Author: jsuchome
Date: Tue Dec 7 16:45:14 2010
New Revision: 62970
URL: http://svn.opensuse.org/viewcvs/yast?rev=62970&view=rev
Log:
- added support for SSSD (fate#308902)
- 2.20.1
Added:
trunk/ldap-client/agents/etc_sssd_conf.scr
Modified:
trunk/ldap-client/VERSION
trunk/ldap-client/agents/Makefile.am
trunk/ldap-client/package/yast2-ldap-client.changes
trunk/ldap-client/src/Ldap.ycp
trunk/ldap-client/src/ui.ycp
trunk/ldap-client/testsuite/tests/Export.out
Modified: trunk/ldap-client/VERSION
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-client/VERSION?rev=62970&r1=62969&r2=62970&view=diff
==============================================================================
--- trunk/ldap-client/VERSION (original)
+++ trunk/ldap-client/VERSION Tue Dec 7 16:45:14 2010
@@ -1 +1 @@
-2.20.0
+2.20.1
Modified: trunk/ldap-client/agents/Makefile.am
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-client/agents/Makefile.am?rev=62970&r1=62969&r2=62970&view=diff
==============================================================================
--- trunk/ldap-client/agents/Makefile.am (original)
+++ trunk/ldap-client/agents/Makefile.am Tue Dec 7 16:45:14 2010
@@ -5,7 +5,8 @@
#
scrconf_DATA = ldap_conf.scr \
- cfg_ldap.scr
+ cfg_ldap.scr \
+ etc_sssd_conf.scr
fillup_DATA = sysconfig.ldap
Added: trunk/ldap-client/agents/etc_sssd_conf.scr
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-client/agents/etc_sssd_conf.scr?rev=62970&view=auto
==============================================================================
--- trunk/ldap-client/agents/etc_sssd_conf.scr (added)
+++ trunk/ldap-client/agents/etc_sssd_conf.scr Tue Dec 7 16:45:14 2010
@@ -0,0 +1,26 @@
+#
+
+.etc.sssd_conf
+
+`ag_ini(
+// `IniAgent("/etc/sssd/sssd.conf", $[ FIXME
+ `IniAgent("/tmp/sssd.conf", $[
+ "options" : [ "ignore_case_regexps", "line_can_continue"],
+ "comments": [
+ "^[ \t]*$", // empty line
+ "^[ \t]*[;#].*"
+ ],
+ "sections" : [
+ $[
+ "begin" : [ "^[ \t]*\\[[ \t]*(.*[^ \t])[ \t]*\\][ \t]*", "[%s]" ],
+ ]
+ ],
+ "params" : [
+ $[
+ "match" : [ "^[ \t]*([a-z0-9:_ ]*[a-z])[ \t]*=[ \t]*(.*[^ \t])[ \t]*$" , "%s = %s"],
+ ]
+ ]
+ ]
+ )
+)
+
Modified: trunk/ldap-client/package/yast2-ldap-client.changes
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-client/package/yast2-ldap-client.changes?rev=62970&r1=62969&r2=62970&view=diff
==============================================================================
--- trunk/ldap-client/package/yast2-ldap-client.changes (original)
+++ trunk/ldap-client/package/yast2-ldap-client.changes Tue Dec 7 16:45:14 2010
@@ -1,4 +1,10 @@
-------------------------------------------------------------------
+Mon Nov 29 15:54:01 CET 2010 - jsuchome@suse.cz
+
+- added support for SSSD (fate#308902)
+- 2.20.1
+
+-------------------------------------------------------------------
Wed Aug 18 09:37:58 CEST 2010 - jsuchome@suse.cz
- save certificate info to /etc/openldap/ldap.conf (bnc#629549)
Modified: trunk/ldap-client/src/Ldap.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-client/src/Ldap.ycp?rev=62970&r1=62969&r2=62970&view=diff
==============================================================================
--- trunk/ldap-client/src/Ldap.ycp (original)
+++ trunk/ldap-client/src/Ldap.ycp Tue Dec 7 16:45:14 2010
@@ -30,6 +30,7 @@
import "Report";
import "Service";
import "Stage";
+ import "String";
import "Summary";
/**
@@ -292,6 +293,18 @@
// map with modifications of Password Policies objects
global map ppolicies = $[];
+ // packages needed for pam_ldap/nss_ldap configuration
+ global list<string> pam_nss_packages = ["pam_ldap", "nss_ldap"];
+
+ // packages needed for sssd configuration
+ global list<string> sssd_packages = [ "sssd" ];
+
+ // if sssd is used instead of pam_ldap/nss_ldap (fate#308902)
+ global boolean sssd = true;
+
+ // enable/disable offline authentication ('cache_credentials' key)
+ global boolean sssd_cache_credentials = false;
+
//----------------------------------------------------------------
/**
@@ -367,7 +380,7 @@
if (start)
required_packages = (list<string>)
- union (required_packages, ["pam_ldap", "nss_ldap"]);
+ union (required_packages, sssd ? sssd_packages : pam_nss_packages);
return ($["install": required_packages, "remove": []]);
}
@@ -400,6 +413,7 @@
tls_cacertfile = settings ["tls_cacertfile"]:"";
tls_checkpeer = settings ["tls_checkpeer"]:"yes";
mkhomedir = settings ["mkhomedir"]:mkhomedir;
+ sssd = settings ["sssd"]:sssd;
if (_start_autofs)
required_packages = (list<string>) union (required_packages, ["autofs"]);
@@ -441,7 +455,8 @@
"member_attribute" : member_attribute,
"create_ldap" : create_ldap,
"login_enabled" : login_enabled,
- "mkhomedir" : mkhomedir
+ "mkhomedir" : mkhomedir,
+ "sssd" : sssd
];
if (tls_checkpeer != "yes")
e["tls_checkpeer"] = tls_checkpeer;
@@ -479,14 +494,15 @@
summary = Summary::AddHeader(summary, _("LDAP Server"));
summary = Summary::AddLine(summary,( server!="") ? server : Summary::NotConfigured());
// summary item
- summary = Summary::AddHeader(summary, _("LDAP Version 2"));
- // summary (LDAP version 2?)
- summary = Summary::AddLine(summary, (ldap_v2) ? _("Yes") : Summary::NotConfigured());
- // summary item
summary = Summary::AddHeader(summary, _("LDAP TLS/SSL"));
// summary (use TLS?)
summary = Summary::AddLine(summary, (ldap_tls) ? _("Yes") : Summary::NotConfigured());
+ // summary item
+ summary = Summary::AddHeader(summary, _("System Security Services Daemon (SSSD) Set"));
+ // summary (LDAP version 2?)
+ summary = Summary::AddLine(summary, (sssd && start) ? _("Yes") : Summary::NotConfigured());
+
return summary;
}
@@ -515,6 +531,11 @@
// summary
summary = summary + "<br>" + _("LDAP TLS/SSL Configured");
}
+ if (start && sssd)
+ {
+ // summary
+ summary = summary + "<br>" + _("System Security Services Daemon (SSSD) Set");
+ }
return summary;
}
@@ -637,11 +658,29 @@
nsswitch[db] = Nsswitch::ReadDb (db);
});
+ // 'start' means that LDAP is present in nsswitch somehow... either as 'compat'/'ldap'...
start = contains (nsswitch["passwd"]:[], "ldap") ||
(contains (nsswitch["passwd"]:[], "compat") &&
contains (nsswitch["passwd_compat"]:[], "ldap")) ||
(oes && contains (nsswitch["passwd"]:[], "nam"));
+ if (start)
+ {
+ // nss_ldap is used
+ sssd = false;
+ }
+ else
+ {
+ // ... or as 'sssd'
+ start = contains (nsswitch["passwd"]:[], "sssd");
+ }
+
+ // nothing is configured, but some packages are installed
+ if (!start && Package::InstalledAll (pam_nss_packages) && !Package::InstalledAll (sssd_packages))
+ {
+ sssd = false;
+ }
+
old_start = start;
nis_available = contains (nsswitch["passwd"]:[], "nis") ||
@@ -774,6 +813,7 @@
Autologin::Read ();
+
// Now check if previous configuration of LDAP server didn't proposed
// some better values:
if (Stage::cont ())
@@ -1900,6 +1940,83 @@
return write_openldap_conf;
}
+ /**
+ * Write updated /etc/sssd/sssd.conf file
+ */
+ global boolean WriteSSSDConfig () {
+
+ list<string> sections = SCR::Dir (.etc.sssd_conf.section);
+
+ SCR::Write (.etc.sssd_conf.v.sssd.domains, "default");
+
+
+ // "The "services" setting should have the value "nss, pam"
+ SCR::Write (.etc.sssd_conf.v.sssd.services, "nss,pam");
+
+ // " Make sure that "filter_groups" and "filter_users" in the "[nss]" section contains "root".
+ string f_g = (string) SCR::Read (.etc.sssd_conf.v.nss.filter_groups);
+ list<string> l = (list<string>) union (splitstring (f_g, ","), ["root"]);
+ SCR::Write (.etc.sssd_conf.v.nss.filter_groups, mergestring (l, ","));
+
+ string f_u = (string) SCR::Read (.etc.sssd_conf.v.nss.filter_users);
+ l = (list<string>) union (splitstring (f_u, ","), ["root"]);
+ SCR::Write (.etc.sssd_conf.v.nss.filter_users, mergestring (l, ","));
+
+ path domain = add (.etc.sssd_conf.v, "domain/default");
+
+ string uri = sformat ("ldap%1://%2", ldap_tls ? "s" : "", String::FirstChunk (server, " \t"));
+ SCR::Write (add (domain, "ldap_uri"), uri);
+ SCR::Write (add (domain, "ldap_search_base"), base_dn);
+ SCR::Write (add (domain, "ldap_schema"), "rfc2307bis");
+ SCR::Write (add (domain, "id_provider"), "ldap");
+ SCR::Write (add (domain, "ldap_user_uuid"), "entryuuid");
+ SCR::Write (add (domain, "ldap_group_uuid"), "entryuuid");
+
+ SCR::Write (add (domain, "ldap_id_use_start_tls"), ldap_tls ? "True" : "False");
+ SCR::Write (add (domain, "cache_credentials"), sssd_cache_credentials ? "True" : "False");
+ SCR::Write (add (domain, "ldap_tls_cacertdir"), tls_cacertdir == "" ? nil : tls_cacertdir);
+ SCR::Write (add (domain, "ldap_tls_cacert"), tls_cacertfile == "" ? nil : tls_cacertfile);
+
+ if (!contains (sections, "domain/default"))
+ {
+ SCR::Write (add (.etc.sssd_conf.section_comment, "domain/default"), "\n# Section created by YaST\n");
+ }
+
+ // In a mixed Kerberos/LDAP setup the following changes are needed in the [domain/default] section:
+ if (Pam::Enabled("krb5"))
+ {
+ SCR::Write (add (domain, "auth_provider"), "krb5");
+ SCR::Write (add (domain, "chpass_provider"), "krb5");
+ /*
+ FIXME how to read krb settings:
+ a) use agent directly (moved out from yast2-kerberos-client)
+ b) use Read + Export of Kerberos.ycp
+
+ * Set "krb5_kdcip" to the hostname of the kerberos kdc
+ * Set "krb5_realm" to kerberos realm
+ */
+ if (Package::Installed ("yast2-kerberos-client"))
+ {
+ WFM::CallFunction ("kerberos-client_auto", ["Read"]);
+ any e = WFM::CallFunction ("kerberos-client_auto",["Export"]);
+ if (is (e,map) && e != $[])
+ {
+ map kerberos = (map) e;
+y2internal ("kerberos export map: %1", kerberos);
+ SCR::Write (add (domain, "krb5_realm"), kerberos["kerberos_client","default_domain"]:nil);
+ SCR::Write (add (domain, "krb5_kdcip"), kerberos["kerberos_client","kdc_server"]:nil);
+ }
+ }
+
+ }
+ else
+ {
+ SCR::Write (add (domain, "chpass_provider"), "ldap");
+ SCR::Write (add (domain, "auth_provider"), "ldap");
+ }
+
+ return true;
+ }
/**
* If a file does not + entry, add it.
@@ -2340,19 +2457,26 @@
AddLdapConfEntry ("pam_filter", "objectClass=posixAccount");
}
- // save the user and group bases
- user_base = base_dn;
- group_base = base_dn;
-
- WriteLdapConfEntry ("nss_base_passwd",
- (nss_base_passwd != base_dn && nss_base_passwd != "") ?
- nss_base_passwd : nil);
- WriteLdapConfEntry ("nss_base_shadow",
- (nss_base_shadow != base_dn && nss_base_shadow != "") ?
- nss_base_shadow : nil);
- WriteLdapConfEntry ("nss_base_group",
- (nss_base_group != base_dn && nss_base_group != "") ?
- nss_base_group : nil);
+ if (sssd)
+ {
+ WriteSSSDConfig ();
+ }
+ else
+ {
+ // save the user and group bases
+ user_base = base_dn;
+ group_base = base_dn;
+
+ WriteLdapConfEntry ("nss_base_passwd",
+ (nss_base_passwd != base_dn && nss_base_passwd != "") ?
+ nss_base_passwd : nil);
+ WriteLdapConfEntry ("nss_base_shadow",
+ (nss_base_shadow != base_dn && nss_base_shadow != "") ?
+ nss_base_shadow : nil);
+ WriteLdapConfEntry ("nss_base_group",
+ (nss_base_group != base_dn && nss_base_group != "") ?
+ nss_base_group : nil);
+ }
// default value is 'yes'
WriteLdapConfEntry ("tls_checkpeer", tls_checkpeer == "yes" ? nil : tls_checkpeer);
@@ -2376,38 +2500,52 @@
if (!oes)
{
- // pam settigs
- if (Pam::Enabled("krb5"))
+ if (sssd)
{
- // If kerberos is used for authentication we configure
- // pam_ldap in a way that we use only the account checking.
- // Other configuration would mess up password changing
- Pam::Add ("ldap-account_only");
+ Pam::Add ("sss");
+ // Add "sss" to the passwd and group databases in nsswitch.conf
+ Nsswitch::WriteDb ("passwd", (list<string>)
+ union (nsswitch["passwd"]:[], ["sss"]));
+ Nsswitch::WriteDb ("group", (list<string>)
+ union (nsswitch["group"]:[], ["sss"]));
}
else
{
- Pam::Add ("ldap");
- }
- // modify sources in /etc/nsswitch.conf
- Nsswitch::WriteDb ("passwd", ["compat"]);
- Nsswitch::WriteDb ("passwd_compat", (list<string>)
- union (nsswitch["passwd_compat"]:[], ["ldap"]));
+ // pam settigs
+ if (Pam::Enabled("krb5"))
+ {
+ // If kerberos is used for authentication we configure
+ // pam_ldap in a way that we use only the account checking.
+ // Other configuration would mess up password changing
+ Pam::Add ("ldap-account_only");
+ }
+ else
+ {
+ Pam::Add ("ldap");
+ }
- foreach (string db, ["services","netgroup","aliases"], {
- Nsswitch::WriteDb (db, ["files", "ldap"]);
- });
+ // modify sources in /etc/nsswitch.conf
+ Nsswitch::WriteDb ("passwd", ["compat"]);
+ Nsswitch::WriteDb ("passwd_compat", (list<string>)
+ union (nsswitch["passwd_compat"]:[], ["ldap"]));
+
+ foreach (string db, ["services","netgroup","aliases"], {
+ Nsswitch::WriteDb (db, ["files", "ldap"]);
+ });
- if (contains (nsswitch["group"]:[], "compat") &&
- contains (nsswitch["group_compat"]:[], "ldap"))
- {
- y2milestone ("group_compat present, not changing");
- }
- else
- {
- Nsswitch::WriteDb ("group", ["files", "ldap"]);
+ if (contains (nsswitch["group"]:[], "compat") &&
+ contains (nsswitch["group_compat"]:[], "ldap"))
+ {
+ y2milestone ("group_compat present, not changing");
+ }
+ else
+ {
+ Nsswitch::WriteDb ("group", ["files", "ldap"]);
+ }
}
Nsswitch::Write ();
+
}
Autologin::Write (write_only);
}
@@ -2417,18 +2555,17 @@
foreach (string db, [ "passwd", "group" ], ``{
string new_db = db+"_compat";
nsswitch [db] = filter (
- string v, nsswitch[db]:[], ``(v != "ldap"));
+ string v, nsswitch[db]:[], ``(v != "ldap" && v != "sss"));
if (nsswitch[db]:[] == [] || nsswitch[db]:[] == ["files"])
nsswitch [db] = ["compat"];
nsswitch [new_db] = filter (
- string v, nsswitch[new_db]:[], ``(v != "ldap"));
+ string v, nsswitch[new_db]:[], ``(v != "ldap" && v != "sss"));
Nsswitch::WriteDb (db, nsswitch[db]:["compat"]);
Nsswitch::WriteDb (new_db, nsswitch[new_db]:[]);
});
-
foreach (string db, ["services" ,"netgroup", "aliases" ], {
list<string> db_l = (list<string>) filter (
- string v, Nsswitch::ReadDb (db), ``(v != "ldap"));
+ string v, Nsswitch::ReadDb (db), ``(v != "ldap" && v != "sss"));
if (db_l == [])
db_l = ["files"];
Nsswitch::WriteDb (db, db_l);
@@ -2444,6 +2581,10 @@
{
Pam::Remove ("ldap-account_only");
}
+ if (Pam::Enabled ("sss"))
+ {
+ Pam::Remove ("sss");
+ }
}
@@ -2495,6 +2636,20 @@
if (!write_only)
{
+ if (sssd && start)
+ {
+ // enable the sssd daemon to be started at bootup
+ Service::Adjust ("sssd", "enable");
+ if (Service::Status ("sssd") == 0)
+ {
+ Service::Restart ("sssd");
+ }
+ else
+ {
+ Service::Start ("sssd");
+ }
+ }
+
if (Package::Installed ("nscd") && modified)
{
SCR::Execute (.target.bash, "/usr/sbin/nscd -i passwd");
@@ -2617,7 +2772,7 @@
block<boolean> abort = ``{ return false; };
- list<string> needed_packages = ["pam_ldap", "nss_ldap"];
+ list<string> needed_packages = sssd ? sssd_packages : pam_nss_packages;
if (_start_autofs && !Package::Installed("autofs"))
{
Modified: trunk/ldap-client/src/ui.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-client/src/ui.ycp?rev=62970&r1=62969&r2=62970&view=diff
==============================================================================
--- trunk/ldap-client/src/ui.ycp (original)
+++ trunk/ldap-client/src/ui.ycp Tue Dec 7 16:45:14 2010
@@ -226,11 +226,11 @@
string base_dn = Ldap::GetBaseDN ();
string server = Ldap::server;
- boolean ldap_tls = Ldap::ldap_tls;
+ boolean ldap_tls = Ldap::ldap_tls || Ldap::sssd; // force TLS to true if sssd is used
string tls_checkpeer = Ldap::tls_checkpeer;
boolean login_enabled = Ldap::login_enabled;
string certTmpFile = sformat ("%1/__LDAPcert.crt", Directory::tmpdir);
-
+ boolean sssd_cache_credentials = Ldap::sssd_cache_credentials;
boolean autofs = Ldap::_start_autofs;
term autofs_con = `Empty ();
if (Ldap::_autofs_allowed)
@@ -248,7 +248,7 @@
Ldap::_autofs_allowed ? `VSpacing (0) : `VSpacing (0.5),
`Left(`CheckBox(`id(`mkhomedir),
// checkbox label
- _("Create Home Directory on Login"), mkhomedir
+ _("C&reate Home Directory on Login"), mkhomedir
))
);
@@ -261,7 +261,7 @@
`Left(`HVSquash(`VBox (
`Left (`RadioButton(`id(`ldapno), `opt (`notify),
// radio button label
- _("Do N&ot Use LDAP"), !start)),
+ _("Do &Not Use LDAP"), !start)),
`Left(`RadioButton(`id(`ldapyes), `opt (`notify),
// radio button label
_("&Use LDAP"), start)),
@@ -304,12 +304,14 @@
// check box label
`Left (`CheckBox (`id(`ldaps), `opt (`notify), _("LDAP &TLS/SSL"), ldap_tls)),
// push button label
- `PushButton (`id(`import_cert), _("Download CA Certificate"))
+ `PushButton (`id(`import_cert), _("Do&wnload CA Certificate"))
),
`VSpacing (0.2)
), `HSpacing (0.5))),
autofs_con,
mkhomedir_term,
+ // check box label
+ `Left (`CheckBox (`id (`sssd_cache_credentials), _("SSSD O&ffline Authentication"), sssd_cache_credentials)),
`VSpacing(0.4),
// pushbutton label
`PushButton (`id(`advanced), _("&Advanced Configuration..."))
@@ -329,6 +331,7 @@
UI::ChangeWidget (`id(`server),`ValidChars, Address::ValidChars + " ");
UI::ChangeWidget (`id(`import_cert),`Enabled, ldap_tls);
+ UI::ChangeWidget (`id(`sssd_cache_credentials),`Enabled, Ldap::sssd);
symbol result = `not_next;
do {
@@ -341,7 +344,8 @@
server = (string) UI::QueryWidget(`id(`server), `Value);
ldap_tls = (boolean) UI::QueryWidget(`id(`ldaps), `Value);
mkhomedir = (boolean) UI::QueryWidget (`id(`mkhomedir),`Value);
-
+ sssd_cache_credentials =
+ (boolean) UI::QueryWidget (`id(`sssd_cache_credentials), `Value);
UI::ChangeWidget (`id(`import_cert), `Enabled, ldap_tls);
if (result == `slp)
@@ -501,7 +505,7 @@
}
}
- list<string> needed_packages = ["pam_ldap", "nss_ldap"];
+ list<string> needed_packages = Ldap::sssd ? Ldap::sssd_packages : Ldap::pam_nss_packages;
if (start && !Package::InstalledAll (needed_packages))
{
@@ -542,7 +546,8 @@
Ldap::server != server ||
Ldap::ldap_tls != ldap_tls || Ldap::_start_autofs != autofs ||
Ldap::login_enabled != login_enabled ||
- Ldap::mkhomedir != mkhomedir)
+ Ldap::mkhomedir != mkhomedir ||
+ Ldap::sssd_cache_credentials != sssd_cache_credentials)
{
if (result == `next)
{
@@ -597,6 +602,7 @@
Ldap::_start_autofs = autofs;
Ldap::login_enabled = login_enabled;
Ldap::mkhomedir = mkhomedir;
+ Ldap::sssd_cache_credentials = sssd_cache_credentials;
Ldap::modified = true;
}
}
@@ -698,6 +704,7 @@
boolean ldap_v2 = Ldap::ldap_v2;
string tls_cacertdir = Ldap::tls_cacertdir;
string tls_cacertfile = Ldap::tls_cacertfile;
+ boolean sssd = Ldap::sssd;
list<term>member_attributes = [
`item (`id("member"), "member", member_attribute == "member"),
@@ -818,6 +825,8 @@
term cont = `Top (`HBox(`HSpacing (5), `VBox(
`VSpacing(0.4),
+ `Left (`CheckBox (`id (`sssd), `opt (`notify), _("Use S&ystem Security Services Daemon (SSSD)"), sssd)),
+ `VSpacing(0.4),
// frame label
`Frame (_("Naming Contexts"), `HBox(
`HSpacing (1), `VBox(
@@ -868,7 +877,7 @@
`VSpacing(0.4),
`HBox (
`HWeight (1, `HBox (
- `InputField (`id (`tls_cacertdir), `opt (`hstretch), _("Certificate Directory"),
+ `InputField (`id (`tls_cacertdir), `opt (`hstretch), _("Cer&tificate Directory"),
tls_cacertdir
),
`VBox (
@@ -877,7 +886,7 @@
`PushButton (`id(`br_tls_cacertdir), _("B&rowse"))
)
)), `HWeight (1, `HBox (
- `InputField (`id (`tls_cacertfile), `opt (`hstretch), _("CA Certificate File"),
+ `InputField (`id (`tls_cacertfile), `opt (`hstretch), _("CA Cert&ificate File"),
tls_cacertfile
),
`VBox (
@@ -894,6 +903,10 @@
UI::ReplaceWidget (`tabContents, cont);
if (has_tabs)
UI::ChangeWidget (`id (`tabs), `CurrentItem, `client);
+
+ foreach (symbol ui, [ `nss_base_passwd, `nss_base_group, `nss_base_shadow, `br_passwd, `br_shadow, `br_group ], {
+ UI::ChangeWidget (`id (ui), `Enabled, UI::QueryWidget (`id (`sssd), `Value) == false);
+ });
}
define void set_admin_term () {
@@ -1049,6 +1062,13 @@
UI::ChangeWidget (`id(br2entry[result]:nil), `Value, dn);
}
}
+ if (result == `sssd)
+ {
+ sssd = (boolean) UI::QueryWidget (`id (`sssd), `Value);
+ foreach (symbol ui, [ `nss_base_passwd, `nss_base_group, `nss_base_shadow, `br_passwd, `br_shadow, `br_group ], {
+ UI::ChangeWidget (`id (ui), `Enabled, !sssd);
+ });
+ }
if (result == `br_tls_cacertdir)
{
string dir = UI::AskForExistingDirectory (tls_cacertdir, _("Choose the directory with certificates"));
@@ -1233,7 +1253,8 @@
Ldap::nss_base_shadow != nss_base_shadow ||
Ldap::ldap_v2 != ldap_v2 ||
Ldap::tls_cacertdir != tls_cacertdir ||
- Ldap::tls_cacertfile != tls_cacertfile
+ Ldap::tls_cacertfile != tls_cacertfile ||
+ Ldap::sssd != sssd
)
{
Ldap::bind_dn = bind_dn;
@@ -1248,6 +1269,7 @@
Ldap::ldap_v2 = ldap_v2;
Ldap::tls_cacertdir = tls_cacertdir;
Ldap::tls_cacertfile = tls_cacertfile;
+ Ldap::sssd = sssd;
Ldap::modified = true;
}
break;
Modified: trunk/ldap-client/testsuite/tests/Export.out
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-client/testsuite/tests/Export.out?rev=62970&r1=62969&r2=62970&view=diff
==============================================================================
--- trunk/ldap-client/testsuite/tests/Export.out (original)
+++ trunk/ldap-client/testsuite/tests/Export.out Tue Dec 7 16:45:14 2010
@@ -18,4 +18,4 @@
Read .passwd.passwd.pluslines ["+"]
Return true
Dump ============================================
-Return $["base_config_dn":"", "bind_dn":"uid=manager,dc=suse,dc=cz", "create_ldap":false, "file_server":false, "ldap_domain":"dc=suse,dc=cz", "ldap_server":"localhost", "ldap_tls":false, "ldap_v2":false, "login_enabled":true, "member_attribute":"member", "mkhomedir":true, "nss_base_group":"ou=group,dc=suse,dc=cz", "pam_password":"crypt", "start_autofs":false, "start_ldap":true, "tls_cacertdir":"/etc/openldap/cacerts/"]
+Return $["base_config_dn":"", "bind_dn":"uid=manager,dc=suse,dc=cz", "create_ldap":false, "file_server":false, "ldap_domain":"dc=suse,dc=cz", "ldap_server":"localhost", "ldap_tls":false, "ldap_v2":false, "login_enabled":true, "member_attribute":"member", "mkhomedir":true, "nss_base_group":"ou=group,dc=suse,dc=cz", "pam_password":"crypt", "sssd":false, "start_autofs":false, "start_ldap":true, "tls_cacertdir":"/etc/openldap/cacerts/"]
--
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org