URL: https://github.com/freeipa/freeipa/pull/1939 Author: rcritten Title: #1939: [Backport][ipa-4-6] Radius proxy multiservers fix Action: opened
PR body: """ This PR was opened automatically because PR #1922 was pushed to master and backport to ipa-4-6 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1939/head:pr1939 git checkout pr1939
From 9ea7a774be2a78e55e5158cec661aec7a1c23c7c Mon Sep 17 00:00:00 2001 From: Aleksei Slaikovskii <aslai...@redhat.com> Date: Mon, 14 May 2018 08:55:56 +0200 Subject: [PATCH] Radius proxy multiservers fix Now radius proxy plugin allows to add more then one radius server into radius proxy but the first one from ldap response is being parsed (you can see ./daemons/ipa-optd/parse.c). So this kind of behaviour is a bug, as it was determined on IRC. This patch removes possibility to add more then one radius server into radius proxy. Pagure: https://pagure.io/freeipa/issue/7542 --- API.txt | 6 +++--- install/ui/src/freeipa/radiusproxy.js | 12 +++--------- ipaserver/plugins/radiusproxy.py | 2 +- 3 files changed, 7 insertions(+), 13 deletions(-) diff --git a/API.txt b/API.txt index 05dec4475c..96c1548331 100644 --- a/API.txt +++ b/API.txt @@ -3958,7 +3958,7 @@ option: Flag('all', autofill=True, cli_name='all', default=False) option: Str('description?', cli_name='desc') option: Int('ipatokenradiusretries?', cli_name='retries') option: Password('ipatokenradiussecret', cli_name='secret', confirm=True) -option: Str('ipatokenradiusserver+', cli_name='server') +option: Str('ipatokenradiusserver', cli_name='server') option: Int('ipatokenradiustimeout?', cli_name='timeout') option: Str('ipatokenusermapattribute?', cli_name='userattr') option: Flag('raw', autofill=True, cli_name='raw', default=False) @@ -3983,7 +3983,7 @@ option: Str('cn?', autofill=False, cli_name='name') option: Str('description?', autofill=False, cli_name='desc') option: Int('ipatokenradiusretries?', autofill=False, cli_name='retries') option: Password('ipatokenradiussecret?', autofill=False, cli_name='secret', confirm=True) -option: Str('ipatokenradiusserver*', autofill=False, cli_name='server') +option: Str('ipatokenradiusserver?', autofill=False, cli_name='server') option: Int('ipatokenradiustimeout?', autofill=False, cli_name='timeout') option: Str('ipatokenusermapattribute?', autofill=False, cli_name='userattr') option: Flag('pkey_only?', autofill=True, default=False) @@ -4004,7 +4004,7 @@ option: Str('delattr*', cli_name='delattr') option: Str('description?', autofill=False, cli_name='desc') option: Int('ipatokenradiusretries?', autofill=False, cli_name='retries') option: Password('ipatokenradiussecret?', autofill=False, cli_name='secret', confirm=True) -option: Str('ipatokenradiusserver*', autofill=False, cli_name='server') +option: Str('ipatokenradiusserver?', autofill=False, cli_name='server') option: Int('ipatokenradiustimeout?', autofill=False, cli_name='timeout') option: Str('ipatokenusermapattribute?', autofill=False, cli_name='userattr') option: Flag('raw', autofill=True, cli_name='raw', default=False) diff --git a/install/ui/src/freeipa/radiusproxy.js b/install/ui/src/freeipa/radiusproxy.js index 056d9504c1..d4283f72cd 100644 --- a/install/ui/src/freeipa/radiusproxy.js +++ b/install/ui/src/freeipa/radiusproxy.js @@ -66,10 +66,7 @@ return { $type: 'textarea', name: 'description' }, - { - $type: 'multivalued', - name: 'ipatokenradiusserver' // TODO: add validation - }, + 'ipatokenradiusserver', // TODO: add validation 'ipatokenusermapattribute', // TODO: add validation 'ipatokenradiustimeout', 'ipatokenradiusretries' @@ -90,10 +87,7 @@ return { adder_dialog: { fields: [ 'cn', - { - $type: 'multivalued', - name: 'ipatokenradiusserver' - }, + 'ipatokenradiusserver', { $type: 'password', name: 'ipatokenradiussecret' @@ -130,4 +124,4 @@ radiusproxy.register = function() { phases.on('registration', radiusproxy.register); return radiusproxy; -}); \ No newline at end of file +}); diff --git a/ipaserver/plugins/radiusproxy.py b/ipaserver/plugins/radiusproxy.py index be77c62432..f638431f69 100644 --- a/ipaserver/plugins/radiusproxy.py +++ b/ipaserver/plugins/radiusproxy.py @@ -116,7 +116,7 @@ class radiusproxy(LDAPObject): label=_('Description'), doc=_('A description of this RADIUS proxy server'), ), - Str('ipatokenradiusserver+', validate_radiusserver, + Str('ipatokenradiusserver', validate_radiusserver, cli_name='server', label=_('Server'), doc=_('The hostname or IP (with or without port)'),
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/LTZ7K5AHOQRQ7TDSTSST3KFONRP7AXAK/