Re: [Freeipa-devel] [PATCH] 78 Use ldapi: instead of unsecured ldap: in ipa core tools.

Mon, 21 Feb 2011 14:45:52 -0800 

On 2/15/11 6:19 AM, "Pavel Zuna" <[email protected]> wrote:

>On 02/14/2011 04:56 PM, JR Aquino wrote:
>> On 2/10/11 2:42 AM, "Pavel Zuna"<[email protected]>  wrote:
>>
>>> On 02/08/2011 01:06 PM, Pavel Zuna wrote:
>>>> The patch also corrects exception handling in some of the tools.
>>>>
>>>> Fix #874
>>>>
>>>> Pavel
>>>>
>>>
>>> Updated patch attached. Forgot to rename an identifier in exception
>>> handling.
>>>
>>> Pavel
>>> _______________________________________________
>>> Freeipa-devel mailing list
>>> [email protected]
>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>
>> NACK
>>
>> It looks like LDAPUpdate calls may want to include ldapi=True?
>>
>> -=-
>> # ipa-nis-manage enable
>> Directory Manager password:
>>
>> Enabling plugin
>> Traceback (most recent call last):
>>    File "/usr/sbin/ipa-nis-manage", line 211, in<module>
>>      sys.exit(main())
>>    File "/usr/sbin/ipa-nis-manage", line 151, in main
>>      ld = LDAPUpdate(dm_password=dirman_password, sub_dict={})
>>    File 
>>"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
>> line 101, in __init__
>>      conn.do_simple_bind(bindpw=self.dm_password)
>>    File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line
>>350,
>> in do_simple_bind
>>      self.simple_bind_s(binddn, bindpw)
>>    File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line
>>204,
>> in inner
>>      return f(*args, **kargs)
>>    File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line
>>207,
>> in simple_bind_s
>>      return self.result(msgid,all=1,timeout=self.timeout)
>>    File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line
>>181,
>> in inner
>>      objtype, data = f(*args, **kargs)
>>    File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line
>>436,
>> in result
>>      res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
>>    File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line
>>204,
>> in inner
>>      return f(*args, **kargs)
>>    File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line
>>440,
>> in result2
>>      res_type, res_data, res_msgid, srv_ctrls =
>> self.result3(msgid,all,timeout)
>>    File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line
>>204,
>> in inner
>>      return f(*args, **kargs)
>>    File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line
>>446,
>> in result3
>>      ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout)
>>    File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line
>>204,
>> in inner
>>      return f(*args, **kargs)
>>    File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line
>>96,
>> in _ldap_call
>>      result = func(*args,**kwargs)
>> ldap.UNWILLING_TO_PERFORM: {'info': 'Minimum SSF not met.', 'desc':
>> 'Server is unwilling to perform'}
>>
>
>I can't reproduce this. :-/
>
>For me it goes fine:
>
>[root@ipadev tools]# ./ipa-nis-manage enable
>Directory Manager password:
>
>Enabling plugin
>This setting will not take effect until you restart Directory Server.
>The rpcbind service may need to be started.
>
>
>Pavel

To reproduce this, you must have minssf set in the dse.ldif on the ipa
server.

The highest number you can put in is: 56 due to some oddities with how
SASL communicates bit strength.

>


_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to