Script 'mail_helper' called by ro Hello packager, This is just FYI. Your package was checked in in distribution "sle12" by autobuild-member: ro. Here comes the log... ---------------------------%<------------------------------ Hi, here is the log from ci_new_pac /mounts/work_src_done/SLE12/yast2-auth-server -> sle12 Changes: -------- --- /work/SRC/SUSE:SLE-12:GA/yast2-auth-server/yast2-auth-server.changes 2014-02-14 14:03:06.000000000 +0100 +++ /mounts/work_src_done/SLE12/yast2-auth-server/yast2-auth-server.changes 2014-03-14 00:20:27.000000000 +0100 @@ -1,0 +2,8 @@ +Thu Mar 13 15:41:40 UTC 2014 - ckornacker@suse.com + +- kerberos: use ldapi for communication +- add SUSE objects to the database +- fix LDAP ACLs +- 3.1.5 + +------------------------------------------------------------------- @@ -12,0 +21,2 @@ + +------------------------------------------------------------------- calling whatdependson for sle12-i586 Packages directly triggered for rebuild: - yast2-auth-server - yast2-mail - yast2-schema ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/SUSE:SLE-12:GA/yast2-auth-server (Old) and /mounts/work_src_done/SLE12/yast2-auth-server (BS:build ID:34360 MAIL:yast-commit@opensuse.org) (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "yast2-auth-server", Maintainer is "yast-commit@opensuse.org" Old: ---- yast2-auth-server-3.1.4.tar.bz2 New: ---- yast2-auth-server-3.1.5.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2-auth-server.spec ++++++ --- /var/tmp/diff_new_pack.gR57Rw/_old 2014-03-14 11:49:37.000000000 +0100 +++ /var/tmp/diff_new_pack.gR57Rw/_new 2014-03-14 11:49:37.000000000 +0100 @@ -17,7 +17,7 @@ Name: yast2-auth-server -Version: 3.1.4 +Version: 3.1.5 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build ++++++ yast2-auth-server-3.1.4.tar.bz2 -> yast2-auth-server-3.1.5.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-server-3.1.4/package/yast2-auth-server.changes new/yast2-auth-server-3.1.5/package/yast2-auth-server.changes --- old/yast2-auth-server-3.1.4/package/yast2-auth-server.changes 2014-02-14 13:30:14.000000000 +0100 +++ new/yast2-auth-server-3.1.5/package/yast2-auth-server.changes 2014-03-14 00:15:24.000000000 +0100 @@ -1,4 +1,12 @@ ------------------------------------------------------------------- +Thu Mar 13 15:41:40 UTC 2014 - ckornacker@suse.com + +- kerberos: use ldapi for communication +- add SUSE objects to the database +- fix LDAP ACLs +- 3.1.5 + +------------------------------------------------------------------- Fri Feb 14 10:39:49 UTC 2014 - ckornacker@suse.com - adapt to ldap.conf SCR agent namechange @@ -11,6 +19,8 @@ - rename ldap-server.rnc autoyast profile to auth-server.rnc - replace deprecated Service calls +------------------------------------------------------------------- + Fri Jan 31 23:44:25 UTC 2014 - varkoly@suse.com - Fix the requirement yast2-ldap-client -> yast2-ldap diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-server-3.1.4/package/yast2-auth-server.spec new/yast2-auth-server-3.1.5/package/yast2-auth-server.spec --- old/yast2-auth-server-3.1.4/package/yast2-auth-server.spec 2014-02-14 13:30:14.000000000 +0100 +++ new/yast2-auth-server-3.1.5/package/yast2-auth-server.spec 2014-03-14 00:15:24.000000000 +0100 @@ -17,7 +17,7 @@ Name: yast2-auth-server -Version: 3.1.4 +Version: 3.1.5 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-server-3.1.4/src/modules/AuthServer.pm new/yast2-auth-server-3.1.5/src/modules/AuthServer.pm --- old/yast2-auth-server-3.1.4/src/modules/AuthServer.pm 2014-02-14 13:30:14.000000000 +0100 +++ new/yast2-auth-server-3.1.5/src/modules/AuthServer.pm 2014-03-14 00:15:24.000000000 +0100 @@ -67,6 +67,70 @@ my $ldapi_interfaces = ""; my $ldaps_interfaces = ""; my $ldap_interfaces = ""; + +my $suseObjects = [ + {"ou=group" => { + "objectClass" => [ "organizationalUnit", "top" ], + "ou" => "group" + }}, + {"ou=people" => { + "objectClass" => [ "organizationalUnit", "top" ], + "ou" => "people" + }}, + {"ou=ldapconfig" => { + "objectClass" => [ "organizationalUnit", "top" ], + "ou" => "ldapconfig" + }}, + {"cn=userconfiguration,ou=ldapconfig" => { + "objectClass" => [ + "top", + "suseModuleConfiguration", + "suseUserConfiguration" + ], + "suseSearchFilter" => ["objectClass=posixAccount"], + "susePasswordHash" => ["SSHA"], + "suseSkelDir" => ["/etc/skel"], + "suseMinUniqueId" => ["1000"], + "suseNextUniqueId" => ["1000"], + "suseMaxUniqueId" => ["60000"], + "suseMinPasswordLength" => ["5"], + "suseMaxPasswordLength" => ["8"] + }}, + {"cn=groupconfiguration,ou=ldapconfig" => { + "objectClass" => [ + "top", + "suseModuleConfiguration", + "suseGroupConfiguration" + ], + "suseSearchFilter" => ["objectClass=posixGroup"], + "suseMinUniqueId" => ["1000"], + "suseNextUniqueId" => ["1000"], + "suseMaxUniqueId" => ["60000"] + }}, + {"cn=usertemplate,ou=ldapconfig" => { + "objectClass" => [ + "top", + "suseObjectTemplate", + "suseUserTemplate" + ], + "suseNamingAttribute" => ["uid"], + "suseDefaultValue" => [ + "homeDirectory=/home/%uid", + "loginShell=/bin/bash" + ], + "susePlugin" => ["UsersPluginLDAPAll"] + }}, + {"cn=grouptemplate,ou=ldapconfig" => { + "objectClass" => [ + "top", + "suseObjectTemplate", + "suseGroupTemplate" + ], + "suseNamingAttribute" => ["cn"], + "susePlugin" => ["UsersPluginLDAPAll"] + }} +]; + my $defaultDbAcls = [ { 'target' => { @@ -722,19 +786,7 @@ { my $self = shift; - if ( $self->ReadProtocolListenerEnabled("ldaps") ) - { - $self->WriteKerberosLdapDBvalue("ldap_servers", "ldaps://"); - } - elsif ( $self->ReadProtocolListenerEnabled("ldapi") ) - { - $self->WriteKerberosLdapDBvalue("ldap_servers", "ldapi://"); - } - elsif ( $self->ReadProtocolListenerEnabled("ldap") ) - { - $self->WriteKerberosLdapDBvalue("ldap_servers", "ldap://"); - } - + $self->WriteKerberosLdapDBvalue("ldap_servers", "ldapi://"); $self->WriteKerberosLdapDBvalue("ldap_kerberos_container_dn", "cn=krbContainer,".$dbDefaults{'suffix'}); $self->WriteKerberosLdapDBvalue("ldap_kdc_dn", $dbDefaults{'rootdn'}); $self->WriteKerberosLdapDBvalue("ldap_kadmind_dn", $dbDefaults{'rootdn'}); @@ -1170,6 +1222,42 @@ return 1; } +sub CreateSUSEObjects() +{ + my $self = shift; + my $ldapERR; + my $useKerberos = $self->ReadKerberosEnabled(); + + foreach my $db (@added_databases ) + { + y2milestone("creating SUSE objects for ". $db ); + + my $db_auth = $self->ReadAuthInfo( $db ); + if (! SCR->Execute(".ldap.bind", {"bind_dn" => $db_auth->{'bind_dn'}, + "bind_pw" => $db_auth->{'bind_pw'}}) ) { + $ldapERR = SCR->Read(".ldap.error"); + y2error( "LDAP bind failed" ); + y2error( $ldapERR->{'code'}." : ".$ldapERR->{'msg'}); + return 0; + } + + foreach my $object (@{$suseObjects}) + { + my ($key, $value) = each(%$object); + if ($key =~ /cn=usertemplate/ && $useKerberos) + { + push (@{$value->{'susePlugin'}}, 'UsersPluginKerberos'); + } + if (! SCR->Write(".ldap.add", { dn => "$key,$db" } , $value)) { + $ldapERR = SCR->Read(".ldap.error"); + y2error("Can not add $key entry."); + y2error( $ldapERR->{'code'}." : ".$ldapERR->{'msg'}); + } + } + } + return; +} + sub CreateBaseObjects() { my $self = shift; @@ -1641,6 +1729,7 @@ SCR->Write(".ldap_conf", "force" ); } $self->CreateBaseObjects(); + $self->CreateSUSEObjects(); if ( $setupSyncreplMaster ) { $self->CreateSyncReplAccount(); @@ -1834,6 +1923,7 @@ Progress->Finish(); return 0; } + $self->CreateSUSEObjects(); Progress->NextStage(); if ( ! $self->CreatePpolicyObjects() ) { @@ -2817,11 +2907,12 @@ # add default ACLs $rc = SCR->Write(".ldapserver.database.{-1}.acl", $defaultGlobalAcls ); - $rc = SCR->Write(".ldapserver.database.{1}.acl", $defaultDbAcls ); if ( $self->ReadKerberosEnabled() ) { - $rc = SCR->Write(".ldapserver.database.{1}.acl", $krb5acl ); - } + $rc = SCR->Write(".ldapserver.database.{1}.acl", [ @$krb5acl, @$defaultDbAcls] ); + } else { + $rc = SCR->Write(".ldapserver.database.{1}.acl", $defaultDbAcls ); + } push @added_databases, $dbDefaults{'suffix'}; $self->WriteAuthInfo( $dbDefaults{'suffix'}, { bind_dn => $dbDefaults{'rootdn'}, continue with "q"... Checked in at Fri Mar 14 11:49:49 CET 2014 by ro Remember to have fun... -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org