Hello community, here is the log from the commit of package yast2-ldap-client for openSUSE:Factory checked in at Thu Jun 9 09:23:20 CEST 2011.
-------- --- yast2-ldap-client/yast2-ldap-client.changes 2011-03-23 12:15:47.000000000 +0100 +++ /mounts/work_src_done/STABLE/yast2-ldap-client/yast2-ldap-client.changes 2011-06-07 11:58:28.000000000 +0200 @@ -1,0 +2,8 @@ +Tue Jun 7 11:55:14 CEST 2011 - jsuch...@suse.cz + +- make SSSD switch more prominent (fate#310820) +- add options to set ldap_schema and enumerate in sssd.conf +- adapted help texts +- 2.21.5 + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- yast2-ldap-client-2.21.4.tar.bz2 New: ---- yast2-ldap-client-2.21.5.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2-ldap-client.spec ++++++ --- /var/tmp/diff_new_pack.wsQ8ul/_old 2011-06-09 09:22:41.000000000 +0200 +++ /var/tmp/diff_new_pack.wsQ8ul/_new 2011-06-09 09:22:41.000000000 +0200 @@ -19,16 +19,16 @@ Name: yast2-ldap-client -Version: 2.21.4 +Version: 2.21.5 Release: 1 BuildRoot: %{_tmppath}/%{name}-%{version}-build -Source0: yast2-ldap-client-2.21.4.tar.bz2 +Source0: yast2-ldap-client-2.21.5.tar.bz2 Prefix: /usr Group: System/YaST -License: GPLv2+ +License: GPL v2 or later BuildRequires: doxygen perl-XML-Writer update-desktop-files yast2 yast2-devtools yast2-network yast2-pam yast2-testsuite PreReq: %fillup_prereq @@ -58,7 +58,7 @@ OpenLDAP server will be used for user authentication. %prep -%setup -n yast2-ldap-client-2.21.4 +%setup -n yast2-ldap-client-2.21.5 %build %{prefix}/bin/y2tool y2autoconf ++++++ yast2-ldap-client-2.21.4.tar.bz2 -> yast2-ldap-client-2.21.5.tar.bz2 ++++++ ++++ 2725 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-ldap-client-2.21.4/VERSION new/yast2-ldap-client-2.21.5/VERSION --- old/yast2-ldap-client-2.21.4/VERSION 2011-03-23 12:13:49.000000000 +0100 +++ new/yast2-ldap-client-2.21.5/VERSION 2011-06-07 11:55:36.000000000 +0200 @@ -1 +1 @@ -2.21.4 +2.21.5 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-ldap-client-2.21.4/configure.in new/yast2-ldap-client-2.21.5/configure.in --- old/yast2-ldap-client-2.21.4/configure.in 2011-01-21 14:41:38.000000000 +0100 +++ new/yast2-ldap-client-2.21.5/configure.in 2011-05-26 10:28:34.000000000 +0200 @@ -3,7 +3,7 @@ dnl -- This file is generated by y2autoconf 2.18.11 - DO NOT EDIT! -- dnl (edit configure.in.in instead) -AC_INIT(yast2-ldap-client, 2.20.9, http://bugs.opensuse.org/, yast2-ldap-client) +AC_INIT(yast2-ldap-client, 2.21.4, http://bugs.opensuse.org/, yast2-ldap-client) dnl Check for presence of file 'RPMNAME' AC_CONFIG_SRCDIR([RPMNAME]) @@ -18,7 +18,7 @@ AM_INIT_AUTOMAKE(tar-ustar -Wno-portability) dnl Important YaST2 variables -VERSION="2.20.9" +VERSION="2.21.4" RPMNAME="yast2-ldap-client" MAINTAINER="Jiri Suchomel <jsuch...@suse.cz>" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-ldap-client-2.21.4/src/Ldap.ycp new/yast2-ldap-client-2.21.5/src/Ldap.ycp --- old/yast2-ldap-client-2.21.4/src/Ldap.ycp 2011-03-23 08:47:37.000000000 +0100 +++ new/yast2-ldap-client-2.21.5/src/Ldap.ycp 2011-06-07 11:56:03.000000000 +0200 @@ -5,7 +5,7 @@ * Authors: Thorsten Kukuk <ku...@suse.de> * Anas Nashif <nas...@suse.de> * - * $Id: Ldap.ycp 63626 2011-03-23 07:47:34Z jsuchome $ + * $Id: Ldap.ycp 64249 2011-06-07 09:56:02Z jsuchome $ */ { @@ -321,6 +321,12 @@ // adress of KDC (key distribution centre) server for default realm global string krb5_kdcip = ""; + // ldap_schema argument of /etc/sssd/sssd.conf + global string sssd_ldap_schema = "rfc2307bis"; + + // enumerate users/group + global boolean sssd_enumerate = false; + //---------------------------------------------------------------- /** @@ -434,6 +440,9 @@ tls_checkpeer = settings ["tls_checkpeer"]:"yes"; mkhomedir = settings ["mkhomedir"]:mkhomedir; sssd = settings ["sssd"]:sssd; + sssd_ldap_schema= settings ["sssd_ldap_schema"]:sssd_ldap_schema; + sssd_enumerate = settings ["sssd_enumerate"]:sssd_enumerate; + sssd_cache_credentials = settings ["sssd_cache_credentials"]:sssd_cache_credentials; krb5_realm = settings ["krb5_realm"]:krb5_realm; krb5_kdcip = settings ["krb5_kdcip"]:krb5_kdcip; if (_start_autofs) @@ -498,6 +507,12 @@ e["krb5_realm"] = krb5_realm; if (krb5_kdcip != "") e["krb5_kdcip"] = krb5_kdcip; + if (sssd_ldap_schema != "rfc2307bis") + e["sssd_ldap_schema"] = sssd_ldap_schema; + if (sssd_enumerate) + e["sssd_enumerate"] = sssd_enumerate; + if (sssd_cache_credentials) + e["sssd_cache_credentials"] = sssd_cache_credentials; return e; } @@ -903,8 +918,16 @@ string kdc = (string) SCR::Read (add (domain, "krb5_kdcip")); if (kdc != nil) krb5_kdcip = kdc; + string schema = (string) SCR::Read (add (domain, "ldap_schema")); + if (schema != nil) + { + sssd_ldap_schema= schema; + } - sssd_cache_credentials = SCR::Read (add (domain, "cache_credentials")) == "True"; + string cache_credentials = (string)SCR::Read (add (domain, "cache_credentials")); + sssd_cache_credentials = cache_credentials != nil && tolower (cache_credentials) == "true"; + string enumerate = (string)SCR::Read (add (domain, "enumerate")); + sssd_enumerate = enumerate != nil && tolower (enumerate) == "true"; } if (krb5_realm != "" && krb5_kdcip != "") { @@ -2113,12 +2136,13 @@ string uri = sformat ("ldap://%1", String::FirstChunk (server, " \t")); SCR::Write (add (domain, "ldap_uri"), uri); SCR::Write (add (domain, "ldap_search_base"), base_dn); - SCR::Write (add (domain, "ldap_schema"), "rfc2307bis"); + SCR::Write (add (domain, "ldap_schema"), sssd_ldap_schema); SCR::Write (add (domain, "id_provider"), "ldap"); SCR::Write (add (domain, "ldap_user_uuid"), "entryuuid"); SCR::Write (add (domain, "ldap_group_uuid"), "entryuuid"); SCR::Write (add (domain, "ldap_id_use_start_tls"), ldap_tls ? "True" : "False"); + SCR::Write (add (domain, "enumerate"), sssd_enumerate ? "True" : "False"); SCR::Write (add (domain, "cache_credentials"), sssd_cache_credentials ? "True" : "False"); SCR::Write (add (domain, "ldap_tls_cacertdir"), tls_cacertdir == "" ? nil : tls_cacertdir); SCR::Write (add (domain, "ldap_tls_cacert"), tls_cacertfile == "" ? nil : tls_cacertfile); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-ldap-client-2.21.4/src/ui.ycp new/yast2-ldap-client-2.21.5/src/ui.ycp --- old/yast2-ldap-client-2.21.4/src/ui.ycp 2011-03-23 11:41:00.000000000 +0100 +++ new/yast2-ldap-client-2.21.5/src/ui.ycp 2011-06-07 11:56:03.000000000 +0200 @@ -5,7 +5,7 @@ * Authors: Thorsten Kukuk <ku...@suse.de> * Anas Nashif <nas...@suse.de> * - * $Id: ui.ycp 63351 2011-02-04 14:19:57Z jsuchome $ + * $Id: ui.ycp 64249 2011-06-07 09:56:02Z jsuchome $ * * All user interface functions. */ @@ -181,6 +181,9 @@ // help text 3.5/9 _("<p>To activate LDAP but forbid users from logging in to this machine, select <b>Enable LDAP Users but Disable Logins</b>.</p>") + + // help text + _("<p>Check <b>Use System Security Services Daemon</b> if you want the system to use SSSD instead of nss_ldap.</p>") + + // help text 4/9 _("<p>Enter the LDAP server's address (such as ldap.example.com or 10.20.0.2) in <b>Addresses</b> and the distinguished name of the search base (<b>Base DN</b>, such as dc=example,dc=com). Specify multiple servers by separating their addresses with spaces. It must be possible to resolve the @@ -215,14 +218,13 @@ boolean installation = Stage::cont () && !contains (WFM::Args (), "from_users"); boolean start = Ldap::start || installation; - + boolean sssd = Ldap::sssd; string base_dn = Ldap::GetBaseDN (); string server = Ldap::server; boolean ldap_tls = Ldap::ldap_tls || Ldap::sssd; // force TLS to true if sssd is used string tls_checkpeer = Ldap::tls_checkpeer; boolean login_enabled = Ldap::login_enabled; string certTmpFile = sformat ("%1/__LDAPcert.crt", Directory::tmpdir); - boolean sssd_cache_credentials = Ldap::sssd_cache_credentials; boolean autofs = Ldap::_start_autofs; term autofs_con = `Empty (); if (Ldap::_autofs_allowed) @@ -263,6 +265,11 @@ start && !login_enabled)) ))) ), + `VSpacing (0.4), + `Left (`CheckBox (`id (`sssd), `opt (`notify), + // checkbox label + _("Use S&ystem Security Services Daemon (SSSD)"), sssd + )), `VSpacing (0.4) ))), `VSpacing (0.4), @@ -302,8 +309,6 @@ ), `HSpacing (0.5))), autofs_con, mkhomedir_term, - // check box label - `Left (`CheckBox (`id (`sssd_cache_credentials), _("SSSD O&ffline Authentication"), sssd_cache_credentials)), `VSpacing(0.4), // pushbutton label `PushButton (`id(`advanced), _("&Advanced Configuration...")) @@ -323,9 +328,8 @@ UI::ChangeWidget (`id(`server),`ValidChars, Address::ValidChars + " "); UI::ChangeWidget (`id(`import_cert),`Enabled, ldap_tls); - UI::ChangeWidget (`id(`sssd_cache_credentials),`Enabled, Ldap::sssd); // do not alow to turn off TLS when SSSD is used - UI::ChangeWidget (`id (`ldaps), `Enabled, !Ldap::sssd); + UI::ChangeWidget (`id (`ldaps), `Enabled, !sssd); symbol result = `not_next; do { @@ -335,13 +339,17 @@ start = (rb != `ldapno); login_enabled = (rb != `ldapnologin); + sssd = (boolean) UI::QueryWidget (`id (`sssd), `Value); server = (string) UI::QueryWidget(`id(`server), `Value); ldap_tls = (boolean) UI::QueryWidget(`id(`ldaps), `Value); mkhomedir = (boolean) UI::QueryWidget (`id(`mkhomedir),`Value); - sssd_cache_credentials = - (boolean) UI::QueryWidget (`id(`sssd_cache_credentials), `Value); UI::ChangeWidget (`id(`import_cert), `Enabled, ldap_tls); + if (result == `sssd) + { + UI::ChangeWidget (`id (`ldaps), `Enabled, !sssd); + } + if (result == `slp) { string srv = ""; @@ -555,7 +563,8 @@ Ldap::ldap_tls != ldap_tls || Ldap::_start_autofs != autofs || Ldap::login_enabled != login_enabled || Ldap::mkhomedir != mkhomedir || - Ldap::sssd_cache_credentials != sssd_cache_credentials) + Ldap::sssd != sssd + ) { if (result == `next) { @@ -610,7 +619,7 @@ Ldap::_start_autofs = autofs; Ldap::login_enabled = login_enabled; Ldap::mkhomedir = mkhomedir; - Ldap::sssd_cache_credentials = sssd_cache_credentials; + Ldap::sssd = sssd; Ldap::modified = true; } } @@ -629,11 +638,19 @@ // help text caption 1 _("<p><b>Advanced LDAP Client Settings</b></p>") + + (Ldap::sssd ? + + // help text 1/3 + _("<p>If Kerberos authentication should be used, specify the <b>realm</b> and <b>KDC Address</b>. +Determine if user credentials should be cached localy by checking <b>SSSD Offline Authentication</b>. +For more info about SSSD settings, check the man page of <tt>sssd.conf</tt>.</p> +") : + // help text 1/3 _("<p>Specify the search bases to use for specific maps (users, passwords, and groups) if they are different from the base DN. These values are set to the nss_base_passwd, nss_base_shadow, and nss_base_group attributes in /etc/ldap.conf file.</p> -") + +")) + // help text 2/3 _("<p><b>Password Change Protocol</b> refers to the pam_password attribute of the <tt>/etc/ldap.conf</tt> file. See <tt>man pam_ldap</tt> for the meaning of its values.</p>") + @@ -712,10 +729,12 @@ boolean ldap_v2 = Ldap::ldap_v2; string tls_cacertdir = Ldap::tls_cacertdir; string tls_cacertfile = Ldap::tls_cacertfile; - boolean sssd = Ldap::sssd; string krb5_realm = Ldap::krb5_realm; string krb5_kdcip = Ldap::krb5_kdcip; boolean sssd_with_krb = Ldap::sssd_with_krb; + string sssd_ldap_schema = Ldap::sssd_ldap_schema; + boolean sssd_enumerate = Ldap::sssd_enumerate; + boolean sssd_cache_credentials = Ldap::sssd_cache_credentials; list<term>member_attributes = [ `item (`id("member"), "member", member_attribute == "member"), @@ -747,6 +766,10 @@ `item (`id (it), it, it == pam_password) )) ); + list<string> ldap_schemas = [ + "rfc2307", + "rfc2307bis" + ]; list ppolicy_list = []; @@ -876,14 +899,34 @@ term get_frame_krb () { return // frame label - `Frame (_("Basic Kerberos Settings"), `HBox (`HSpacing (1), `VBox ( + `Frame (_("Basic SSSD Settings"), `HBox (`HSpacing (1), `VBox ( // checkbox label `Left (`CheckBox (`id (`sssd_with_krb), `opt (`notify), _("&Use Kerberos"), sssd_with_krb)), `VSpacing(0.4), - // textentry label - `TextEntry (`id (`krb5_realm), _("Default Real&m"), krb5_realm), - // textentry label - `TextEntry (`id (`krb5_kdcip), _("&KDC Server Address"), krb5_kdcip), + `HBox ( + // textentry label + `TextEntry (`id (`krb5_realm), _("Default Real&m"), krb5_realm), + // textentry label + `TextEntry (`id (`krb5_kdcip), _("&KDC Server Address"), krb5_kdcip) + ), + // combobox label + `ComboBox (`id (`sssd_ldap_schema), `opt (`notify, `hstretch), _("LDAP Schema"), + maplist (string s, ldap_schemas, ``(`item (`id (s), s, s == sssd_ldap_schema))) + ), + `VSpacing (0.4), + `HBox ( + `HSpacing (0.4), + // checkbox label + `Left (`CheckBox (`id (`sssd_enumerate), _("Enable user and group enumeration"), + sssd_enumerate)) + ), + `VSpacing (0.4), + `HBox ( + `HSpacing (0.4), + // check box label + `Left (`CheckBox (`id (`sssd_cache_credentials), _("SSSD O&ffline Authentication"), + sssd_cache_credentials)) + ), `VSpacing (0.4) ), `HSpacing (1))); } @@ -892,14 +935,11 @@ term cont = `Top (`HBox(`HSpacing (5), `VBox( `VSpacing(0.4), - `Left (`CheckBox (`id (`sssd), `opt (`notify), _("Use S&ystem Security Services Daemon (SSSD)"), sssd)), - `VSpacing(0.4), - `ReplacePoint (`id (`rp_frame), `VBox (sssd ? get_frame_krb () : get_frame_nss ())), + `VBox (Ldap::sssd ? get_frame_krb () : get_frame_nss ()), `VSpacing (0.4), `ComboBox (`id (`pam_password), `opt(`notify,`hstretch,`editable), // combobox label _("Passwor&d Change Protocol"), pam_password_items), - `VSpacing(0.4), `ComboBox (`id (`group_style), `opt (`notify, `hstretch), // combobox label _("Group Member &Attribute"), member_attributes), @@ -933,7 +973,7 @@ UI::ReplaceWidget (`tabContents, cont); if (has_tabs) UI::ChangeWidget (`id (`tabs), `CurrentItem, `client); - if (sssd) + if (Ldap::sssd) { UI::ChangeWidget (`id (`krb5_realm), `Enabled, sssd_with_krb); UI::ChangeWidget (`id (`krb5_kdcip), `Enabled, sssd_with_krb); @@ -1034,12 +1074,18 @@ { member_attribute =(string)UI::QueryWidget(`id(`group_style),`Value); - if (sssd) + if (Ldap::sssd) { krb5_realm = (string) UI::QueryWidget (`id (`krb5_realm), `Value); krb5_kdcip = (string) UI::QueryWidget (`id (`krb5_kdcip), `Value); + sssd_cache_credentials = (boolean) + UI::QueryWidget (`id (`sssd_cache_credentials), `Value); + sssd_enumerate = (boolean) + UI::QueryWidget (`id (`sssd_enumerate), `Value); + sssd_ldap_schema= (string) + UI::QueryWidget (`id (`sssd_ldap_schema), `Value); } else { @@ -1110,11 +1156,6 @@ UI::ChangeWidget (`id(br2entry[result]:nil), `Value, dn); } } - if (result == `sssd) - { - sssd = (boolean) UI::QueryWidget (`id (`sssd), `Value); - UI::ReplaceWidget (`id (`rp_frame), sssd ? get_frame_krb () : get_frame_nss ()); - } if (result == `sssd_with_krb) { sssd_with_krb = (boolean) UI::QueryWidget (`id (`sssd_with_krb), `Value); @@ -1295,7 +1336,7 @@ Ldap::ppolicies[dn] = pp; } }); - if (krb5_realm == "" || krb5_kdcip == "" || !sssd) + if (krb5_realm == "" || krb5_kdcip == "" || !Ldap::sssd) sssd_with_krb = false; if (Ldap::GetMainConfigDN() != base_config_dn || @@ -1310,9 +1351,11 @@ Ldap::ldap_v2 != ldap_v2 || Ldap::tls_cacertdir != tls_cacertdir || Ldap::tls_cacertfile != tls_cacertfile || - Ldap::sssd != sssd || Ldap::krb5_realm != krb5_realm || - Ldap::krb5_kdcip != krb5_kdcip + Ldap::krb5_kdcip != krb5_kdcip || + Ldap::sssd_cache_credentials != sssd_cache_credentials || + Ldap::sssd_enumerate != sssd_enumerate || + Ldap::sssd_ldap_schema != sssd_ldap_schema ) { Ldap::bind_dn = bind_dn; @@ -1327,10 +1370,12 @@ Ldap::ldap_v2 = ldap_v2; Ldap::tls_cacertdir = tls_cacertdir; Ldap::tls_cacertfile = tls_cacertfile; - Ldap::sssd = sssd; Ldap::krb5_realm = krb5_realm; Ldap::krb5_kdcip = krb5_kdcip; Ldap::sssd_with_krb = sssd_with_krb; + Ldap::sssd_cache_credentials = sssd_cache_credentials; + Ldap::sssd_enumerate = sssd_enumerate; + Ldap::sssd_ldap_schema = sssd_ldap_schema; Ldap::modified = true; } break; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org