On 07/07/2012 08:45 PM, John Dennis wrote:
The DN work I was doing on master is ready for review and testing. It's
been a long haul and I've been working relentlessly to get this work
completed. I am on PTO for a week starting today (I know bad timing) but
I spent yesterday and my first day of PTO today writing up extensive
documentation for the work so others can start taking a look at it while
I'm gone. The documentation as well as where to find the code can be
found here:
http://jdennis.fedorapeople.org/dn_summary.html
The document is long but I felt it was better to provide explanations
for as much as possible.
I may check in during the week but I'm going to try and discipline
myself not to and take an actual much needed break.
John
Two more code review points:
ipa-adtrust-install uses DN without importing it, that'll fail
You've changed API.txt, be sure to also bump IPA_API_VERSION_MINOR in
VERSION.
And now for the functional testing.
I ran through the unit tests, and tested the command-line utilities.
I did not test replica stuff (replica-prepare doesn't work, see below)
and AD integration (I'd like to ask someone else to do the tests here).
I rebased the patch to master, so some of the problems I found may be
new regressions.
I'm attaching an additional patch I've tested with, which solves some
errors I've encountered:
• The lint error mentioned earlier
• ipa-client-install passing a DN object to ipautil.run
$ sudo ipa-client-install
Discovery was successful!
Hostname: vm-149.idm.lab.bos.redhat.com
Realm: IDM.LAB.BOS.REDHAT.COM
DNS Domain: idm.lab.bos.redhat.com
IPA Server: vm-044.idm.lab.bos.redhat.com
BaseDN: dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
Continue to configure the system with these values? [no]: y
User authorized to enroll computers: admin
Synchronizing time with KDC...
Password for ad...@idm.lab.bos.redhat.com:
Traceback (most recent call last):
File "/sbin/ipa-client-install", line 1763, in <module>
sys.exit(main())
File "/sbin/ipa-client-install", line 1749, in main
rval = install(options, env, fstore, statestore)
File "/sbin/ipa-client-install", line 1473, in install
(stdout, stderr, returncode) = run(join_args, raiseonerr=False,
env=env, nolog=nolog)
File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line
285, in run
close_fds=True, env=env)
File "/usr/lib64/python2.7/subprocess.py", line 679, in __init__
errread, errwrite)
File "/usr/lib64/python2.7/subprocess.py", line 1249, in _execute_child
raise child_exception
TypeError: coercing to Unicode: need string or buffer, DN found
I also ran into:
• ipa-replica-setup uses removed a LDAPEntry method that got removed
when LDAPEntry became a namedtuple
$ sudo ipa-replica-prepare vm-$REPLICANUM.idm.lab.bos.redhat.com -p
12345678 --ip-address 10.16.78.28
Preparing replica for vm-028.idm.lab.bos.redhat.com from
vm-044.idm.lab.bos.redhat.com
preparation of replica failed: 'LDAPEntry' object has no attribute
'getValue'
'LDAPEntry' object has no attribute 'getValue'
File "/sbin/ipa-replica-prepare", line 461, in <module>
main()
File "/sbin/ipa-replica-prepare", line 309, in main
dirman_password)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
line 89, in enable_replication_version_checking
if entry[0].getValue('nsslapd-pluginenabled') == 'off':
• dnsrecord_{del,mod} AAAA unit tests fail, e.g.
ipa: ERROR: non-public: AssertionError:
Traceback (most recent call last):
File "/home/pviktori/freeipa/ipaserver/rpcserver.py", line 332, in
wsgi_execute
result = self.Command[name](*args, **options)
File "/home/pviktori/freeipa/ipalib/frontend.py", line 435, in __call__
ret = self.run(*args, **options)
File "/home/pviktori/freeipa/ipalib/frontend.py", line 747, in run
return self.execute(*args, **options)
File "/home/pviktori/freeipa/ipalib/plugins/dns.py", line 2601, in
execute
result = super(dnsrecord_del, self).execute(*keys, **options)
File "/home/pviktori/freeipa/ipalib/plugins/baseldap.py", line 1350,
in execute
assert isinstance(dn, DN)
AssertionError
ipa: INFO: ad...@idm.lab.bos.redhat.com: dnsrecord_del(u'dnszone.test',
u'testdnsres', arecord=(u'127.0.0.1',), del_all=False, struct
• ipa-compliance still uses strings for DNs (see lines 119, 139). It
fails with an AssertionError (which may not be apparent at first because
the tool isn't very good at error reporting).
Traceback (most recent call last):
File "/sbin/ipa-compliance", line 179, in main
check_compliance(tmpdir, options.debug)
File "/sbin/ipa-compliance", line 121, in check_compliance
size_limit = -1)
File "/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py",
line 1050, in find_entries
assert isinstance(base_dn, DN)
AssertionError
• ipa-ldap-updater fails when running plugins. The offending code around
updateclient.py:134 is wrong.
$ sudo ipa-ldap-updater
Directory Manager password:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: INFO PRE_UPDATE
ipa.ipaserver.install.ldapupdate.LDAPUpdate: INFO Parsing update
file /usr/share/ipa/updates/10-60basev2.update
ipa.ipaserver.install.ldapupdate.LDAPUpdate: INFO Parsing update
file /usr/share/ipa/updates/10-60basev3.update
[...]
ipa.ipaserver.install.ldapupdate.LDAPUpdate: INFO Done
ipa.ipaserver.install.ldapupdate.LDAPUpdate: INFO Updating existing
entry: cn=UPG Definition,cn=Definitions,cn=Managed
Entries,cn=etc,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
ipa.ipaserver.install.ldapupdate.LDAPUpdate: INFO Done
ipa.ipaserver.install.ldapupdate.LDAPUpdate: INFO POST_UPDATE
Traceback (most recent call last):
File "/sbin/ipa-ldap-updater", line 163, in <module>
sys.exit(main())
File "/sbin/ipa-ldap-updater", line 144, in main
modified = ld.update(files)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py", line
879, in update
updates = api.Backend.updateclient.update(POST_UPDATE,
self.dm_password, self.ldapi, self.live_run)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/plugins/updateclient.py",
line 134, in update
if dn not in rdn_count_list[rdn_count]:
IndexError: list index out of range
• ipa-nis-manage uses unlocked global DNs. But it works!
• ipa-managed-entries still uses strings for DNs (see line 97), so it
can't find the entries it manages (again due to AssertionError).
$ sudo ipa-managed-entries -l
Directory Manager password:
Unable to find managed entries at cn=Definitions,cn=Managed
Entries,cn=etc,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
--
Petr³
From d70436d42186de3170e45ad4f383502619d15f7a Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pvikt...@redhat.com>
Date: Tue, 10 Jul 2012 04:33:06 -0400
Subject: [PATCH] fixup! dn conversion
---
ipa-client/ipa-install/ipa-client-install | 2 +-
ipaserver/plugins/ldap2.py | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 5f13126635d9705e6d808f60f02e7bba49d70baf..2b0bd819699f79c11b8e1a7e3e4e29048dde132b 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -1409,7 +1409,7 @@ def install(options, env, fstore, statestore):
root_logger.error("Test kerberos configuration failed")
return CLIENT_INSTALL_ERROR
env['KRB5_CONFIG'] = krb_name
- join_args = ["/usr/sbin/ipa-join", "-s", cli_server[0], "-b", realm_to_suffix(cli_realm)]
+ join_args = ["/usr/sbin/ipa-join", "-s", cli_server[0], "-b", str(realm_to_suffix(cli_realm))]
if options.debug:
join_args.append("-d")
env['XMLRPC_TRACE_CURL'] = 'yes'
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index 3f7238f43ea325705f19f4f7be4cac3fbfee73fd..80d9134594d02e487679228cff2e097dd8345043 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -46,7 +46,7 @@
import ldap.filter as _ldap_filter
import ldap.sasl as _ldap_sasl
from ipapython.dn import DN, RDN
-from ipaserver.ipautil import CIDict
+from ipapython.ipautil import CIDict
from collections import namedtuple
from ipalib.errors import NetworkError, DatabaseError
--
1.7.10.4
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
