Martin Kosek wrote:
On Wed, 2011-10-12 at 23:54 -0400, Rob Crittenden wrote:
The has_upg() check was created during a transition period for 389-ds.
It is no longer needed and is actually breaking things. The location of
UPG template moved so it thinks the feature is not available. This is
making the primary user's group ipausers instead of the UPG.
rob
Shouldn't we remove has_managed_entries() and its use too? After all, we
claim that this patch fixes #1242 which asks for has_managed_entries()
removal.
Martin
Updated patch attached. It removes has_managed_entries().
rob
>From 0210fc24b555e054b92be25f90f3cc380138bbea Mon Sep 17 00:00:00 2001
From: Rob Crittenden <[email protected]>
Date: Wed, 12 Oct 2011 17:00:50 -0400
Subject: [PATCH] Disable has_upg() check. This was breaking gid == uid when
adding users.
The location of the UPG template moved which caused has_upg() to return
False so gid was not being set to uid.
Also remove the equivalent has_managed_entries() check in DS installer.
https://fedorahosted.org/freeipa/ticket/1964
https://fedorahosted.org/freeipa/ticket/1242
remove more
---
ipalib/plugins/user.py | 2 +-
ipaserver/install/dsinstance.py | 30 ------------------------------
ipaserver/plugins/ldap2.py | 21 ---------------------
3 files changed, 1 insertions(+), 52 deletions(-)
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index 35866d6..b905b7b 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -405,7 +405,7 @@ class user_add(LDAPCreate):
if 'gidnumber' not in entry_attrs:
# gidNumber wasn't specified explicity, find out what it should be
- if not options.get('noprivate', False) and ldap.has_upg():
+ if not options.get('noprivate', False):
# User Private Groups - uidNumber == gidNumber
entry_attrs['gidnumber'] = entry_attrs['uidnumber']
else:
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index cd2a216..809beee 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -110,26 +110,6 @@ def check_ports():
def is_ds_running():
return ipaservices.knownservices.dirsrv.is_running()
-def has_managed_entries(host_name, dm_password):
- """Check to see if the Managed Entries plugin is available"""
- ldapuri = 'ldap://%s' % ipautil.format_netloc(host_name)
- conn = None
- try:
- conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn='cn=config')
- conn.connect(bind_dn='cn=Directory Manager', bind_pw=dm_password)
- (dn, attrs) = conn.get_entry('cn=Managed Entries,cn=plugins',
- ['*'], time_limit=2, size_limit=3000)
- return True
- except errors.NotFound:
- return False
- except errors.ExecutionError, e:
- logging.critical("Could not connect to the Directory Server on %s" % host_name)
- raise e
- finally:
- if conn.isconnected():
- conn.disconnect()
-
-
INF_TEMPLATE = """
[General]
FullMachineName= $FQHN
@@ -455,8 +435,6 @@ class DsInstance(service.Service):
self._ldap_mod("unique-attributes.ldif", self.sub_dict)
def __config_uidgid_gen(self):
- if not has_managed_entries(self.fqdn, self.dm_password):
- raise errors.NotFound(reason='Missing Managed Entries Plugin')
self._ldap_mod("dna.ldif", self.sub_dict)
def __add_master_entry(self):
@@ -486,23 +464,15 @@ class DsInstance(service.Service):
self._ldap_mod("lockout-conf.ldif")
def __repoint_managed_entries(self):
- if not has_managed_entries(self.fqdn, self.dm_password):
- raise errors.NotFound(reason='Missing Managed Entries Plugin')
self._ldap_mod("repoint-managed-entries.ldif", self.sub_dict)
def __managed_entries(self):
- if not has_managed_entries(self.fqdn, self.dm_password):
- raise errors.NotFound(reason='Missing Managed Entries Plugin')
self._ldap_mod("managed-entries.ldif", self.sub_dict)
def __user_private_groups(self):
- if not has_managed_entries(self.fqdn, self.dm_password):
- raise errors.NotFound(reason='Missing Managed Entries Plugin')
self._ldap_mod("user_private_groups.ldif", self.sub_dict)
def __host_nis_groups(self):
- if not has_managed_entries(self.fqdn, self.dm_password):
- raise errors.NotFound(reason='Missing Managed Entries Plugin')
self._ldap_mod("host_nis_groups.ldif", self.sub_dict)
def __add_enrollment_module(self):
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index fddfe0f..9df9ce3 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -701,27 +701,6 @@ class ldap2(CrudBackend, Encoder):
else:
return self.schema
- def has_upg(self):
- """Returns True/False whether User-Private Groups are enabled.
- This is determined based on whether the UPG Template exists.
- We determine this at module load so we don't have to test for
- it every time.
- """
- global _upg
-
- if _upg is None:
- try:
- upg_entry = self.conn.search_s(
- 'cn=UPG Template,cn=etc,%s' % api.env.basedn,
- _ldap.SCOPE_BASE,
- attrlist=['*']
- )[0]
- _upg = True
- except _ldap.NO_SUCH_OBJECT, e:
- _upg = False
-
- return _upg
-
@encode_args(1, 2)
def get_effective_rights(self, dn, entry_attrs):
"""Returns the rights the currently bound user has for the given DN.
--
1.7.6
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
