Send Netdot-devel mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://osl.uoregon.edu/mailman/listinfo/netdot-devel
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Netdot-devel digest..."
Today's Topics:
1. [Netdot - Feature #1652] Add support for LDAP over TLS
([email protected])
2. [Netdot - Bug #1694] (New) Error committing patch for Feature
#1652 ([email protected])
3. [SCM] Netdot branch netdot-1.0 updated.
netdot-1.0.1-80-gfade16b ([email protected])
4. [SCM] Netdot branch master updated. netdot-1.0.1-91-gee1580e
([email protected])
5. [Netdot - Bug #1694] (Resolved) Error committing patch for
Feature #1652 ([email protected])
6. [SCM] Netdot annotated tag netdot-1.0.2 created. netdot-1.0.2
([email protected])
7. [Netdot] 'DownLoad' wiki page has been updated
([email protected])
8. [Netdot] '102 ChangeLog' wiki page has been added
([email protected])
9. Netdot 1.0.2 available for download (Carlos Vicente)
----------------------------------------------------------------------
Message: 1
Date: Mon, 8 Oct 2012 04:51:53 -0700
From: [email protected]
Subject: [Netdot-devel] [Netdot - Feature #1652] Add support for LDAP
over TLS
To: [email protected], [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset=utf-8
Issue #1652 has been updated by Nick Hilliard.
File ldap-tls.diff added
Oops, Maciej's patch was committed incorrectly (34644607), and the problem was
compounded by commit 8344306b. I've attached a patch to fix both of these
problems.
The problem is that LDAP_EXTENSION_START_TLS is a constant, not a string token.
If it's passed into $dse->supported_extension() as a string token, then that
will always return false. It's necessary to pull in the constant definition
for LDAP_EXTENSION_START_TLS Net::LDAP::Constant first, but it looks like this
was missed in commit #34644607.
----------------------------------------
Feature #1652: Add support for LDAP over TLS
https://osl.uoregon.edu/redmine/issues/1652#change-2991
Author: Maciej Kazulak
Status: Resolved
Priority: High
Assignee:
Category:
Target version: 1.0.1-RC3
Resolution: fixed
Add support for LDAP over TLS. If server advertises TLS support then try to
start TLS but continue if it fails. Fail only when NetdotLDAPRequireTLS is set
to "yes".
<pre>
--- lib/Netdot/LDAP.pm.orig 2012-07-03 11:07:16.000000000 +0200
+++ lib/Netdot/LDAP.pm 2012-07-03 12:00:07.000000000 +0200
@@ -2,6 +2,7 @@ package Netdot::LDAP;
use strict;
use warnings;
use Net::LDAP;
+use Net::LDAP::Constant qw(LDAP_EXTENSION_START_TLS);
use Netdot::AuthLocal;
=head1 NAME
@@ -111,6 +112,23 @@ sub check_credentials {
}
}
+ # start TLS
+ my $scheme = $ldap->scheme();
+ my $dse = $ldap->root_dse();
+ my $does_support_tls = $dse->supported_extension(LDAP_EXTENSION_START_TLS);
+ my $require_tls = ($r->dir_config("NetdotLDAPRequireTLS") eq "yes")? 1 : 0;
+ if ( $scheme eq "ldap" && ( $require_tls || $does_support_tls ) ) {
+ my $tls = $ldap->start_tls();
+ if ( $tls->code ) {
+ if ( $require_tls ) {
+ $r->log_error("Netdot::LDAP::check_credentials: Failed to
start TLS, config requires TLS, cannot continue: " . $tls->error);
+ return 0;
+ } elsif ( $does_support_tls ) {
+ $r->log_warning("Netdot::LDAP::check_credentials: Failed to
start TLS although server advertises TLS support: " . $tls->error);
+ }
+ }
+ }
+
my $auth = $ldap->bind($user_dn, password=>$password);
if ( $auth->code ) {
$r->log_error("Netdot::LDAP::check_credentials: User $username failed
LDAP authentication: " . $auth->error);
</pre>
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://osl.uoregon.edu/redmine/my/account
------------------------------
Message: 2
Date: Mon, 8 Oct 2012 05:05:08 -0700
From: [email protected]
Subject: [Netdot-devel] [Netdot - Bug #1694] (New) Error committing
patch for Feature #1652
To: [email protected], [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset=utf-8
Issue #1694 has been reported by Nick Hilliard.
----------------------------------------
Bug #1694: Error committing patch for Feature #1652
https://osl.uoregon.edu/redmine/issues/1694
Author: Nick Hilliard
Status: New
Priority: High
Assignee:
Category: Netdot
Target version: 1.0.2
Resolution:
Oops, Maciej's patch for Feature #1652 was committed incorrectly
(commit:34644607), and the problem was compounded by commit:8344306b. I've
attached a patch to fix both of these problems.
The problem is that LDAP_EXTENSION_START_TLS is a constant, not a string token.
If it's passed into $dse->supported_extension() as a string token, then that
will always return false. It's necessary to pull in the constant definition for
LDAP_EXTENSION_START_TLS Net::LDAP::Constant first, but it looks like this was
missed in commit:34644607.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://osl.uoregon.edu/redmine/my/account
------------------------------
Message: 3
Date: Mon, 8 Oct 2012 05:58:43 -0700
From: [email protected]
Subject: [Netdot-devel] [SCM] Netdot branch netdot-1.0 updated.
netdot-1.0.1-80-gfade16b
To: [email protected]
Message-ID: <[email protected]>
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Netdot".
The branch, netdot-1.0 has been updated
via fade16b38ed091bec903ab74bf59a613490dd3c9 (commit)
from 15d7d49480c36632d18c904e159ba2f515f455d8 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit fade16b38ed091bec903ab74bf59a613490dd3c9
Author: Carlos Vicente <[email protected]>
Date: Mon Oct 8 08:57:54 2012 -0400
Fix for #1694: Error committing patch for Feature #1652
diff --git a/lib/Netdot/LDAP.pm b/lib/Netdot/LDAP.pm
index 8c344c1..5625db7 100644
--- a/lib/Netdot/LDAP.pm
+++ b/lib/Netdot/LDAP.pm
@@ -2,6 +2,7 @@ package Netdot::LDAP;
use strict;
use warnings;
use Net::LDAP;
+use Net::LDAP::Constant qw(LDAP_EXTENSION_START_TLS);
use Netdot::AuthLocal;
=head1 NAME
@@ -120,7 +121,7 @@ sub check_credentials {
# start TLS
my $scheme = $ldap->scheme();
my $dse = $ldap->root_dse();
- my $does_support_tls =
$dse->supported_extension('LDAP_EXTENSION_START_TLS');
+ my $does_support_tls = $dse->supported_extension(LDAP_EXTENSION_START_TLS);
my $require_tls = ($r->dir_config("NetdotLDAPRequireTLS") eq "yes")? 1 : 0;
if ( $scheme eq "ldap" && ( $require_tls || $does_support_tls ) ) {
my $tls = $ldap->start_tls();
-----------------------------------------------------------------------
Summary of changes:
lib/Netdot/LDAP.pm | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
hooks/post-receive
--
Netdot
------------------------------
Message: 4
Date: Mon, 8 Oct 2012 05:59:17 -0700
From: [email protected]
Subject: [Netdot-devel] [SCM] Netdot branch master updated.
netdot-1.0.1-91-gee1580e
To: [email protected]
Message-ID: <[email protected]>
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Netdot".
The branch, master has been updated
via ee1580e75e1dfe70d39449c721ac9e3c3ad99bfe (commit)
via fade16b38ed091bec903ab74bf59a613490dd3c9 (commit)
via 15d7d49480c36632d18c904e159ba2f515f455d8 (commit)
via c2596e976d483d98684d46698e3596ac3c5abf38 (commit)
from 3028142a05f9ee891e57e5db0398724abe79a96b (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ee1580e75e1dfe70d39449c721ac9e3c3ad99bfe
Merge: 3028142 fade16b
Author: Carlos Vicente <[email protected]>
Date: Mon Oct 8 08:58:31 2012 -0400
Merge branch 'netdot-1.0'
-----------------------------------------------------------------------
Summary of changes:
doc/UPGRADE | 57 +++++++++++++++++++++-------------------------------
lib/DBUTIL.pm | 2 +-
lib/Netdot/LDAP.pm | 3 +-
upgrade/Makefile | 2 +-
upgrade/updatedb | 11 ++++++++-
5 files changed, 36 insertions(+), 39 deletions(-)
hooks/post-receive
--
Netdot
------------------------------
Message: 5
Date: Mon, 8 Oct 2012 06:00:22 -0700
From: [email protected]
Subject: [Netdot-devel] [Netdot - Bug #1694] (Resolved) Error
committing patch for Feature #1652
To: [email protected], [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset=utf-8
Issue #1694 has been updated by Carlos Vicente.
Status changed from New to Resolved
Assignee set to Carlos Vicente
Resolution set to fixed
My bad for not checking. Thank you.
cv
----------------------------------------
Bug #1694: Error committing patch for Feature #1652
https://osl.uoregon.edu/redmine/issues/1694#change-2992
Author: Nick Hilliard
Status: Resolved
Priority: High
Assignee: Carlos Vicente
Category: Netdot
Target version: 1.0.2
Resolution: fixed
Oops, Maciej's patch for Feature #1652 was committed incorrectly
(commit:34644607), and the problem was compounded by commit:8344306b. I've
attached a patch to fix both of these problems.
The problem is that LDAP_EXTENSION_START_TLS is a constant, not a string token.
If it's passed into $dse->supported_extension() as a string token, then that
will always return false. It's necessary to pull in the constant definition for
LDAP_EXTENSION_START_TLS Net::LDAP::Constant first, but it looks like this was
missed in commit:34644607.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://osl.uoregon.edu/redmine/my/account
------------------------------
Message: 6
Date: Mon, 8 Oct 2012 06:26:17 -0700
From: [email protected]
Subject: [Netdot-devel] [SCM] Netdot annotated tag netdot-1.0.2
created. netdot-1.0.2
To: [email protected]
Message-ID: <[email protected]>
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Netdot".
The annotated tag, netdot-1.0.2 has been created
at 14dcb659f1cad69981c114892858bda863d945aa (tag)
tagging fade16b38ed091bec903ab74bf59a613490dd3c9 (commit)
replaces netdot-1.0.1
tagged by Carlos Vicente
on Mon Oct 8 09:25:26 2012 -0400
- Log -----------------------------------------------------------------
New release of the 1.0 branch
Carlos Vicente (80):
Fixed syntax error in Netdot::LDAP
Fixed bug in DhcpScope. Moving a subnet within a shared-network
complained about invalid IP version
Fix for #1681 (Netmask for default IPv4 Link Local ipblock is wrong)
Fix for #1678 (Latest OS warning false positive in Model/OS report)
Fix for #1676 (DNS Name Problems with suspicious characters #2)
Allow insertion of new A/AAAA record from ip.html page, even if name
already exists
Fixed incorrect comparison operator in Ipblock::get_roots
Changed how FWT and ARP tables are rotated. Copies of old tables will no
longer be kept in the DB.
Fixed missing value in host.html
Be selective about which IP tree version is rebuilt after importing DNS
records
Fixed typo in POD documentation
Show warning about deleting asset when deleting device
Fix for #1683 (Subnets not created on initial device discovery from web
UI)
Fixed problem when setting device site
Avoid duplicate errors when inserting Juniper modules
Find module asset from manufacturer different than device's
Updated manual to include PTR in list of supported DNS records
Support case insensitive searches when using Pg
Fix for #1673 (Problem with permissions on more specific Ipblocks)
Existing but available addresses not offered to regular user in manual
select option
Use faster Net::Patricia instead of Net::IPTrie
Moved a check that was in the wrong class. Affected IPv6 ND discovery on
ASA firewalls
Fixed bug in recursive edit of Ipblock parameters which caused unintended
changes. Added option for 'used_by' field too
Fixed bug affecting Pg when inserting ARP info in DB
Fix incorrect number of columns in subnet block view when masklen == 31
Remove unnecessary call to Class::DBI's _default_attributes()
A few corrections related to Net::Patricia use
Merge branch 'net-patricia' into netdot-1.0
Deal with vlan id == 0 from SNMP (#1687)
Added patched Net::Patricia to package
Correction to previous change
Minor correction in Device query
Fix for #1688 (unable to add PTR record after upgrade)
Deal with incomplete ipAdEntIfIndex info
Fixed problem with javascript path in IP recursive settings window
Make sure that SUBNET_AUTO_RESERVE option also works if updating status
to subnet, not just inserting a new block with subnet status
A few corrections
More corrections
Correction
Avoid alias RR to show as main record after adding in host.html
DNS name validation for regular users was applied in wrong places. Added
'*' as a valid character for DNS names (only admins can add)
Fix for #1690: Wrong name when adding same manufacturer with different
sysObjectOids
#1689: Site Type Model Report showing Unknown instead of the manufacturer
Small fix in SQL statement that affects Pg users
Fixed bug in asset search
Use bigserial instead of serial with Pg
Avoid errors from Pg when value for varchar field is too long
Fix for Bug #1675: Netdot 1.0.1 with localized PostgreSQL
Avoid trying to match specific errors from DB. It doesn't work in other
locales
Ignore em* interfaces from Juniper devices
Fix for 1691 (DeviceModule duplicates problem)
Change order of Asset display fields
Included aliases in Site label
Merge branch 'netdot-1.0' of
git+ssh://netdot.uoregon.edu//home/netdot/git/netdot into netdot-1.0
Updated unit tests for Ipblock
Several corrections to previous changes in Ipblock
Merge branch 'netdot-1.0' of
ssh://netdot.uoregon.edu//home/netdot/git/netdot into netdot-1.0
Fixes related to Foundry CLI interface
Cosmetic. Wrap some excessively long code lines
Fixed incorrect assignment of Product type
Minor correction
Fix for #1685 (interface description is added in wrong column)
Fix for #1684 (Custom attributes for subnets, containers, etc.)
Avoid bogus interfaces with number=0
Remove the requirement for sysServices
Fix POD
New DHCP subnet scopes were created with incorrect set of attributes due
to wrong version check
Updates to upgrade from 1.0.1 to 1.0.2
Corrections
Corrections
More corrections
Minor POD fixes
Remove obsolete module
Big POD documentation cleanup
Added config option to specify what % of missing interfaces is tolerated
for automated processes. Avoids problem of incorrectly deleting interfaces, ip
addresses and dns records due to a truncated SNMP response
Remove datacache contents while upgrading
Modified install script to deal with patched Net::Patricia
Corrections to upgrade script. Updated upgrade instructions
Fix for Bug #1693 (population of default_data fails due to incorrect path)
Fix for #1694: Error committing patch for Feature #1652
-----------------------------------------------------------------------
hooks/post-receive
--
Netdot
------------------------------
Message: 7
Date: Mon, 8 Oct 2012 06:40:32 -0700
From: [email protected]
Subject: [Netdot-devel] [Netdot] 'DownLoad' wiki page has been updated
To: [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset=utf-8
The 'DownLoad' wiki page has been updated by Carlos Vicente.
DownLoad:
https://osl.uoregon.edu/redmine/projects/netdot/wiki/DownLoad
View differences:
https://osl.uoregon.edu/redmine/projects/netdot/wiki/DownLoad/diff/49
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://osl.uoregon.edu/redmine/my/account
------------------------------
Message: 8
Date: Mon, 8 Oct 2012 06:41:01 -0700
From: [email protected]
Subject: [Netdot-devel] [Netdot] '102 ChangeLog' wiki page has been
added
To: [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset=utf-8
The '102 ChangeLog' wiki page has been added by Carlos Vicente.
https://osl.uoregon.edu/redmine/projects/netdot/wiki/102_ChangeLog
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://osl.uoregon.edu/redmine/my/account
------------------------------
Message: 9
Date: Mon, 08 Oct 2012 09:53:58 -0400
From: Carlos Vicente <[email protected]>
Subject: [Netdot-devel] Netdot 1.0.2 available for download
To: netdot-users <[email protected]>, netdot-devel
<[email protected]>, netdot-announce
<[email protected]>
Cc: "Steven G. Huter" <[email protected]>
Message-ID: <[email protected]>
Content-Type: text/plain; charset=ISO-8859-1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Netdot community,
Netdot 1.0.2 has been released:
https://osl.uoregon.edu/redmine/projects/netdot/wiki/Download
This release includes many bug fixes and some important performance
improvements.
A small schema change is necessary. Make sure to read doc/UPGRADE for
specific instructions.
For a complete list of changes since 1.0.1, please refer to:
https://osl.uoregon.edu/redmine/projects/netdot/wiki/102_ChangeLog
Many thanks to all of you who submitted bug reports, patches and
suggestions!
Please report any bugs via the Redmine interface (e-mail registration
required):
https://osl.uoregon.edu/redmine/projects/netdot/issues
Thank you,
The Netdot Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iD8DBQFQctr1DADXcoYj2ZwRAoRVAJ0YEJwZWuNBkIHXJkt6zCcf2w/fjACfVXTs
1rcNaDvbNhcaHU7ahMa1sG8=
=LhCn
-----END PGP SIGNATURE-----
------------------------------
_______________________________________________
Netdot-devel mailing list
[email protected]
https://osl.uoregon.edu/mailman/listinfo/netdot-devel
End of Netdot-devel Digest, Vol 67, Issue 9
*******************************************
