Author: rhafer Date: Thu Feb 28 11:13:47 2008 New Revision: 45097

URL: http://svn.opensuse.org/viewcvs/yast?rev=45097&view=rev Log: Check for existing "shadowAccount" Objects when enabling password policies and warn the user (bnc#364833)

Modified: branches/SuSE-SLE-10-SP1-Branch/ldap-server/VERSION branches/SuSE-SLE-10-SP1-Branch/ldap-server/package/yast2-ldap-server.changes branches/SuSE-SLE-10-SP1-Branch/ldap-server/src/tree_structure.ycp

Modified: branches/SuSE-SLE-10-SP1-Branch/ldap-server/VERSION URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-SLE-10-SP1-Branch/ldap-se... ============================================================================== --- branches/SuSE-SLE-10-SP1-Branch/ldap-server/VERSION (original) +++ branches/SuSE-SLE-10-SP1-Branch/ldap-server/VERSION Thu Feb 28 11:13:47 2008 @@ -1 +1 @@ -2.13.23 +2.13.24

Modified: branches/SuSE-SLE-10-SP1-Branch/ldap-server/package/yast2-ldap-server.changes URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-SLE-10-SP1-Branch/ldap-se... ============================================================================== --- branches/SuSE-SLE-10-SP1-Branch/ldap-server/package/yast2-ldap-server.changes (original) +++ branches/SuSE-SLE-10-SP1-Branch/ldap-server/package/yast2-ldap-server.changes Thu Feb 28 11:13:47 2008 @@ -1,4 +1,10 @@ ------------------------------------------------------------------- +Thu Feb 28 08:55:10 CET 2008 - rhafer@suse.de + +- Check for existing "shadowAccount" Objects when enabling password + policies and warn the user (bnc#364833) + +------------------------------------------------------------------- Wed Apr 11 10:50:25 CEST 2007 - rhafer@suse.de

- Keep Firewall-Settings when switching to configuration Dialog (Bug

Modified: branches/SuSE-SLE-10-SP1-Branch/ldap-server/src/tree_structure.ycp URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-SLE-10-SP1-Branch/ldap-se... ============================================================================== --- branches/SuSE-SLE-10-SP1-Branch/ldap-server/src/tree_structure.ycp (original) +++ branches/SuSE-SLE-10-SP1-Branch/ldap-server/src/tree_structure.ycp Thu Feb 28 11:13:47 2008 @@ -954,10 +954,42 @@

define boolean cb_input_db() ``{ - string suffix = current_tree_item; + string suffix = (string)widget_map[current_tree_item,"name"]:nil; y2milestone( "calling db input handler for suffix '%1'", suffix ); if ( handler_cmd == `cb_ppolicy_overlay ) { if ( UI::QueryWidget( `cb_ppolicy_overlay, `Value ) == true ) { + // Check if the Database has "shadowAccount" Objects and warn + // about possible conflicts + if ( (boolean) SCR::Execute(.ldap, + $[ "hostname":"localhost", "port": 389, "use_tls": "try" ] ) ) + { + y2milestone("checking for existing shadow account objects"); + list entries = (list)SCR::Read(.ldap.search, + $[ "base_dn" : suffix, + "filter" : "objectclass=shadowAccount", + "scope" : 2, + "attrsOnly" : true, + "attrs" : [], + "dn_only" : true ] ); + SCR::Execute(.ldap.unbind); + if ( size(entries) > 0 ) + { + if (! Popup::YesNo( _("The LDAP Database contains at least one "shadowAccount" object. +Using OpenLDAP's Password Policies and "shadowAccount" objects +together with pam_ldap can have unexpected effects, as they provide +overlapping functionality. +Do you really want to enable Password Policies?") ) ) + + { + UI::ChangeWidget( `cb_ppolicy_overlay, `Value, false ); + return true; + } + } else { + y2milestone("no shadow account objects found"); + } + } else { + y2milestone("failed to initialize LDAP connection while runnig ppolicy check"); + } UI::ChangeWidget( `cb_ppolicy_hashcleartext, `Enabled , true ); UI::ChangeWidget( `cb_ppolicy_uselockout, `Enabled , true ); UI::ChangeWidget( `te_ppolicy_defaultpolicy, `Enabled , true );