.openldap.OPENLDAP_START_LDAPS', 'no');
}
- $rc = Service->Restart("ldap");
+ $rc = Service->Restart("slapd");
if (! $rc )
{
y2error("Error while starting the LDAP service");
@@ -1622,6 +1640,8 @@
["localhost"]);
SCR->Write(".etc.ldap_conf.value.\"/etc/openldap/ldap.conf\".base",
[$ldapconf_base]);
+ SCR->Write(".etc.ldap_conf.value.\"/etc/openldap/ldap.conf\".binddn",
+ [$dbDefaults{'rootdn'}]);
my $tls = $self->ReadTlsConfig();
if ( ref($tls) eq "HASH" && $tls->{'caCertFile'} ne "" )
{
@@ -1665,7 +1685,7 @@
Progress->Finish();
SuSEFirewall->Write();
} else {
- my $wasEnabled = Service->Enabled("ldap");
+ my $wasEnabled = Service->Enabled("slapd");
if ( $wasEnabled && !$serviceEnabled )
{
# service was disabled during this session, just disable the service
@@ -1675,16 +1695,41 @@
];
Progress->New(_("De-activating OpenLDAP Server"), "", 2, $progressItems, $progressItems, "");
Progress->NextStage();
- Service->Disable("ldap");
+ Service->Disable("slapd");
Progress->NextStage();
- Service->Stop("ldap");
+ Service->Stop("slapd");
Progress->Finish();
return 1;
}
if ( ! $wasEnabled && $serviceEnabled )
{
- Service->Enable("ldap");
- Service->Start("ldap");
+ Service->Enable("slapd");
+ Service->Start("slapd");
+ }
+ my $kerberosWasEnabled = Service->Enabled("krb5kdc");
+ if ( $kerberosWasEnabled && !$kerberosEnabled )
+ {
+ # service was disabled during this session, just disable the service
+ # in the system, stop it and ignore any configuration changes.
+ my $progressItems = [ _("Stopping Kerberos Server"),
+ _("Disabling Kerberos Server")
+ ];
+ Progress->New(_("De-activating Kerberos Server"), "", 2, $progressItems, $progressItems, "");
+ Progress->NextStage();
+ Service->Disable("krb5kdc");
+ Service->Disable("kadmind");
+ Progress->NextStage();
+ Service->Stop("krb5kdc");
+ Service->Stop("kadmind");
+ Progress->Finish();
+ return 1;
+ }
+ if ( ! $kerberosWasEnabled && $kerberosEnabled )
+ {
+ Service->Enable("krb5kdc");
+ Service->Enable("kadmind");
+ Service->Start("krb5kdc");
+ Service->Start("kadmind");
}
my $progressItems = [ _("Writing Sysconfig files"),
_("Applying changes to Configuration Database"),
@@ -1695,7 +1740,7 @@
_("Restarting OpenLDAP Server if required"),
];
- Progress->New(_("Writing OpenLDAP Configuration"), "", 7, $progressItems, $progressItems, "");
+ Progress->New(_("Writing AuthServer Configuration"), "", 7, $progressItems, $progressItems, "");
Progress->NextStage();
# these changes require a restart of slapd
@@ -1787,6 +1832,8 @@
["localhost"]);
SCR->Write(".etc.ldap_conf.value.\"/etc/openldap/ldap.conf\".base",
[$ldapconf_base]);
+ SCR->Write(".etc.ldap_conf.value.\"/etc/openldap/ldap.conf\".binddn",
+ [$dbDefaults{'rootdn'}]);
y2milestone("Updated /etc/openldap/ldap.conf");
}
Progress->NextStage();
@@ -1821,7 +1868,7 @@
}
y2milestone("background tasks completed");
Progress->NextStage();
- Service->Restart("ldap");
+ Service->Restart("slapd");
}
else
{
@@ -1853,7 +1900,7 @@
$usingDefaults = 1;
$overwriteConfig = 0;
$self->WriteServiceEnabled( 0 );
- y2milestone("Wrong/empty ldap-server profile");
+ y2milestone("Wrong/empty auth-server profile");
return 0;
}
@@ -2457,7 +2504,7 @@
# Explicit cache flush, see bnc#350581 for details
SCR->Write(".sysconfig.openldap", undef);
Progress->NextStage();
- $rc = Service->Restart("ldap");
+ $rc = Service->Restart("slapd");
if (! $rc )
{
y2error("Error while starting the LDAP service");
@@ -2650,6 +2697,17 @@
return $rc;
}
+ if ( $self->ReadKerberosEnabled() )
+ {
+ $rc = SCR->Write(".ldapserver.schema.addFromSchemafile", "/usr/share/doc/packages/krb5/kerberos.schema");
+ if ( ! $rc ) {
+ my $err = SCR->Error(".ldapserver");
+ y2error("Adding Schema failed: ".$err->{'summary'}." ".$err->{'description'});
+ $self->SetError( $err->{'summary'}, $err->{'description'} );
+ return $rc;
+ }
+ }
+
if ( ! defined SCR->Read(".target.dir", $database->{directory}) ) {
my $ret = SCR->Execute(".target.bash", "mkdir -m 0700 -p ".$database->{directory});
if( ( $ret ) && ( ! defined SCR->Read(".target.dir", $database->{directory}) ) ) {
@@ -2675,6 +2733,10 @@
$self->ChangeDatabaseIndex(1, $idx );
}
}
+ if ( $self->ReadKerberosEnabled() )
+ {
+ $self->ChangeDatabaseIndex(1, {"name" => "krbPrincipalName", "eq" => 1} );
+ }
$self->WriteLdapConfBase($database->{'suffix'});
if ( defined $dbDefaults{'configpw'} && $dbDefaults{'configpw'} ne "" )
@@ -2766,6 +2828,10 @@
# add default ACLs
$rc = SCR->Write(".ldapserver.database.{-1}.acl", $defaultGlobalAcls );
$rc = SCR->Write(".ldapserver.database.{1}.acl", $defaultDbAcls );
+ if ( $self->ReadKerberosEnabled() )
+ {
+ $rc = SCR->Write(".ldapserver.database.{1}.acl", $krb5acl );
+ }
push @added_databases, $dbDefaults{'suffix'};
$self->WriteAuthInfo( $dbDefaults{'suffix'},
{ bind_dn => $dbDefaults{'rootdn'},
@@ -3141,73 +3207,6 @@
$ldapdb->{$key} = $val;
}
-BEGIN { $TYPEINFO {AddKerberosEntries} = ["function", "boolean"]; }
-sub AddKerberosEntries
-{
- my $ret = 0;
- my $self = shift;
-
- y2milestone("AddKerberosEntries");
-
- if(! -e "/usr/share/doc/packages/krb5/kerberos.schema")
- {
- y2error("Kerberos schema file not found");
- $self->SetError( _('Kerberos schema file not found.'), "/usr/share/doc/packages/krb5/kerberos.schema not found.");
- return 0;
- }
-
- $ret = $self->AddSchemaToSchemaList("/usr/share/doc/packages/krb5/kerberos.schema");
- if(! $ret)
- {
- y2error("AddKerberosEntries => AddSchemaToSchemaList call failed");
- return 0;
- }
-
- $ret = $self->ChangeDatabaseIndex(1, {name => "krbPrincipalName", eq => 1});
- if(! $ret)
- {
- y2error("AddKerberosEntries => ChangeDatabaseIndex call failed");
- return 0;
- }
-
- my $ldapacls = $self->ReadDatabaseAcl(1);
- my $found = 0;
- foreach my $acl (@{$ldapacls})
- {
- if(exists $acl->{target}->{attrs} && defined $acl->{target}->{attrs} &&
- $acl->{target}->{attrs} =~ /krbPrincipalKey/i)
- {
- $found = 1;
- last;
- }
- }
-
- if(!$found)
- {
- my $krb5acl = {
- 'target' => {
- 'attrs' => "krbPrincipalKey,krbExtraData"
- },
- 'access' => [
- {
- 'level' => 'none',
- 'type' => '*'
- }
- ]
- };
- unshift @{$ldapacls}, $krb5acl;
-
- $ret = $self->ChangeDatabaseAcl(1, $ldapacls);
- if(! $ret)
- {
- y2error("AddKerberosEntries => ChangeDatabaseAcl call failed");
- return 0;
- }
- }
-
- return 1;
-}
-
BEGIN { $TYPEINFO{ReadDefaultLdapValues} = ["function", "void"]; }
sub ReadDefaultLdapValues
{
@@ -3261,7 +3260,7 @@
}
else
{
- $ldapdb->{ldap_kdc_dn} = "cn=Administrator,".$ldapbasedn;
+ $ldapdb->{ldap_kdc_dn} = $dbDefaults{'rootdn'};
}
}
@@ -3273,7 +3272,7 @@
}
else
{
- $ldapdb->{ldap_kadmind_dn} = "cn=Administrator,".$ldapbasedn;
+ $ldapdb->{ldap_kadmind_dn} = $dbDefaults{'rootdn'};
}
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-server-3.1.2/src/modules/YaPI/LdapServer.pm new/yast2-auth-server-3.1.3/src/modules/YaPI/LdapServer.pm
--- old/yast2-auth-server-3.1.2/src/modules/YaPI/LdapServer.pm 2014-02-05 14:37:16.000000000 +0100
+++ new/yast2-auth-server-3.1.3/src/modules/YaPI/LdapServer.pm 2014-02-12 17:30:20.000000000 +0100
@@ -1502,9 +1502,9 @@
my $enable = shift;
if( $enable ) {
- Service->Adjust( "ldap", "enable" );
+ Service->Adjust( "slapd", "enable" );
} else {
- Service->Adjust( "ldap", "disable" );
+ Service->Adjust( "slapd", "disable" );
}
return 1;
}
@@ -1528,14 +1528,14 @@
my $ret = undef;
if( $enable ) {
- $ret = Service->RunInitScript( "ldap", "restart");
+ $ret = Service->RunInitScript( "slapd", "restart");
if(! defined $ret || $ret != 0) {
return $self->SetError(summary => __("Cannot restart the service."),
description => "LDAP restart failed ($ret)",
code => "SERVICE_RESTART_FAILED");
}
} else {
- $ret = Service->RunInitScript( "ldap", "stop" );
+ $ret = Service->RunInitScript( "slapd", "stop" );
if(! defined $ret || $ret != 0) {
return $self->SetError(summary => __("Cannot stop the service."),
description => "LDAP stop failed ($ret)",
@@ -1559,7 +1559,7 @@
BEGIN { $TYPEINFO{ReadService} = ["function", "boolean"]; }
sub ReadService {
my $self = shift;
- return Service->Enabled('ldap');
+ return Service->Enabled('slapd');
}
=item *
continue with "q"...
Checked in at Wed Feb 12 17:59:23 CET 2014 by ro
Remember to have fun...
--
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org