Thanks for your understanding.

I updated trunk with the shibboleth-related fixes (adding user.validated to the 
database scripts, fixing the global scope of $addUserFuncArgs). I also took the 
opportunity to update the updateShibUser function so that user.validated is set 
to 1 whenever a user officially logs in through the standard Shibboleth 
channels (which makes the 'user.validated' field work as intended).

Aaron C.

On May 31, 2012, at 12:32 PM, Aaron Peeler wrote:

> I can get the OS.pm module change.
> 
> I also found a small change needed in the xCAT modules... nothing
> critical but would be helpful.
> 
> Aaron P.
> 
> On Thu, May 31, 2012 at 12:21 PM, Andy Kurth <andy_ku...@ncsu.edu> wrote:
>> I agree.  I also found some issues with vSphere.pm connecting to
>> vCenter 5 yesterday.  I would like to fix this for RC2.
>> -Andy
>> 
>> On Thu, May 31, 2012 at 11:51 AM, Josh Thompson <josh_thomp...@ncsu.edu> 
>> wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>> 
>>> Aaron,
>>> 
>>> You're not being a stick in the mud.  I think it's great that you tested it
>>> well enough to find a few things that need to be corrected - that's the 
>>> whole
>>> point of having a community vote to do a release.  I definitely consider the
>>> Shibboleth issue big enough to cut a new RC (even though that requires a new
>>> vote).
>>> 
>>> All,
>>> 
>>> Aaron has some good points.  I think we should fix the issues he mentioned 
>>> and
>>> cut RC2 for 2.3.  This isn't an official vote process, but please share any
>>> thoughts you have.
>>> 
>>> Josh
>>> 
>>> On Wednesday, May 30, 2012 9:41:12 PM Aaron Coburn wrote:
>>>> -1
>>>> 
>>>> Sorry to a stick in the mud, guys, since I'd certainly like to see 2.3
>>>> released soon, but I encountered a few issues that I think should be fixed
>>>> before cutting the release.
>>>> 
>>>> I installed the release candidate using a fresh database, testing against a
>>>> vCenter provisioning engine and Shibboleth authentication. I was using a
>>>> 64-bit Windows 7 image.
>>>> 
>>>> The first issue I encountered was that each time the management node calls
>>>> 'get_file_contents', the contents of the target file are printed to the
>>>> log. This is generally not an issue, but when a slice of the registry is
>>>> retrieved, that amounted to ~30,000 lines in my logfile. And that happens
>>>> each time an image is reloaded. (Somehow I hadn't noticed this with the
>>>> code from about two weeks ago). I can certainly see the usefulness of this
>>>> during development, but I don't like the fact that this is the default
>>>> behavior for a release. For now, I would suggest modifying line 1789 of
>>>> OS.pm:
>>>> 
>>>> -    my ($exit_status, $output) = $self->execute($command);
>>>> +    my ($exit_status, $output) = $self->execute($command, 0); # do not
>>>> print the cmd output to the log
>>>> 
>>>> Later, it could be nice to make this somewhat more configurable.
>>>> 
>>>> 
>>>> Second, if the system is using Shibboleth it is not possible to handle 
>>>> users
>>>> who have not previously logged in (i.e. adding someone to a group). There
>>>> are two bugs preventing this from working properly. First, if someone
>>>> enables ALLOWADDSHIBUSERS in conf.php but doesn't define a value in
>>>> $addUserFuncArgs (I would anticipate this to be what most people using Shib
>>>> would do, since there is no documentation about what that array is for),
>>>> the initGlobals() function does not properly populate the addUserFuncArgs
>>>> array. This can be fixed by adding $addUserFuncArgs to the list of 'global'
>>>> values on line 68 in utils.php -- the current code is just modifying a
>>>> local value, not the global one:
>>>> 
>>>> -    global $affilValFunc, $addUserFunc, $updateUserFunc;
>>>> +    global $affilValFunc, $addUserFunc, $updateUserFunc, $addUserFuncArgs;
>>>> 
>>>> Once that change is made, though, there is also a SQL query expecting a
>>>> 'validated' field in the users table. This field, however, does not exist.
>>>> It is in neither update-vcl.sql nor in vcl.sql:
>>>> 
>>>> vcl.sql, line 1079:
>>>> 
>>>> +  `validated` tinyint(1) unsigned NOT NULL default '1',
>>>> 
>>>> and update-vcl.sql, lines 827-
>>>> 
>>>> + -- --------------------------------------------------------
>>>> +
>>>> + --
>>>> + -- Table structure for table `user`
>>>> + --
>>>> +
>>>> + CALL AddColumnIfNotExists('user', 'validated', "tinyint(1) unsigned NOT
>>>> NULL default '1'"); +
>>>> 
>>>> Once these two changes are made, however, I am able to add shib users
>>>> exactly as the documentation suggests.
>>>> 
>>>> Otherwise, everything else looks good.
>>>> 
>>>> 
>>>> Aaron
>>> - --
>>> - -------------------------------
>>> Josh Thompson
>>> VCL Developer
>>> North Carolina State University
>>> 
>>> my GPG/PGP key can be found at pgp.mit.edu
>>> 
>>> All electronic mail messages in connection with State business which
>>> are sent to or received by this account are subject to the NC Public
>>> Records Law and may be disclosed to third parties.
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v2.0.17 (GNU/Linux)
>>> 
>>> iEYEARECAAYFAk/Hk28ACgkQV/LQcNdtPQMnNACfayx6uWW+d3oQcM0Dn7NVuquQ
>>> aU0AnRBy8AXa+AA5riiVJEOdamd1UHhK
>>> =w8Kn
>>> -----END PGP SIGNATURE-----
>>> 
> 
> 
> 
> -- 
> Aaron Peeler
> Program Manager
> Virtual Computing Lab
> NC State University
> 
> All electronic mail messages in connection with State business which
> are sent to or received by this account are subject to the NC Public
> Records Law and may be disclosed to third parties.

Reply via email to