URL: https://github.com/freeipa/freeipa/pull/5927 Author: tiran Title: #5927: Fix ldapupdate.get_sub_dict() for missing named user Action: opened
PR body: """ The named user may not be present when ipa-server-dns and bind are not installed. NAMED_UID and NAMED_GID constants are only used with local DNS support. Fixes: https://pagure.io/freeipa/issue/8936 Signed-off-by: Christian Heimes <chei...@redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5927/head:pr5927 git checkout pr5927
From 174975c56ccdcaa9fe11766aefae6f91e5ed3ed4 Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Tue, 27 Jul 2021 11:54:20 +0200 Subject: [PATCH] Fix ldapupdate.get_sub_dict() for missing named user The named user may not be present when ipa-server-dns and bind are not installed. NAMED_UID and NAMED_GID constants are only used with local DNS support. Fixes: https://pagure.io/freeipa/issue/8936 Signed-off-by: Christian Heimes <chei...@redhat.com> --- ipaserver/install/ldapupdate.py | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py index 822862d0b7b..9127271f2f9 100644 --- a/ipaserver/install/ldapupdate.py +++ b/ipaserver/install/ldapupdate.py @@ -64,7 +64,7 @@ def get_sub_dict(realm, domain, suffix, fqdn, idstart=None, idmax=None): idrange_size = idmax - idstart + 1 subid_base_rid = constants.SUBID_RANGE_START - idrange_size - return dict( + result = dict( REALM=realm, DOMAIN=domain, SUFFIX=suffix, @@ -99,11 +99,23 @@ def get_sub_dict(realm, domain, suffix, fqdn, idstart=None, idmax=None): DEFAULT_ADMIN_SHELL=platformconstants.DEFAULT_ADMIN_SHELL, SELINUX_USERMAP_DEFAULT=platformconstants.SELINUX_USERMAP_DEFAULT, SELINUX_USERMAP_ORDER=platformconstants.SELINUX_USERMAP_ORDER, - # uid / gid for autobind - NAMED_UID=platformconstants.NAMED_USER.uid, - NAMED_GID=platformconstants.NAMED_GROUP.gid, ) + # uid / gid for autobind + # user is only defined when ipa-server-dns and bind are installed + try: + named_uid = platformconstants.NAMED_USER.uid + named_gid = platformconstants.NAMED_GROUP.gid + except ValueError: + pass + else: + result.update( + NAMED_UID=named_uid, + NAMED_GID=named_gid, + ) + + return result + def connect(ldapi=False, realm=None, fqdn=None): """Create a connection for updates"""
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
