Re: [Freeipa-devel] [PATCH] ipa-client-install with --no-sssd option should check for nss_ldap
Ondrej Hamada wrote:
On 12/02/2011 04:16 PM, Rob Crittenden wrote:
Ondrej Hamada wrote:
On 11/29/2011 10:33 PM, Rob Crittenden wrote:
Ondrej Hamada wrote:
On 11/11/2011 02:55 PM, Ondrej Hamada wrote:
https://fedorahosted.org/freeipa/ticket/2063
In order to check presence of nss_ldap when installing client with
'--no-sssd' option there was added code into ipa-client-install.
Check
is base on existence of nss_ldap configuration files. This
configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or
'/etc/libnss_ldap.conf'. Presence of any of these files is considered
as success otherwise failure.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
I've rewritten it. Additionally it checks for existence of
nss-pam-ldapd
and makes the results reusable by configure_{ldap|nslcd}_conf()
functions.
https://fedorahosted.org/freeipa/ticket/2063
In order to check presence of nss_ldap or nss-pam-ldapd when
installing
client
with '--no-sssd' option there was added code into ipa-client-install.
Checking is based on existence of nss_ldap configuration files. This
configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or
'/etc/libnss_ldap.conf'. Optionaly the nss_ldap could cooperate with
pam_ldap
module and hence the presence of it is checked by looking for
'pam_ldap.conf' file.
Existence of nss-pam-ldapd is checked against existence of
'nslcd.conf'
file.
All this checking is done by function nssldap_exists().
Because both main modules are maintained by two different
functions, the
function
returns tuple containing return code and dictionary structure - its
key
is name
of target function and value is list of existing configuration files.
Files to check are specified inside the nssldap_exists() function.
In order to fit the returned values, the functions
configure_{ldap|nslcd}_conf()
were slightly modified. They accept one more parameter which is
list of
existing files.
They are not checking existence of above mentioned files anymore.
The patch looks good, just a couple of issues.
1. In the nslcd configurator you add ''.join(files). Did you mean
','.join(files)?
2. The commit message lines wrap making it difficult to read. Can you
limit the lines to ~70 chars per line?
3. I think the message printed when neither package is available can
be simplified to:
One of these packages must be installed: nss_ldap or nss-pam-ldapd
It needs a rebase too.
rob
corrected, corrected, changed, rebased
In order to check presence of nss_ldap or nss-pam-ldapd when
installing client with '--no-sssd' option there was added
code intoipa-client-install. Checking is based on existence
of one of nss_ldap configuration files. This configuration
could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or
'/etc/libnss_ldap.conf'. Optionaly the nss_ldap could
cooperate with pam_ldap module and hence the presence of it
is checked by looking for 'pam_ldap.conf' file. Existence
of nss-pam-ldapd is checked against existence of
'nslcd.conf' file. All this checking is done by function
nssldap_exists(). Because both modules are maintained by
two different functions, the function returns tuple
containing return code and dictionary structure - its
key is name of target function and value is list of
existing configuration files. Files to check are specified
inside the nssldap_exists() function.
In order to fit the returned values, the functions
configure_{ldap|nslcd}_conf() were slightly modified. They
accept one more parameter which is list of existing files.
They are not checking existence of above mentioned
files anymore.
https://fedorahosted.org/freeipa/ticket/2063
Can you add a block header to nssldap_exists()? I think in particular
you need explain that it returns 1 and 0 because that value can
eventually be the return value of the installer itself (normally an
exists would return True/False).
I've changed it to return True/False and added comment
Seeing a traceback:
# ipa-client-install --no-sssd
[ snip ]
Enrolled in IPA realm EXAMPLE.COM
Created /etc/ipa/default.conf
Configured /etc/krb5.conf for IPA realm EXAMPLE.COM
LDAP enabled
Kerberos 5 enabled
Traceback (most recent call last):
File "/usr/sbin/ipa-client-install", line 1294, in
sys.exit(main())
File "/usr/sbin/ipa-client-install", line 1281, in main
rval = install(options, env, fstore, statestore)
File "/usr/sbin/ipa-client-install", line 1211, in install
(retcode, conf, filename) = configurer(fstore, cli_basedn, cli_realm,
cli_domain, cli_server, dnsok, options)
TypeError: configure_ldap_conf() takes exactly 8 arguments (7 given)
rob
corrected
ack, pushed to master
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] ipa-client-install with --no-sssd option should check for nss_ldap
On 12/02/2011 04:16 PM, Rob Crittenden wrote:
Ondrej Hamada wrote:
On 11/29/2011 10:33 PM, Rob Crittenden wrote:
Ondrej Hamada wrote:
On 11/11/2011 02:55 PM, Ondrej Hamada wrote:
https://fedorahosted.org/freeipa/ticket/2063
In order to check presence of nss_ldap when installing client with
'--no-sssd' option there was added code into ipa-client-install.
Check
is base on existence of nss_ldap configuration files. This
configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or
'/etc/libnss_ldap.conf'. Presence of any of these files is considered
as success otherwise failure.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
I've rewritten it. Additionally it checks for existence of
nss-pam-ldapd
and makes the results reusable by configure_{ldap|nslcd}_conf()
functions.
https://fedorahosted.org/freeipa/ticket/2063
In order to check presence of nss_ldap or nss-pam-ldapd when
installing
client
with '--no-sssd' option there was added code into ipa-client-install.
Checking is based on existence of nss_ldap configuration files. This
configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or
'/etc/libnss_ldap.conf'. Optionaly the nss_ldap could cooperate with
pam_ldap
module and hence the presence of it is checked by looking for
'pam_ldap.conf' file.
Existence of nss-pam-ldapd is checked against existence of
'nslcd.conf'
file.
All this checking is done by function nssldap_exists().
Because both main modules are maintained by two different
functions, the
function
returns tuple containing return code and dictionary structure - its
key
is name
of target function and value is list of existing configuration files.
Files to check are specified inside the nssldap_exists() function.
In order to fit the returned values, the functions
configure_{ldap|nslcd}_conf()
were slightly modified. They accept one more parameter which is
list of
existing files.
They are not checking existence of above mentioned files anymore.
The patch looks good, just a couple of issues.
1. In the nslcd configurator you add ''.join(files). Did you mean
','.join(files)?
2. The commit message lines wrap making it difficult to read. Can you
limit the lines to ~70 chars per line?
3. I think the message printed when neither package is available can
be simplified to:
One of these packages must be installed: nss_ldap or nss-pam-ldapd
It needs a rebase too.
rob
corrected, corrected, changed, rebased
In order to check presence of nss_ldap or nss-pam-ldapd when
installing client with '--no-sssd' option there was added
code intoipa-client-install. Checking is based on existence
of one of nss_ldap configuration files. This configuration
could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or
'/etc/libnss_ldap.conf'. Optionaly the nss_ldap could
cooperate with pam_ldap module and hence the presence of it
is checked by looking for 'pam_ldap.conf' file. Existence
of nss-pam-ldapd is checked against existence of
'nslcd.conf' file. All this checking is done by function
nssldap_exists(). Because both modules are maintained by
two different functions, the function returns tuple
containing return code and dictionary structure - its
key is name of target function and value is list of
existing configuration files. Files to check are specified
inside the nssldap_exists() function.
In order to fit the returned values, the functions
configure_{ldap|nslcd}_conf() were slightly modified. They
accept one more parameter which is list of existing files.
They are not checking existence of above mentioned
files anymore.
https://fedorahosted.org/freeipa/ticket/2063
Can you add a block header to nssldap_exists()? I think in particular
you need explain that it returns 1 and 0 because that value can
eventually be the return value of the installer itself (normally an
exists would return True/False).
I've changed it to return True/False and added comment
Seeing a traceback:
# ipa-client-install --no-sssd
[ snip ]
Enrolled in IPA realm EXAMPLE.COM
Created /etc/ipa/default.conf
Configured /etc/krb5.conf for IPA realm EXAMPLE.COM
LDAP enabled
Kerberos 5 enabled
Traceback (most recent call last):
File "/usr/sbin/ipa-client-install", line 1294, in
sys.exit(main())
File "/usr/sbin/ipa-client-install", line 1281, in main
rval = install(options, env, fstore, statestore)
File "/usr/sbin/ipa-client-install", line 1211, in install
(retcode, conf, filename) = configurer(fstore, cli_basedn,
cli_realm, cli_domain, cli_server, dnsok, options)
TypeError: configure_ldap_conf() takes exactly 8 arguments (7 given)
rob
corrected
--
Regards,
Ondrej Hamada
FreeIPA team
jabber: oh...@jabbim.cz
IRC: ohamada
From 988f22f934aa67ee1c5065103f3ea4cefe9fd5d8 Mon Sep 17 00:00:00 2001
From: Ondrej Hamada
Date: Mon, 5 Dec 2011 10:19:10 +0100
Subject: [PATCH] Client install checks for nss_ldap
In order to check presence of nss_
Re: [Freeipa-devel] [PATCH] ipa-client-install with --no-sssd option should check for nss_ldap
Ondrej Hamada wrote:
On 11/29/2011 10:33 PM, Rob Crittenden wrote:
Ondrej Hamada wrote:
On 11/11/2011 02:55 PM, Ondrej Hamada wrote:
https://fedorahosted.org/freeipa/ticket/2063
In order to check presence of nss_ldap when installing client with
'--no-sssd' option there was added code into ipa-client-install. Check
is base on existence of nss_ldap configuration files. This
configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or
'/etc/libnss_ldap.conf'. Presence of any of these files is considered
as success otherwise failure.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
I've rewritten it. Additionally it checks for existence of nss-pam-ldapd
and makes the results reusable by configure_{ldap|nslcd}_conf()
functions.
https://fedorahosted.org/freeipa/ticket/2063
In order to check presence of nss_ldap or nss-pam-ldapd when installing
client
with '--no-sssd' option there was added code into ipa-client-install.
Checking is based on existence of nss_ldap configuration files. This
configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or
'/etc/libnss_ldap.conf'. Optionaly the nss_ldap could cooperate with
pam_ldap
module and hence the presence of it is checked by looking for
'pam_ldap.conf' file.
Existence of nss-pam-ldapd is checked against existence of 'nslcd.conf'
file.
All this checking is done by function nssldap_exists().
Because both main modules are maintained by two different functions, the
function
returns tuple containing return code and dictionary structure - its key
is name
of target function and value is list of existing configuration files.
Files to check are specified inside the nssldap_exists() function.
In order to fit the returned values, the functions
configure_{ldap|nslcd}_conf()
were slightly modified. They accept one more parameter which is list of
existing files.
They are not checking existence of above mentioned files anymore.
The patch looks good, just a couple of issues.
1. In the nslcd configurator you add ''.join(files). Did you mean
','.join(files)?
2. The commit message lines wrap making it difficult to read. Can you
limit the lines to ~70 chars per line?
3. I think the message printed when neither package is available can
be simplified to:
One of these packages must be installed: nss_ldap or nss-pam-ldapd
It needs a rebase too.
rob
corrected, corrected, changed, rebased
In order to check presence of nss_ldap or nss-pam-ldapd when
installing client with '--no-sssd' option there was added
code intoipa-client-install. Checking is based on existence
of one of nss_ldap configuration files. This configuration
could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or
'/etc/libnss_ldap.conf'. Optionaly the nss_ldap could
cooperate with pam_ldap module and hence the presence of it
is checked by looking for 'pam_ldap.conf' file. Existence
of nss-pam-ldapd is checked against existence of
'nslcd.conf' file. All this checking is done by function
nssldap_exists(). Because both modules are maintained by
two different functions, the function returns tuple
containing return code and dictionary structure - its
key is name of target function and value is list of
existing configuration files. Files to check are specified
inside the nssldap_exists() function.
In order to fit the returned values, the functions
configure_{ldap|nslcd}_conf() were slightly modified. They
accept one more parameter which is list of existing files.
They are not checking existence of above mentioned
files anymore.
https://fedorahosted.org/freeipa/ticket/2063
Can you add a block header to nssldap_exists()? I think in particular
you need explain that it returns 1 and 0 because that value can
eventually be the return value of the installer itself (normally an
exists would return True/False).
Seeing a traceback:
# ipa-client-install --no-sssd
[ snip ]
Enrolled in IPA realm EXAMPLE.COM
Created /etc/ipa/default.conf
Configured /etc/krb5.conf for IPA realm EXAMPLE.COM
LDAP enabled
Kerberos 5 enabled
Traceback (most recent call last):
File "/usr/sbin/ipa-client-install", line 1294, in
sys.exit(main())
File "/usr/sbin/ipa-client-install", line 1281, in main
rval = install(options, env, fstore, statestore)
File "/usr/sbin/ipa-client-install", line 1211, in install
(retcode, conf, filename) = configurer(fstore, cli_basedn,
cli_realm, cli_domain, cli_server, dnsok, options)
TypeError: configure_ldap_conf() takes exactly 8 arguments (7 given)
rob
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] ipa-client-install with --no-sssd option should check for nss_ldap
On 11/29/2011 10:33 PM, Rob Crittenden wrote:
Ondrej Hamada wrote:
On 11/11/2011 02:55 PM, Ondrej Hamada wrote:
https://fedorahosted.org/freeipa/ticket/2063
In order to check presence of nss_ldap when installing client with
'--no-sssd' option there was added code into ipa-client-install. Check
is base on existence of nss_ldap configuration files. This
configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or
'/etc/libnss_ldap.conf'. Presence of any of these files is considered
as success otherwise failure.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
I've rewritten it. Additionally it checks for existence of nss-pam-ldapd
and makes the results reusable by configure_{ldap|nslcd}_conf()
functions.
https://fedorahosted.org/freeipa/ticket/2063
In order to check presence of nss_ldap or nss-pam-ldapd when installing
client
with '--no-sssd' option there was added code into ipa-client-install.
Checking is based on existence of nss_ldap configuration files. This
configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or
'/etc/libnss_ldap.conf'. Optionaly the nss_ldap could cooperate with
pam_ldap
module and hence the presence of it is checked by looking for
'pam_ldap.conf' file.
Existence of nss-pam-ldapd is checked against existence of 'nslcd.conf'
file.
All this checking is done by function nssldap_exists().
Because both main modules are maintained by two different functions, the
function
returns tuple containing return code and dictionary structure - its key
is name
of target function and value is list of existing configuration files.
Files to check are specified inside the nssldap_exists() function.
In order to fit the returned values, the functions
configure_{ldap|nslcd}_conf()
were slightly modified. They accept one more parameter which is list of
existing files.
They are not checking existence of above mentioned files anymore.
The patch looks good, just a couple of issues.
1. In the nslcd configurator you add ''.join(files). Did you mean
','.join(files)?
2. The commit message lines wrap making it difficult to read. Can you
limit the lines to ~70 chars per line?
3. I think the message printed when neither package is available can
be simplified to:
One of these packages must be installed: nss_ldap or nss-pam-ldapd
It needs a rebase too.
rob
corrected, corrected, changed, rebased
In order to check presence of nss_ldap or nss-pam-ldapd when
installing client with '--no-sssd' option there was added
code intoipa-client-install. Checking is based on existence
of one of nss_ldap configuration files. This configuration
could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or
'/etc/libnss_ldap.conf'. Optionaly the nss_ldap could
cooperate with pam_ldap module and hence the presence of it
is checked by looking for 'pam_ldap.conf' file. Existence
of nss-pam-ldapd is checked against existence of
'nslcd.conf' file. All this checking is done by function
nssldap_exists(). Because both modules are maintained by
two different functions, the function returns tuple
containing return code and dictionary structure - its
key is name of target function and value is list of
existing configuration files. Files to check are specified
inside the nssldap_exists() function.
In order to fit the returned values, the functions
configure_{ldap|nslcd}_conf() were slightly modified. They
accept one more parameter which is list of existing files.
They are not checking existence of above mentioned
files anymore.
https://fedorahosted.org/freeipa/ticket/2063
--
Regards,
Ondrej Hamada
FreeIPA team
jabber: oh...@jabbim.cz
IRC: ohamada
From e855cf4a544ba9b3fd69df3d5d5837dab005ee12 Mon Sep 17 00:00:00 2001
From: Ondrej Hamada
Date: Thu, 1 Dec 2011 13:03:34 +0100
Subject: [PATCH] Client install checks for nss_ldap
In order to check presence of nss_ldap or nss-pam-ldapd when
installing client with '--no-sssd' option there was added
code intoipa-client-install. Checking is based on existence
of one of nss_ldap configuration files. This configuration
could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or
'/etc/libnss_ldap.conf'. Optionaly the nss_ldap could
cooperate with pam_ldap module and hence the presence of it
is checked by looking for 'pam_ldap.conf' file. Existence
of nss-pam-ldapd is checked against existence of
'nslcd.conf' file. All this checking is done by function
nssldap_exists(). Because both modules are maintained by
two different functions, the function returns tuple
containing return code and dictionary structure - its
key is name of target function and value is list of
existing configuration files. Files to check are specified
inside the nssldap_exists() function.
In order to fit the returned values, the functions
configure_{ldap|nslcd}_conf() were slightly modified. They
accept one more parameter which is list of existing files.
They are not checking existence of above mentioned
Re: [Freeipa-devel] [PATCH] ipa-client-install with --no-sssd option should check for nss_ldap
Ondrej Hamada wrote:
On 11/11/2011 02:55 PM, Ondrej Hamada wrote:
https://fedorahosted.org/freeipa/ticket/2063
In order to check presence of nss_ldap when installing client with
'--no-sssd' option there was added code into ipa-client-install. Check
is base on existence of nss_ldap configuration files. This
configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or
'/etc/libnss_ldap.conf'. Presence of any of these files is considered
as success otherwise failure.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
I've rewritten it. Additionally it checks for existence of nss-pam-ldapd
and makes the results reusable by configure_{ldap|nslcd}_conf() functions.
https://fedorahosted.org/freeipa/ticket/2063
In order to check presence of nss_ldap or nss-pam-ldapd when installing
client
with '--no-sssd' option there was added code into ipa-client-install.
Checking is based on existence of nss_ldap configuration files. This
configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or
'/etc/libnss_ldap.conf'. Optionaly the nss_ldap could cooperate with
pam_ldap
module and hence the presence of it is checked by looking for
'pam_ldap.conf' file.
Existence of nss-pam-ldapd is checked against existence of 'nslcd.conf'
file.
All this checking is done by function nssldap_exists().
Because both main modules are maintained by two different functions, the
function
returns tuple containing return code and dictionary structure - its key
is name
of target function and value is list of existing configuration files.
Files to check are specified inside the nssldap_exists() function.
In order to fit the returned values, the functions
configure_{ldap|nslcd}_conf()
were slightly modified. They accept one more parameter which is list of
existing files.
They are not checking existence of above mentioned files anymore.
The patch looks good, just a couple of issues.
1. In the nslcd configurator you add ''.join(files). Did you mean
','.join(files)?
2. The commit message lines wrap making it difficult to read. Can you
limit the lines to ~70 chars per line?
3. I think the message printed when neither package is available can be
simplified to:
One of these packages must be installed: nss_ldap or nss-pam-ldapd
It needs a rebase too.
rob
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] ipa-client-install with --no-sssd option should check for nss_ldap
On 11/11/2011 02:55 PM, Ondrej Hamada wrote:
https://fedorahosted.org/freeipa/ticket/2063
In order to check presence of nss_ldap when installing client with
'--no-sssd' option there was added code into ipa-client-install. Check
is base on existence of nss_ldap configuration files. This
configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or
'/etc/libnss_ldap.conf'. Presence of any of these files is considered
as success otherwise failure.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
I've rewritten it. Additionally it checks for existence of nss-pam-ldapd
and makes the results reusable by configure_{ldap|nslcd}_conf() functions.
https://fedorahosted.org/freeipa/ticket/2063
In order to check presence of nss_ldap or nss-pam-ldapd when installing
client
with '--no-sssd' option there was added code into ipa-client-install.
Checking is based on existence of nss_ldap configuration files. This
configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or
'/etc/libnss_ldap.conf'. Optionaly the nss_ldap could cooperate with
pam_ldap
module and hence the presence of it is checked by looking for
'pam_ldap.conf' file.
Existence of nss-pam-ldapd is checked against existence of 'nslcd.conf'
file.
All this checking is done by function nssldap_exists().
Because both main modules are maintained by two different functions, the
function
returns tuple containing return code and dictionary structure - its key
is name
of target function and value is list of existing configuration files.
Files to check are specified inside the nssldap_exists() function.
In order to fit the returned values, the functions
configure_{ldap|nslcd}_conf()
were slightly modified. They accept one more parameter which is list of
existing files.
They are not checking existence of above mentioned files anymore.
--
Regards,
Ondrej Hamada
FreeIPA team
jabber: oh...@jabbim.cz
IRC: ohamada
From 82483a006bd99ce4d021b7b93ab7e828cb788c7a Mon Sep 17 00:00:00 2001
From: Ondrej Hamada
Date: Mon, 14 Nov 2011 16:45:36 +0100
Subject: [PATCH] Client install checks for nss_ldap
In order to check presence of nss_ldap or nss-pam-ldapd when installing client
with '--no-sssd' option there was added code into ipa-client-install.
Checking is based on existence of nss_ldap configuration files. This
configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or
'/etc/libnss_ldap.conf'. Optionaly the nss_ldap could cooperate with pam_ldap
module and hence the presence of it is checked by looking for 'pam_ldap.conf' file.
Existence of nss-pam-ldapd is checked against existence of 'nslcd.conf' file.
All this checking is done by function nssldap_exists().
Because both main modules are maintained by two different functions, the function
returns tuple containing return code and dictionary structure - its key is name
of target function and value is list of existing configuration files.
Files to check are specified inside the nssldap_exists() function.
In order to fit the returned values, the functions configure_{ldap|nslcd}_conf()
were slightly modified. They accept one more parameter which is list of existing files.
They are not checking existence of above mentioned files anymore.
https://fedorahosted.org/freeipa/ticket/2063
---
ipa-client/ipa-install/ipa-client-install | 60 -
1 files changed, 42 insertions(+), 18 deletions(-)
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index cdea6dbe6fbbdca608ad8e858cf9fa042f7de9d1..65537da21890365e29370f9af76edf93317b5154 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -402,6 +402,26 @@ def uninstall(options, env, quiet=False):
return 0
+def nssldap_exists():
+files_to_check = [{'function':'configure_ldap_conf', 'mandatory':['/etc/ldap.conf','/etc/nss_ldap.conf','/etc/libnss-ldap.conf'], 'optional':['/etc/pam_ldap.conf']},
+ {'function':'configure_nslcd_conf', 'mandatory':['/etc/nslcd.conf']}]
+files_found = {}
+retval = 1
+
+for function in files_to_check:
+files_found[function['function']]=[]
+for file_type in ['mandatory','optional']:
+try:
+for filename in function[file_type]:
+if file_exists(filename):
+files_found[function['function']].append(filename)
+if file_type == 'mandatory':
+retval = 0
+except KeyError:
+pass
+
+return (retval, files_found)
+
def configure_ipa_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server):
ipaconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer")
ipaconf.setOptionAssignment(" = ")
@@ -428,7 +448,7 @@ def configure_ipa_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_
Re: [Freeipa-devel] [PATCH] ipa-client-install with --no-sssd option should check for nss_ldap
On 11/11/2011 11:35 AM, Ondrej Hamada wrote:
> On 11/11/2011 03:25 PM, Alexander Bokovoy wrote:
>> On Fri, 11 Nov 2011, Rob Crittenden wrote:
>>> Ondrej Hamada wrote:
https://fedorahosted.org/freeipa/ticket/2063
In order to check presence of nss_ldap when installing client with
'--no-sssd' option there was added code into ipa-client-install. Check
is base on existence of nss_ldap configuration files. This
configuration
could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or
'/etc/libnss_ldap.conf'. Presence of any of these files is
considered as
success otherwise failure.
>>> I think we should check for nslcd.conf as well and report that
>>> neither nss-ldap nor nss-pam-ldapd are installed.
>> We have already code in configure_ldap_config() and
>> configure_nslcd_conf that checks all these different files and after
>> configuration reports what was configured.
>>
>> I would rather did a commonalization of detection instead of
>> duplicating the code. We can re-use result of detecting what exists
>> later in configure_{ldap,nslcd}_config().
>>
> I'll do it, but I have question:
> configure_ldap_config() also checks whether file 'pam_ldap.conf'
> exists. Is installed pam_ldap package without nss_ldap enough to allow
> ipa-client installation with --no-sssd option?
>
pam-ldap by itself is not enough. There should be something for nss. But
there are different combinations of packages depending upon RHEL version.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
---
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] ipa-client-install with --no-sssd option should check for nss_ldap
On Fri, 11 Nov 2011, Ondrej Hamada wrote:
> >>I think we should check for nslcd.conf as well and report that
> >>neither nss-ldap nor nss-pam-ldapd are installed.
> >We have already code in configure_ldap_config() and
> >configure_nslcd_conf that checks all these different files and after
> >configuration reports what was configured.
> >
> >I would rather did a commonalization of detection instead of
> >duplicating the code. We can re-use result of detecting what exists
> >later in configure_{ldap,nslcd}_config().
> >
> I'll do it, but I have question:
> configure_ldap_config() also checks whether file 'pam_ldap.conf'
> exists. Is installed pam_ldap package without nss_ldap enough to
> allow ipa-client installation with --no-sssd option?
If you have kerberos setup, then authentication could be done via
kerberos and NSS module would give you users and groups with nss_ldap.
So pam_ldap + nss_ldap is one of possible configurations, but pam_krb5
+ nss_ldap is also possible to use, without pam_ldap.
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] ipa-client-install with --no-sssd option should check for nss_ldap
On 11/11/2011 03:25 PM, Alexander Bokovoy wrote:
On Fri, 11 Nov 2011, Rob Crittenden wrote:
Ondrej Hamada wrote:
https://fedorahosted.org/freeipa/ticket/2063
In order to check presence of nss_ldap when installing client with
'--no-sssd' option there was added code into ipa-client-install. Check
is base on existence of nss_ldap configuration files. This configuration
could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or
'/etc/libnss_ldap.conf'. Presence of any of these files is considered as
success otherwise failure.
I think we should check for nslcd.conf as well and report that
neither nss-ldap nor nss-pam-ldapd are installed.
We have already code in configure_ldap_config() and
configure_nslcd_conf that checks all these different files and after
configuration reports what was configured.
I would rather did a commonalization of detection instead of
duplicating the code. We can re-use result of detecting what exists
later in configure_{ldap,nslcd}_config().
I'll do it, but I have question:
configure_ldap_config() also checks whether file 'pam_ldap.conf' exists.
Is installed pam_ldap package without nss_ldap enough to allow
ipa-client installation with --no-sssd option?
--
Regards,
Ondrej Hamada
FreeIPA team
jabber: oh...@jabbim.cz
IRC: ohamada
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] ipa-client-install with --no-sssd option should check for nss_ldap
On Fri, 11 Nov 2011, Rob Crittenden wrote:
> Ondrej Hamada wrote:
> >https://fedorahosted.org/freeipa/ticket/2063
> >
> >In order to check presence of nss_ldap when installing client with
> >'--no-sssd' option there was added code into ipa-client-install. Check
> >is base on existence of nss_ldap configuration files. This configuration
> >could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or
> >'/etc/libnss_ldap.conf'. Presence of any of these files is considered as
> >success otherwise failure.
>
> I think we should check for nslcd.conf as well and report that
> neither nss-ldap nor nss-pam-ldapd are installed.
We have already code in configure_ldap_config() and
configure_nslcd_conf that checks all these different files and after
configuration reports what was configured.
I would rather did a commonalization of detection instead of
duplicating the code. We can re-use result of detecting what exists
later in configure_{ldap,nslcd}_config().
--
/ Alexander Bokovoy
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] ipa-client-install with --no-sssd option should check for nss_ldap
Ondrej Hamada wrote: https://fedorahosted.org/freeipa/ticket/2063 In order to check presence of nss_ldap when installing client with '--no-sssd' option there was added code into ipa-client-install. Check is base on existence of nss_ldap configuration files. This configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or '/etc/libnss_ldap.conf'. Presence of any of these files is considered as success otherwise failure. I think we should check for nslcd.conf as well and report that neither nss-ldap nor nss-pam-ldapd are installed. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] ipa-client-install with --no-sssd option should check for nss_ldap
https://fedorahosted.org/freeipa/ticket/2063 In order to check presence of nss_ldap when installing client with '--no-sssd' option there was added code into ipa-client-install. Check is base on existence of nss_ldap configuration files. This configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or '/etc/libnss_ldap.conf'. Presence of any of these files is considered as success otherwise failure. -- Regards, Ondrej Hamada FreeIPA team jabber:oh...@jabbim.cz IRC: ohamada From 741e6da0531986ed32f4e3ef0fbb53e5fbd5ee44 Mon Sep 17 00:00:00 2001 From: Ondrej Hamada Date: Fri, 11 Nov 2011 14:03:30 +0100 Subject: [PATCH] Client install checks for nss_ldap In order to check presence of nss_ldap when installing client with '--no-sssd' option there was added code into ipa-client-install. Check is base on existence of nss_ldap configuration files. This configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or '/etc/libnss_ldap.conf'. Presence of any of these files is considered as success otherwise failure and installation is aborted with proper error message. https://fedorahosted.org/freeipa/ticket/2063 --- ipa-client/ipa-install/ipa-client-install | 11 +++ 1 files changed, 11 insertions(+), 0 deletions(-) diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index cdea6dbe6fbbdca608ad8e858cf9fa042f7de9d1..362f167307189fab746478b2362dfe685241a4ee 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -870,6 +870,17 @@ def install(options, env, fstore, statestore): print 'Invalid hostname \'%s\', must be lower-case.' % hostname return CLIENT_INSTALL_ERROR +# When --no-sssd option set, there must be nss_ldap module installed. +if not options.sssd: +nss_ldap = False +for filename in ['/etc/ldap.conf', '/etc/nss_ldap.conf', '/etc/libnss-ldap.conf']: +if file_exists(filename): +nss_ldap = True +break +if not nss_ldap: +print >>sys.stderr, "'nss_ldap' not installed" +return CLIENT_INSTALL_ERROR + # Create the discovery instance ds = ipadiscovery.IPADiscovery() -- 1.7.6.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
