Hello community,
here is the log from the commit of package yast2-ldap-client for
openSUSE:Factory
checked in at Thu Jun 9 09:23:20 CEST 2011.
--------
--- yast2-ldap-client/yast2-ldap-client.changes 2011-03-23 12:15:47.000000000
+0100
+++ /mounts/work_src_done/STABLE/yast2-ldap-client/yast2-ldap-client.changes
2011-06-07 11:58:28.000000000 +0200
@@ -1,0 +2,8 @@
+Tue Jun 7 11:55:14 CEST 2011 - jsuch...@suse.cz
+
+- make SSSD switch more prominent (fate#310820)
+- add options to set ldap_schema and enumerate in sssd.conf
+- adapted help texts
+- 2.21.5
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
yast2-ldap-client-2.21.4.tar.bz2
New:
----
yast2-ldap-client-2.21.5.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-ldap-client.spec ++++++
--- /var/tmp/diff_new_pack.wsQ8ul/_old 2011-06-09 09:22:41.000000000 +0200
+++ /var/tmp/diff_new_pack.wsQ8ul/_new 2011-06-09 09:22:41.000000000 +0200
@@ -19,16 +19,16 @@
Name: yast2-ldap-client
-Version: 2.21.4
+Version: 2.21.5
Release: 1
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-Source0: yast2-ldap-client-2.21.4.tar.bz2
+Source0: yast2-ldap-client-2.21.5.tar.bz2
Prefix: /usr
Group: System/YaST
-License: GPLv2+
+License: GPL v2 or later
BuildRequires: doxygen perl-XML-Writer update-desktop-files yast2
yast2-devtools yast2-network yast2-pam yast2-testsuite
PreReq: %fillup_prereq
@@ -58,7 +58,7 @@
OpenLDAP server will be used for user authentication.
%prep
-%setup -n yast2-ldap-client-2.21.4
+%setup -n yast2-ldap-client-2.21.5
%build
%{prefix}/bin/y2tool y2autoconf
++++++ yast2-ldap-client-2.21.4.tar.bz2 -> yast2-ldap-client-2.21.5.tar.bz2
++++++
++++ 2725 lines of diff (skipped)
++++ retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/yast2-ldap-client-2.21.4/VERSION new/yast2-ldap-client-2.21.5/VERSION
--- old/yast2-ldap-client-2.21.4/VERSION 2011-03-23 12:13:49.000000000
+0100
+++ new/yast2-ldap-client-2.21.5/VERSION 2011-06-07 11:55:36.000000000
+0200
@@ -1 +1 @@
-2.21.4
+2.21.5
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/yast2-ldap-client-2.21.4/configure.in
new/yast2-ldap-client-2.21.5/configure.in
--- old/yast2-ldap-client-2.21.4/configure.in 2011-01-21 14:41:38.000000000
+0100
+++ new/yast2-ldap-client-2.21.5/configure.in 2011-05-26 10:28:34.000000000
+0200
@@ -3,7 +3,7 @@
dnl -- This file is generated by y2autoconf 2.18.11 - DO NOT EDIT! --
dnl (edit configure.in.in instead)
-AC_INIT(yast2-ldap-client, 2.20.9, http://bugs.opensuse.org/,
yast2-ldap-client)
+AC_INIT(yast2-ldap-client, 2.21.4, http://bugs.opensuse.org/,
yast2-ldap-client)
dnl Check for presence of file 'RPMNAME'
AC_CONFIG_SRCDIR([RPMNAME])
@@ -18,7 +18,7 @@
AM_INIT_AUTOMAKE(tar-ustar -Wno-portability)
dnl Important YaST2 variables
-VERSION="2.20.9"
+VERSION="2.21.4"
RPMNAME="yast2-ldap-client"
MAINTAINER="Jiri Suchomel <jsuch...@suse.cz>"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/yast2-ldap-client-2.21.4/src/Ldap.ycp
new/yast2-ldap-client-2.21.5/src/Ldap.ycp
--- old/yast2-ldap-client-2.21.4/src/Ldap.ycp 2011-03-23 08:47:37.000000000
+0100
+++ new/yast2-ldap-client-2.21.5/src/Ldap.ycp 2011-06-07 11:56:03.000000000
+0200
@@ -5,7 +5,7 @@
* Authors: Thorsten Kukuk <ku...@suse.de>
* Anas Nashif <nas...@suse.de>
*
- * $Id: Ldap.ycp 63626 2011-03-23 07:47:34Z jsuchome $
+ * $Id: Ldap.ycp 64249 2011-06-07 09:56:02Z jsuchome $
*/
{
@@ -321,6 +321,12 @@
// adress of KDC (key distribution centre) server for default realm
global string krb5_kdcip = "";
+ // ldap_schema argument of /etc/sssd/sssd.conf
+ global string sssd_ldap_schema = "rfc2307bis";
+
+ // enumerate users/group
+ global boolean sssd_enumerate = false;
+
//----------------------------------------------------------------
/**
@@ -434,6 +440,9 @@
tls_checkpeer = settings ["tls_checkpeer"]:"yes";
mkhomedir = settings ["mkhomedir"]:mkhomedir;
sssd = settings ["sssd"]:sssd;
+ sssd_ldap_schema= settings ["sssd_ldap_schema"]:sssd_ldap_schema;
+ sssd_enumerate = settings ["sssd_enumerate"]:sssd_enumerate;
+ sssd_cache_credentials = settings
["sssd_cache_credentials"]:sssd_cache_credentials;
krb5_realm = settings ["krb5_realm"]:krb5_realm;
krb5_kdcip = settings ["krb5_kdcip"]:krb5_kdcip;
if (_start_autofs)
@@ -498,6 +507,12 @@
e["krb5_realm"] = krb5_realm;
if (krb5_kdcip != "")
e["krb5_kdcip"] = krb5_kdcip;
+ if (sssd_ldap_schema != "rfc2307bis")
+ e["sssd_ldap_schema"] = sssd_ldap_schema;
+ if (sssd_enumerate)
+ e["sssd_enumerate"] = sssd_enumerate;
+ if (sssd_cache_credentials)
+ e["sssd_cache_credentials"] = sssd_cache_credentials;
return e;
}
@@ -903,8 +918,16 @@
string kdc = (string) SCR::Read (add (domain,
"krb5_kdcip"));
if (kdc != nil)
krb5_kdcip = kdc;
+ string schema = (string) SCR::Read (add (domain,
"ldap_schema"));
+ if (schema != nil)
+ {
+ sssd_ldap_schema= schema;
+ }
- sssd_cache_credentials = SCR::Read (add (domain,
"cache_credentials")) == "True";
+ string cache_credentials = (string)SCR::Read (add (domain,
"cache_credentials"));
+ sssd_cache_credentials = cache_credentials != nil && tolower
(cache_credentials) == "true";
+ string enumerate = (string)SCR::Read (add (domain,
"enumerate"));
+ sssd_enumerate = enumerate != nil && tolower
(enumerate) == "true";
}
if (krb5_realm != "" && krb5_kdcip != "")
{
@@ -2113,12 +2136,13 @@
string uri = sformat ("ldap://%1";, String::FirstChunk (server, "
\t"));
SCR::Write (add (domain, "ldap_uri"), uri);
SCR::Write (add (domain, "ldap_search_base"), base_dn);
- SCR::Write (add (domain, "ldap_schema"), "rfc2307bis");
+ SCR::Write (add (domain, "ldap_schema"), sssd_ldap_schema);
SCR::Write (add (domain, "id_provider"), "ldap");
SCR::Write (add (domain, "ldap_user_uuid"), "entryuuid");
SCR::Write (add (domain, "ldap_group_uuid"), "entryuuid");
SCR::Write (add (domain, "ldap_id_use_start_tls"), ldap_tls ? "True" :
"False");
+ SCR::Write (add (domain, "enumerate"), sssd_enumerate ? "True" :
"False");
SCR::Write (add (domain, "cache_credentials"), sssd_cache_credentials ?
"True" : "False");
SCR::Write (add (domain, "ldap_tls_cacertdir"), tls_cacertdir == "" ?
nil : tls_cacertdir);
SCR::Write (add (domain, "ldap_tls_cacert"), tls_cacertfile == "" ? nil
: tls_cacertfile);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh
old/yast2-ldap-client-2.21.4/src/ui.ycp new/yast2-ldap-client-2.21.5/src/ui.ycp
--- old/yast2-ldap-client-2.21.4/src/ui.ycp 2011-03-23 11:41:00.000000000
+0100
+++ new/yast2-ldap-client-2.21.5/src/ui.ycp 2011-06-07 11:56:03.000000000
+0200
@@ -5,7 +5,7 @@
* Authors: Thorsten Kukuk <ku...@suse.de>
* Anas Nashif <nas...@suse.de>
*
- * $Id: ui.ycp 63351 2011-02-04 14:19:57Z jsuchome $
+ * $Id: ui.ycp 64249 2011-06-07 09:56:02Z jsuchome $
*
* All user interface functions.
*/
@@ -181,6 +181,9 @@
// help text 3.5/9
_("<p>To activate LDAP but forbid users from logging in to this
machine, select <b>Enable LDAP Users but Disable Logins</b>.</p>") +
+ // help text
+ _("<p>Check <b>Use System Security Services Daemon</b> if you want the
system to use SSSD instead of nss_ldap.</p>") +
+
// help text 4/9
_("<p>Enter the LDAP server's address (such as ldap.example.com or
10.20.0.2) in <b>Addresses</b> and the distinguished name of the search base
(<b>Base DN</b>, such as dc=example,dc=com). Specify multiple servers
by separating their addresses with spaces. It must be possible to resolve the
@@ -215,14 +218,13 @@
boolean installation =
Stage::cont () && !contains (WFM::Args (), "from_users");
boolean start = Ldap::start || installation;
-
+ boolean sssd = Ldap::sssd;
string base_dn = Ldap::GetBaseDN ();
string server = Ldap::server;
boolean ldap_tls = Ldap::ldap_tls || Ldap::sssd; // force TLS to
true if sssd is used
string tls_checkpeer = Ldap::tls_checkpeer;
boolean login_enabled = Ldap::login_enabled;
string certTmpFile = sformat ("%1/__LDAPcert.crt",
Directory::tmpdir);
- boolean sssd_cache_credentials = Ldap::sssd_cache_credentials;
boolean autofs = Ldap::_start_autofs;
term autofs_con = `Empty ();
if (Ldap::_autofs_allowed)
@@ -263,6 +265,11 @@
start && !login_enabled))
)))
),
+ `VSpacing (0.4),
+ `Left (`CheckBox (`id (`sssd), `opt (`notify),
+ // checkbox label
+ _("Use S&ystem Security Services Daemon (SSSD)"), sssd
+ )),
`VSpacing (0.4)
))),
`VSpacing (0.4),
@@ -302,8 +309,6 @@
), `HSpacing (0.5))),
autofs_con,
mkhomedir_term,
- // check box label
- `Left (`CheckBox (`id (`sssd_cache_credentials), _("SSSD O&ffline
Authentication"), sssd_cache_credentials)),
`VSpacing(0.4),
// pushbutton label
`PushButton (`id(`advanced), _("&Advanced Configuration..."))
@@ -323,9 +328,8 @@
UI::ChangeWidget (`id(`server),`ValidChars, Address::ValidChars + " ");
UI::ChangeWidget (`id(`import_cert),`Enabled, ldap_tls);
- UI::ChangeWidget (`id(`sssd_cache_credentials),`Enabled, Ldap::sssd);
// do not alow to turn off TLS when SSSD is used
- UI::ChangeWidget (`id (`ldaps), `Enabled, !Ldap::sssd);
+ UI::ChangeWidget (`id (`ldaps), `Enabled, !sssd);
symbol result = `not_next;
do {
@@ -335,13 +339,17 @@
start = (rb != `ldapno);
login_enabled = (rb != `ldapnologin);
+ sssd = (boolean) UI::QueryWidget (`id (`sssd), `Value);
server = (string) UI::QueryWidget(`id(`server), `Value);
ldap_tls = (boolean) UI::QueryWidget(`id(`ldaps), `Value);
mkhomedir = (boolean) UI::QueryWidget (`id(`mkhomedir),`Value);
- sssd_cache_credentials =
- (boolean) UI::QueryWidget
(`id(`sssd_cache_credentials), `Value);
UI::ChangeWidget (`id(`import_cert), `Enabled, ldap_tls);
+ if (result == `sssd)
+ {
+ UI::ChangeWidget (`id (`ldaps), `Enabled, !sssd);
+ }
+
if (result == `slp)
{
string srv = "";
@@ -555,7 +563,8 @@
Ldap::ldap_tls != ldap_tls || Ldap::_start_autofs != autofs ||
Ldap::login_enabled != login_enabled ||
Ldap::mkhomedir != mkhomedir ||
- Ldap::sssd_cache_credentials != sssd_cache_credentials)
+ Ldap::sssd != sssd
+ )
{
if (result == `next)
{
@@ -610,7 +619,7 @@
Ldap::_start_autofs = autofs;
Ldap::login_enabled = login_enabled;
Ldap::mkhomedir = mkhomedir;
- Ldap::sssd_cache_credentials = sssd_cache_credentials;
+ Ldap::sssd = sssd;
Ldap::modified = true;
}
}
@@ -629,11 +638,19 @@
// help text caption 1
_("<p><b>Advanced LDAP Client Settings</b></p>") +
+ (Ldap::sssd ?
+
+ // help text 1/3
+ _("<p>If Kerberos authentication should be used, specify the <b>realm</b>
and <b>KDC Address</b>.
+Determine if user credentials should be cached localy by checking <b>SSSD
Offline Authentication</b>.
+For more info about SSSD settings, check the man page of
<tt>sssd.conf</tt>.</p>
+") :
+
// help text 1/3
_("<p>Specify the search bases to use for specific maps (users, passwords,
and groups) if they are different from the base DN. These values are
set to the nss_base_passwd, nss_base_shadow, and nss_base_group attributes
in /etc/ldap.conf file.</p>
-") +
+")) +
// help text 2/3
_("<p><b>Password Change Protocol</b> refers to the pam_password attribute
of the <tt>/etc/ldap.conf</tt> file. See <tt>man pam_ldap</tt> for the meaning
of its values.</p>") +
@@ -712,10 +729,12 @@
boolean ldap_v2 = Ldap::ldap_v2;
string tls_cacertdir = Ldap::tls_cacertdir;
string tls_cacertfile = Ldap::tls_cacertfile;
- boolean sssd = Ldap::sssd;
string krb5_realm = Ldap::krb5_realm;
string krb5_kdcip = Ldap::krb5_kdcip;
boolean sssd_with_krb = Ldap::sssd_with_krb;
+ string sssd_ldap_schema = Ldap::sssd_ldap_schema;
+ boolean sssd_enumerate = Ldap::sssd_enumerate;
+ boolean sssd_cache_credentials = Ldap::sssd_cache_credentials;
list<term>member_attributes = [
`item (`id("member"), "member", member_attribute == "member"),
@@ -747,6 +766,10 @@
`item (`id (it), it, it == pam_password)
))
);
+ list<string> ldap_schemas = [
+ "rfc2307",
+ "rfc2307bis"
+ ];
list ppolicy_list = [];
@@ -876,14 +899,34 @@
term get_frame_krb () {
return
// frame label
- `Frame (_("Basic Kerberos Settings"), `HBox (`HSpacing (1), `VBox (
+ `Frame (_("Basic SSSD Settings"), `HBox (`HSpacing (1), `VBox (
// checkbox label
`Left (`CheckBox (`id (`sssd_with_krb), `opt (`notify), _("&Use
Kerberos"), sssd_with_krb)),
`VSpacing(0.4),
- // textentry label
- `TextEntry (`id (`krb5_realm), _("Default Real&m"), krb5_realm),
- // textentry label
- `TextEntry (`id (`krb5_kdcip), _("&KDC Server Address"),
krb5_kdcip),
+ `HBox (
+ // textentry label
+ `TextEntry (`id (`krb5_realm), _("Default Real&m"),
krb5_realm),
+ // textentry label
+ `TextEntry (`id (`krb5_kdcip), _("&KDC Server Address"),
krb5_kdcip)
+ ),
+ // combobox label
+ `ComboBox (`id (`sssd_ldap_schema), `opt (`notify, `hstretch),
_("LDAP Schema"),
+ maplist (string s, ldap_schemas, ``(`item (`id (s), s,
s == sssd_ldap_schema)))
+ ),
+ `VSpacing (0.4),
+ `HBox (
+ `HSpacing (0.4),
+ // checkbox label
+ `Left (`CheckBox (`id (`sssd_enumerate), _("Enable user and
group enumeration"),
+ sssd_enumerate))
+ ),
+ `VSpacing (0.4),
+ `HBox (
+ `HSpacing (0.4),
+ // check box label
+ `Left (`CheckBox (`id (`sssd_cache_credentials), _("SSSD
O&ffline Authentication"),
+ sssd_cache_credentials))
+ ),
`VSpacing (0.4)
), `HSpacing (1)));
}
@@ -892,14 +935,11 @@
term cont = `Top (`HBox(`HSpacing (5), `VBox(
`VSpacing(0.4),
- `Left (`CheckBox (`id (`sssd), `opt (`notify), _("Use S&ystem
Security Services Daemon (SSSD)"), sssd)),
- `VSpacing(0.4),
- `ReplacePoint (`id (`rp_frame), `VBox (sssd ? get_frame_krb () :
get_frame_nss ())),
+ `VBox (Ldap::sssd ? get_frame_krb () : get_frame_nss ()),
`VSpacing (0.4),
`ComboBox (`id (`pam_password), `opt(`notify,`hstretch,`editable),
// combobox label
_("Passwor&d Change Protocol"), pam_password_items),
- `VSpacing(0.4),
`ComboBox (`id (`group_style), `opt (`notify, `hstretch),
// combobox label
_("Group Member &Attribute"), member_attributes),
@@ -933,7 +973,7 @@
UI::ReplaceWidget (`tabContents, cont);
if (has_tabs)
UI::ChangeWidget (`id (`tabs), `CurrentItem, `client);
- if (sssd)
+ if (Ldap::sssd)
{
UI::ChangeWidget (`id (`krb5_realm), `Enabled, sssd_with_krb);
UI::ChangeWidget (`id (`krb5_kdcip), `Enabled, sssd_with_krb);
@@ -1034,12 +1074,18 @@
{
member_attribute =(string)UI::QueryWidget(`id(`group_style),`Value);
- if (sssd)
+ if (Ldap::sssd)
{
krb5_realm = (string)
UI::QueryWidget (`id (`krb5_realm), `Value);
krb5_kdcip = (string)
UI::QueryWidget (`id (`krb5_kdcip), `Value);
+ sssd_cache_credentials = (boolean)
+ UI::QueryWidget (`id (`sssd_cache_credentials), `Value);
+ sssd_enumerate = (boolean)
+ UI::QueryWidget (`id (`sssd_enumerate), `Value);
+ sssd_ldap_schema= (string)
+ UI::QueryWidget (`id (`sssd_ldap_schema), `Value);
}
else
{
@@ -1110,11 +1156,6 @@
UI::ChangeWidget (`id(br2entry[result]:nil), `Value, dn);
}
}
- if (result == `sssd)
- {
- sssd = (boolean) UI::QueryWidget (`id (`sssd), `Value);
- UI::ReplaceWidget (`id (`rp_frame), sssd ? get_frame_krb () :
get_frame_nss ());
- }
if (result == `sssd_with_krb)
{
sssd_with_krb = (boolean) UI::QueryWidget (`id
(`sssd_with_krb), `Value);
@@ -1295,7 +1336,7 @@
Ldap::ppolicies[dn] = pp;
}
});
- if (krb5_realm == "" || krb5_kdcip == "" || !sssd)
+ if (krb5_realm == "" || krb5_kdcip == "" || !Ldap::sssd)
sssd_with_krb = false;
if (Ldap::GetMainConfigDN() != base_config_dn ||
@@ -1310,9 +1351,11 @@
Ldap::ldap_v2 != ldap_v2 ||
Ldap::tls_cacertdir != tls_cacertdir ||
Ldap::tls_cacertfile != tls_cacertfile ||
- Ldap::sssd != sssd ||
Ldap::krb5_realm != krb5_realm ||
- Ldap::krb5_kdcip != krb5_kdcip
+ Ldap::krb5_kdcip != krb5_kdcip ||
+ Ldap::sssd_cache_credentials != sssd_cache_credentials ||
+ Ldap::sssd_enumerate != sssd_enumerate ||
+ Ldap::sssd_ldap_schema != sssd_ldap_schema
)
{
Ldap::bind_dn = bind_dn;
@@ -1327,10 +1370,12 @@
Ldap::ldap_v2 = ldap_v2;
Ldap::tls_cacertdir = tls_cacertdir;
Ldap::tls_cacertfile = tls_cacertfile;
- Ldap::sssd = sssd;
Ldap::krb5_realm = krb5_realm;
Ldap::krb5_kdcip = krb5_kdcip;
Ldap::sssd_with_krb = sssd_with_krb;
+ Ldap::sssd_cache_credentials = sssd_cache_credentials;
+ Ldap::sssd_enumerate = sssd_enumerate;
+ Ldap::sssd_ldap_schema = sssd_ldap_schema;
Ldap::modified = true;
}
break;
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
