Re: [Freeipa-devel] [PATCH] ipa-client-install with --no-sssd option should check for nss_ldap
Ondrej Hamada wrote: On 12/02/2011 04:16 PM, Rob Crittenden wrote: Ondrej Hamada wrote: On 11/29/2011 10:33 PM, Rob Crittenden wrote: Ondrej Hamada wrote: On 11/11/2011 02:55 PM, Ondrej Hamada wrote: https://fedorahosted.org/freeipa/ticket/2063 In order to check presence of nss_ldap when installing client with '--no-sssd' option there was added code into ipa-client-install. Check is base on existence of nss_ldap configuration files. This configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or '/etc/libnss_ldap.conf'. Presence of any of these files is considered as success otherwise failure. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel I've rewritten it. Additionally it checks for existence of nss-pam-ldapd and makes the results reusable by configure_{ldap|nslcd}_conf() functions. https://fedorahosted.org/freeipa/ticket/2063 In order to check presence of nss_ldap or nss-pam-ldapd when installing client with '--no-sssd' option there was added code into ipa-client-install. Checking is based on existence of nss_ldap configuration files. This configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or '/etc/libnss_ldap.conf'. Optionaly the nss_ldap could cooperate with pam_ldap module and hence the presence of it is checked by looking for 'pam_ldap.conf' file. Existence of nss-pam-ldapd is checked against existence of 'nslcd.conf' file. All this checking is done by function nssldap_exists(). Because both main modules are maintained by two different functions, the function returns tuple containing return code and dictionary structure - its key is name of target function and value is list of existing configuration files. Files to check are specified inside the nssldap_exists() function. In order to fit the returned values, the functions configure_{ldap|nslcd}_conf() were slightly modified. They accept one more parameter which is list of existing files. They are not checking existence of above mentioned files anymore. The patch looks good, just a couple of issues. 1. In the nslcd configurator you add ''.join(files). Did you mean ','.join(files)? 2. The commit message lines wrap making it difficult to read. Can you limit the lines to ~70 chars per line? 3. I think the message printed when neither package is available can be simplified to: One of these packages must be installed: nss_ldap or nss-pam-ldapd It needs a rebase too. rob corrected, corrected, changed, rebased In order to check presence of nss_ldap or nss-pam-ldapd when installing client with '--no-sssd' option there was added code intoipa-client-install. Checking is based on existence of one of nss_ldap configuration files. This configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or '/etc/libnss_ldap.conf'. Optionaly the nss_ldap could cooperate with pam_ldap module and hence the presence of it is checked by looking for 'pam_ldap.conf' file. Existence of nss-pam-ldapd is checked against existence of 'nslcd.conf' file. All this checking is done by function nssldap_exists(). Because both modules are maintained by two different functions, the function returns tuple containing return code and dictionary structure - its key is name of target function and value is list of existing configuration files. Files to check are specified inside the nssldap_exists() function. In order to fit the returned values, the functions configure_{ldap|nslcd}_conf() were slightly modified. They accept one more parameter which is list of existing files. They are not checking existence of above mentioned files anymore. https://fedorahosted.org/freeipa/ticket/2063 Can you add a block header to nssldap_exists()? I think in particular you need explain that it returns 1 and 0 because that value can eventually be the return value of the installer itself (normally an exists would return True/False). I've changed it to return True/False and added comment Seeing a traceback: # ipa-client-install --no-sssd [ snip ] Enrolled in IPA realm EXAMPLE.COM Created /etc/ipa/default.conf Configured /etc/krb5.conf for IPA realm EXAMPLE.COM LDAP enabled Kerberos 5 enabled Traceback (most recent call last): File "/usr/sbin/ipa-client-install", line 1294, in sys.exit(main()) File "/usr/sbin/ipa-client-install", line 1281, in main rval = install(options, env, fstore, statestore) File "/usr/sbin/ipa-client-install", line 1211, in install (retcode, conf, filename) = configurer(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options) TypeError: configure_ldap_conf() takes exactly 8 arguments (7 given) rob corrected ack, pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] ipa-client-install with --no-sssd option should check for nss_ldap
On 12/02/2011 04:16 PM, Rob Crittenden wrote: Ondrej Hamada wrote: On 11/29/2011 10:33 PM, Rob Crittenden wrote: Ondrej Hamada wrote: On 11/11/2011 02:55 PM, Ondrej Hamada wrote: https://fedorahosted.org/freeipa/ticket/2063 In order to check presence of nss_ldap when installing client with '--no-sssd' option there was added code into ipa-client-install. Check is base on existence of nss_ldap configuration files. This configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or '/etc/libnss_ldap.conf'. Presence of any of these files is considered as success otherwise failure. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel I've rewritten it. Additionally it checks for existence of nss-pam-ldapd and makes the results reusable by configure_{ldap|nslcd}_conf() functions. https://fedorahosted.org/freeipa/ticket/2063 In order to check presence of nss_ldap or nss-pam-ldapd when installing client with '--no-sssd' option there was added code into ipa-client-install. Checking is based on existence of nss_ldap configuration files. This configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or '/etc/libnss_ldap.conf'. Optionaly the nss_ldap could cooperate with pam_ldap module and hence the presence of it is checked by looking for 'pam_ldap.conf' file. Existence of nss-pam-ldapd is checked against existence of 'nslcd.conf' file. All this checking is done by function nssldap_exists(). Because both main modules are maintained by two different functions, the function returns tuple containing return code and dictionary structure - its key is name of target function and value is list of existing configuration files. Files to check are specified inside the nssldap_exists() function. In order to fit the returned values, the functions configure_{ldap|nslcd}_conf() were slightly modified. They accept one more parameter which is list of existing files. They are not checking existence of above mentioned files anymore. The patch looks good, just a couple of issues. 1. In the nslcd configurator you add ''.join(files). Did you mean ','.join(files)? 2. The commit message lines wrap making it difficult to read. Can you limit the lines to ~70 chars per line? 3. I think the message printed when neither package is available can be simplified to: One of these packages must be installed: nss_ldap or nss-pam-ldapd It needs a rebase too. rob corrected, corrected, changed, rebased In order to check presence of nss_ldap or nss-pam-ldapd when installing client with '--no-sssd' option there was added code intoipa-client-install. Checking is based on existence of one of nss_ldap configuration files. This configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or '/etc/libnss_ldap.conf'. Optionaly the nss_ldap could cooperate with pam_ldap module and hence the presence of it is checked by looking for 'pam_ldap.conf' file. Existence of nss-pam-ldapd is checked against existence of 'nslcd.conf' file. All this checking is done by function nssldap_exists(). Because both modules are maintained by two different functions, the function returns tuple containing return code and dictionary structure - its key is name of target function and value is list of existing configuration files. Files to check are specified inside the nssldap_exists() function. In order to fit the returned values, the functions configure_{ldap|nslcd}_conf() were slightly modified. They accept one more parameter which is list of existing files. They are not checking existence of above mentioned files anymore. https://fedorahosted.org/freeipa/ticket/2063 Can you add a block header to nssldap_exists()? I think in particular you need explain that it returns 1 and 0 because that value can eventually be the return value of the installer itself (normally an exists would return True/False). I've changed it to return True/False and added comment Seeing a traceback: # ipa-client-install --no-sssd [ snip ] Enrolled in IPA realm EXAMPLE.COM Created /etc/ipa/default.conf Configured /etc/krb5.conf for IPA realm EXAMPLE.COM LDAP enabled Kerberos 5 enabled Traceback (most recent call last): File "/usr/sbin/ipa-client-install", line 1294, in sys.exit(main()) File "/usr/sbin/ipa-client-install", line 1281, in main rval = install(options, env, fstore, statestore) File "/usr/sbin/ipa-client-install", line 1211, in install (retcode, conf, filename) = configurer(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options) TypeError: configure_ldap_conf() takes exactly 8 arguments (7 given) rob corrected -- Regards, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz IRC: ohamada From 988f22f934aa67ee1c5065103f3ea4cefe9fd5d8 Mon Sep 17 00:00:00 2001 From: Ondrej Hamada Date: Mon, 5 Dec 2011 10:19:10 +0100 Subject: [PATCH] Client install checks for nss_ldap In order to check presence of nss_
Re: [Freeipa-devel] [PATCH] ipa-client-install with --no-sssd option should check for nss_ldap
Ondrej Hamada wrote: On 11/29/2011 10:33 PM, Rob Crittenden wrote: Ondrej Hamada wrote: On 11/11/2011 02:55 PM, Ondrej Hamada wrote: https://fedorahosted.org/freeipa/ticket/2063 In order to check presence of nss_ldap when installing client with '--no-sssd' option there was added code into ipa-client-install. Check is base on existence of nss_ldap configuration files. This configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or '/etc/libnss_ldap.conf'. Presence of any of these files is considered as success otherwise failure. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel I've rewritten it. Additionally it checks for existence of nss-pam-ldapd and makes the results reusable by configure_{ldap|nslcd}_conf() functions. https://fedorahosted.org/freeipa/ticket/2063 In order to check presence of nss_ldap or nss-pam-ldapd when installing client with '--no-sssd' option there was added code into ipa-client-install. Checking is based on existence of nss_ldap configuration files. This configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or '/etc/libnss_ldap.conf'. Optionaly the nss_ldap could cooperate with pam_ldap module and hence the presence of it is checked by looking for 'pam_ldap.conf' file. Existence of nss-pam-ldapd is checked against existence of 'nslcd.conf' file. All this checking is done by function nssldap_exists(). Because both main modules are maintained by two different functions, the function returns tuple containing return code and dictionary structure - its key is name of target function and value is list of existing configuration files. Files to check are specified inside the nssldap_exists() function. In order to fit the returned values, the functions configure_{ldap|nslcd}_conf() were slightly modified. They accept one more parameter which is list of existing files. They are not checking existence of above mentioned files anymore. The patch looks good, just a couple of issues. 1. In the nslcd configurator you add ''.join(files). Did you mean ','.join(files)? 2. The commit message lines wrap making it difficult to read. Can you limit the lines to ~70 chars per line? 3. I think the message printed when neither package is available can be simplified to: One of these packages must be installed: nss_ldap or nss-pam-ldapd It needs a rebase too. rob corrected, corrected, changed, rebased In order to check presence of nss_ldap or nss-pam-ldapd when installing client with '--no-sssd' option there was added code intoipa-client-install. Checking is based on existence of one of nss_ldap configuration files. This configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or '/etc/libnss_ldap.conf'. Optionaly the nss_ldap could cooperate with pam_ldap module and hence the presence of it is checked by looking for 'pam_ldap.conf' file. Existence of nss-pam-ldapd is checked against existence of 'nslcd.conf' file. All this checking is done by function nssldap_exists(). Because both modules are maintained by two different functions, the function returns tuple containing return code and dictionary structure - its key is name of target function and value is list of existing configuration files. Files to check are specified inside the nssldap_exists() function. In order to fit the returned values, the functions configure_{ldap|nslcd}_conf() were slightly modified. They accept one more parameter which is list of existing files. They are not checking existence of above mentioned files anymore. https://fedorahosted.org/freeipa/ticket/2063 Can you add a block header to nssldap_exists()? I think in particular you need explain that it returns 1 and 0 because that value can eventually be the return value of the installer itself (normally an exists would return True/False). Seeing a traceback: # ipa-client-install --no-sssd [ snip ] Enrolled in IPA realm EXAMPLE.COM Created /etc/ipa/default.conf Configured /etc/krb5.conf for IPA realm EXAMPLE.COM LDAP enabled Kerberos 5 enabled Traceback (most recent call last): File "/usr/sbin/ipa-client-install", line 1294, in sys.exit(main()) File "/usr/sbin/ipa-client-install", line 1281, in main rval = install(options, env, fstore, statestore) File "/usr/sbin/ipa-client-install", line 1211, in install (retcode, conf, filename) = configurer(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options) TypeError: configure_ldap_conf() takes exactly 8 arguments (7 given) rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] ipa-client-install with --no-sssd option should check for nss_ldap
On 11/29/2011 10:33 PM, Rob Crittenden wrote: Ondrej Hamada wrote: On 11/11/2011 02:55 PM, Ondrej Hamada wrote: https://fedorahosted.org/freeipa/ticket/2063 In order to check presence of nss_ldap when installing client with '--no-sssd' option there was added code into ipa-client-install. Check is base on existence of nss_ldap configuration files. This configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or '/etc/libnss_ldap.conf'. Presence of any of these files is considered as success otherwise failure. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel I've rewritten it. Additionally it checks for existence of nss-pam-ldapd and makes the results reusable by configure_{ldap|nslcd}_conf() functions. https://fedorahosted.org/freeipa/ticket/2063 In order to check presence of nss_ldap or nss-pam-ldapd when installing client with '--no-sssd' option there was added code into ipa-client-install. Checking is based on existence of nss_ldap configuration files. This configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or '/etc/libnss_ldap.conf'. Optionaly the nss_ldap could cooperate with pam_ldap module and hence the presence of it is checked by looking for 'pam_ldap.conf' file. Existence of nss-pam-ldapd is checked against existence of 'nslcd.conf' file. All this checking is done by function nssldap_exists(). Because both main modules are maintained by two different functions, the function returns tuple containing return code and dictionary structure - its key is name of target function and value is list of existing configuration files. Files to check are specified inside the nssldap_exists() function. In order to fit the returned values, the functions configure_{ldap|nslcd}_conf() were slightly modified. They accept one more parameter which is list of existing files. They are not checking existence of above mentioned files anymore. The patch looks good, just a couple of issues. 1. In the nslcd configurator you add ''.join(files). Did you mean ','.join(files)? 2. The commit message lines wrap making it difficult to read. Can you limit the lines to ~70 chars per line? 3. I think the message printed when neither package is available can be simplified to: One of these packages must be installed: nss_ldap or nss-pam-ldapd It needs a rebase too. rob corrected, corrected, changed, rebased In order to check presence of nss_ldap or nss-pam-ldapd when installing client with '--no-sssd' option there was added code intoipa-client-install. Checking is based on existence of one of nss_ldap configuration files. This configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or '/etc/libnss_ldap.conf'. Optionaly the nss_ldap could cooperate with pam_ldap module and hence the presence of it is checked by looking for 'pam_ldap.conf' file. Existence of nss-pam-ldapd is checked against existence of 'nslcd.conf' file. All this checking is done by function nssldap_exists(). Because both modules are maintained by two different functions, the function returns tuple containing return code and dictionary structure - its key is name of target function and value is list of existing configuration files. Files to check are specified inside the nssldap_exists() function. In order to fit the returned values, the functions configure_{ldap|nslcd}_conf() were slightly modified. They accept one more parameter which is list of existing files. They are not checking existence of above mentioned files anymore. https://fedorahosted.org/freeipa/ticket/2063 -- Regards, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz IRC: ohamada From e855cf4a544ba9b3fd69df3d5d5837dab005ee12 Mon Sep 17 00:00:00 2001 From: Ondrej Hamada Date: Thu, 1 Dec 2011 13:03:34 +0100 Subject: [PATCH] Client install checks for nss_ldap In order to check presence of nss_ldap or nss-pam-ldapd when installing client with '--no-sssd' option there was added code intoipa-client-install. Checking is based on existence of one of nss_ldap configuration files. This configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or '/etc/libnss_ldap.conf'. Optionaly the nss_ldap could cooperate with pam_ldap module and hence the presence of it is checked by looking for 'pam_ldap.conf' file. Existence of nss-pam-ldapd is checked against existence of 'nslcd.conf' file. All this checking is done by function nssldap_exists(). Because both modules are maintained by two different functions, the function returns tuple containing return code and dictionary structure - its key is name of target function and value is list of existing configuration files. Files to check are specified inside the nssldap_exists() function. In order to fit the returned values, the functions configure_{ldap|nslcd}_conf() were slightly modified. They accept one more parameter which is list of existing files. They are not checking existence of above mentioned
Re: [Freeipa-devel] [PATCH] ipa-client-install with --no-sssd option should check for nss_ldap
Ondrej Hamada wrote: On 11/11/2011 02:55 PM, Ondrej Hamada wrote: https://fedorahosted.org/freeipa/ticket/2063 In order to check presence of nss_ldap when installing client with '--no-sssd' option there was added code into ipa-client-install. Check is base on existence of nss_ldap configuration files. This configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or '/etc/libnss_ldap.conf'. Presence of any of these files is considered as success otherwise failure. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel I've rewritten it. Additionally it checks for existence of nss-pam-ldapd and makes the results reusable by configure_{ldap|nslcd}_conf() functions. https://fedorahosted.org/freeipa/ticket/2063 In order to check presence of nss_ldap or nss-pam-ldapd when installing client with '--no-sssd' option there was added code into ipa-client-install. Checking is based on existence of nss_ldap configuration files. This configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or '/etc/libnss_ldap.conf'. Optionaly the nss_ldap could cooperate with pam_ldap module and hence the presence of it is checked by looking for 'pam_ldap.conf' file. Existence of nss-pam-ldapd is checked against existence of 'nslcd.conf' file. All this checking is done by function nssldap_exists(). Because both main modules are maintained by two different functions, the function returns tuple containing return code and dictionary structure - its key is name of target function and value is list of existing configuration files. Files to check are specified inside the nssldap_exists() function. In order to fit the returned values, the functions configure_{ldap|nslcd}_conf() were slightly modified. They accept one more parameter which is list of existing files. They are not checking existence of above mentioned files anymore. The patch looks good, just a couple of issues. 1. In the nslcd configurator you add ''.join(files). Did you mean ','.join(files)? 2. The commit message lines wrap making it difficult to read. Can you limit the lines to ~70 chars per line? 3. I think the message printed when neither package is available can be simplified to: One of these packages must be installed: nss_ldap or nss-pam-ldapd It needs a rebase too. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] ipa-client-install with --no-sssd option should check for nss_ldap
On 11/11/2011 02:55 PM, Ondrej Hamada wrote: https://fedorahosted.org/freeipa/ticket/2063 In order to check presence of nss_ldap when installing client with '--no-sssd' option there was added code into ipa-client-install. Check is base on existence of nss_ldap configuration files. This configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or '/etc/libnss_ldap.conf'. Presence of any of these files is considered as success otherwise failure. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel I've rewritten it. Additionally it checks for existence of nss-pam-ldapd and makes the results reusable by configure_{ldap|nslcd}_conf() functions. https://fedorahosted.org/freeipa/ticket/2063 In order to check presence of nss_ldap or nss-pam-ldapd when installing client with '--no-sssd' option there was added code into ipa-client-install. Checking is based on existence of nss_ldap configuration files. This configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or '/etc/libnss_ldap.conf'. Optionaly the nss_ldap could cooperate with pam_ldap module and hence the presence of it is checked by looking for 'pam_ldap.conf' file. Existence of nss-pam-ldapd is checked against existence of 'nslcd.conf' file. All this checking is done by function nssldap_exists(). Because both main modules are maintained by two different functions, the function returns tuple containing return code and dictionary structure - its key is name of target function and value is list of existing configuration files. Files to check are specified inside the nssldap_exists() function. In order to fit the returned values, the functions configure_{ldap|nslcd}_conf() were slightly modified. They accept one more parameter which is list of existing files. They are not checking existence of above mentioned files anymore. -- Regards, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz IRC: ohamada From 82483a006bd99ce4d021b7b93ab7e828cb788c7a Mon Sep 17 00:00:00 2001 From: Ondrej Hamada Date: Mon, 14 Nov 2011 16:45:36 +0100 Subject: [PATCH] Client install checks for nss_ldap In order to check presence of nss_ldap or nss-pam-ldapd when installing client with '--no-sssd' option there was added code into ipa-client-install. Checking is based on existence of nss_ldap configuration files. This configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or '/etc/libnss_ldap.conf'. Optionaly the nss_ldap could cooperate with pam_ldap module and hence the presence of it is checked by looking for 'pam_ldap.conf' file. Existence of nss-pam-ldapd is checked against existence of 'nslcd.conf' file. All this checking is done by function nssldap_exists(). Because both main modules are maintained by two different functions, the function returns tuple containing return code and dictionary structure - its key is name of target function and value is list of existing configuration files. Files to check are specified inside the nssldap_exists() function. In order to fit the returned values, the functions configure_{ldap|nslcd}_conf() were slightly modified. They accept one more parameter which is list of existing files. They are not checking existence of above mentioned files anymore. https://fedorahosted.org/freeipa/ticket/2063 --- ipa-client/ipa-install/ipa-client-install | 60 - 1 files changed, 42 insertions(+), 18 deletions(-) diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index cdea6dbe6fbbdca608ad8e858cf9fa042f7de9d1..65537da21890365e29370f9af76edf93317b5154 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -402,6 +402,26 @@ def uninstall(options, env, quiet=False): return 0 +def nssldap_exists(): +files_to_check = [{'function':'configure_ldap_conf', 'mandatory':['/etc/ldap.conf','/etc/nss_ldap.conf','/etc/libnss-ldap.conf'], 'optional':['/etc/pam_ldap.conf']}, + {'function':'configure_nslcd_conf', 'mandatory':['/etc/nslcd.conf']}] +files_found = {} +retval = 1 + +for function in files_to_check: +files_found[function['function']]=[] +for file_type in ['mandatory','optional']: +try: +for filename in function[file_type]: +if file_exists(filename): +files_found[function['function']].append(filename) +if file_type == 'mandatory': +retval = 0 +except KeyError: +pass + +return (retval, files_found) + def configure_ipa_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server): ipaconf = ipaclient.ipachangeconf.IPAChangeConf("IPA Installer") ipaconf.setOptionAssignment(" = ") @@ -428,7 +448,7 @@ def configure_ipa_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_
Re: [Freeipa-devel] [PATCH] ipa-client-install with --no-sssd option should check for nss_ldap
On 11/11/2011 11:35 AM, Ondrej Hamada wrote: > On 11/11/2011 03:25 PM, Alexander Bokovoy wrote: >> On Fri, 11 Nov 2011, Rob Crittenden wrote: >>> Ondrej Hamada wrote: https://fedorahosted.org/freeipa/ticket/2063 In order to check presence of nss_ldap when installing client with '--no-sssd' option there was added code into ipa-client-install. Check is base on existence of nss_ldap configuration files. This configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or '/etc/libnss_ldap.conf'. Presence of any of these files is considered as success otherwise failure. >>> I think we should check for nslcd.conf as well and report that >>> neither nss-ldap nor nss-pam-ldapd are installed. >> We have already code in configure_ldap_config() and >> configure_nslcd_conf that checks all these different files and after >> configuration reports what was configured. >> >> I would rather did a commonalization of detection instead of >> duplicating the code. We can re-use result of detecting what exists >> later in configure_{ldap,nslcd}_config(). >> > I'll do it, but I have question: > configure_ldap_config() also checks whether file 'pam_ldap.conf' > exists. Is installed pam_ldap package without nss_ldap enough to allow > ipa-client installation with --no-sssd option? > pam-ldap by itself is not enough. There should be something for nss. But there are different combinations of packages depending upon RHEL version. -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] ipa-client-install with --no-sssd option should check for nss_ldap
On Fri, 11 Nov 2011, Ondrej Hamada wrote: > >>I think we should check for nslcd.conf as well and report that > >>neither nss-ldap nor nss-pam-ldapd are installed. > >We have already code in configure_ldap_config() and > >configure_nslcd_conf that checks all these different files and after > >configuration reports what was configured. > > > >I would rather did a commonalization of detection instead of > >duplicating the code. We can re-use result of detecting what exists > >later in configure_{ldap,nslcd}_config(). > > > I'll do it, but I have question: > configure_ldap_config() also checks whether file 'pam_ldap.conf' > exists. Is installed pam_ldap package without nss_ldap enough to > allow ipa-client installation with --no-sssd option? If you have kerberos setup, then authentication could be done via kerberos and NSS module would give you users and groups with nss_ldap. So pam_ldap + nss_ldap is one of possible configurations, but pam_krb5 + nss_ldap is also possible to use, without pam_ldap. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] ipa-client-install with --no-sssd option should check for nss_ldap
On 11/11/2011 03:25 PM, Alexander Bokovoy wrote: On Fri, 11 Nov 2011, Rob Crittenden wrote: Ondrej Hamada wrote: https://fedorahosted.org/freeipa/ticket/2063 In order to check presence of nss_ldap when installing client with '--no-sssd' option there was added code into ipa-client-install. Check is base on existence of nss_ldap configuration files. This configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or '/etc/libnss_ldap.conf'. Presence of any of these files is considered as success otherwise failure. I think we should check for nslcd.conf as well and report that neither nss-ldap nor nss-pam-ldapd are installed. We have already code in configure_ldap_config() and configure_nslcd_conf that checks all these different files and after configuration reports what was configured. I would rather did a commonalization of detection instead of duplicating the code. We can re-use result of detecting what exists later in configure_{ldap,nslcd}_config(). I'll do it, but I have question: configure_ldap_config() also checks whether file 'pam_ldap.conf' exists. Is installed pam_ldap package without nss_ldap enough to allow ipa-client installation with --no-sssd option? -- Regards, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz IRC: ohamada ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] ipa-client-install with --no-sssd option should check for nss_ldap
On Fri, 11 Nov 2011, Rob Crittenden wrote: > Ondrej Hamada wrote: > >https://fedorahosted.org/freeipa/ticket/2063 > > > >In order to check presence of nss_ldap when installing client with > >'--no-sssd' option there was added code into ipa-client-install. Check > >is base on existence of nss_ldap configuration files. This configuration > >could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or > >'/etc/libnss_ldap.conf'. Presence of any of these files is considered as > >success otherwise failure. > > I think we should check for nslcd.conf as well and report that > neither nss-ldap nor nss-pam-ldapd are installed. We have already code in configure_ldap_config() and configure_nslcd_conf that checks all these different files and after configuration reports what was configured. I would rather did a commonalization of detection instead of duplicating the code. We can re-use result of detecting what exists later in configure_{ldap,nslcd}_config(). -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] ipa-client-install with --no-sssd option should check for nss_ldap
Ondrej Hamada wrote: https://fedorahosted.org/freeipa/ticket/2063 In order to check presence of nss_ldap when installing client with '--no-sssd' option there was added code into ipa-client-install. Check is base on existence of nss_ldap configuration files. This configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or '/etc/libnss_ldap.conf'. Presence of any of these files is considered as success otherwise failure. I think we should check for nslcd.conf as well and report that neither nss-ldap nor nss-pam-ldapd are installed. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] ipa-client-install with --no-sssd option should check for nss_ldap
https://fedorahosted.org/freeipa/ticket/2063 In order to check presence of nss_ldap when installing client with '--no-sssd' option there was added code into ipa-client-install. Check is base on existence of nss_ldap configuration files. This configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or '/etc/libnss_ldap.conf'. Presence of any of these files is considered as success otherwise failure. -- Regards, Ondrej Hamada FreeIPA team jabber:oh...@jabbim.cz IRC: ohamada From 741e6da0531986ed32f4e3ef0fbb53e5fbd5ee44 Mon Sep 17 00:00:00 2001 From: Ondrej Hamada Date: Fri, 11 Nov 2011 14:03:30 +0100 Subject: [PATCH] Client install checks for nss_ldap In order to check presence of nss_ldap when installing client with '--no-sssd' option there was added code into ipa-client-install. Check is base on existence of nss_ldap configuration files. This configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or '/etc/libnss_ldap.conf'. Presence of any of these files is considered as success otherwise failure and installation is aborted with proper error message. https://fedorahosted.org/freeipa/ticket/2063 --- ipa-client/ipa-install/ipa-client-install | 11 +++ 1 files changed, 11 insertions(+), 0 deletions(-) diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index cdea6dbe6fbbdca608ad8e858cf9fa042f7de9d1..362f167307189fab746478b2362dfe685241a4ee 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -870,6 +870,17 @@ def install(options, env, fstore, statestore): print 'Invalid hostname \'%s\', must be lower-case.' % hostname return CLIENT_INSTALL_ERROR +# When --no-sssd option set, there must be nss_ldap module installed. +if not options.sssd: +nss_ldap = False +for filename in ['/etc/ldap.conf', '/etc/nss_ldap.conf', '/etc/libnss-ldap.conf']: +if file_exists(filename): +nss_ldap = True +break +if not nss_ldap: +print >>sys.stderr, "'nss_ldap' not installed" +return CLIENT_INSTALL_ERROR + # Create the discovery instance ds = ipadiscovery.IPADiscovery() -- 1.7.6.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel