IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

OpenLDAP 2.6+: use only -H option to specify LDAP url

Browse Source 
OpenLDAP 2.6+ finally deprecated -h and -p options in all its command
line tools. They are not allowed anymore and cause ldap* tools to stop
hard with 'unknown option' error.

Fix this by always using -H url option instead. Deriving default value
for -H url from the configuration file still works, it is only -h and -p
that were deprecated.

See also: https://bugs.openldap.org/show_bug.cgi?id=8618

Fixes: https://pagure.io/freeipa/issue/9106

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
This commit is contained in:
Alexander Bokovoy 2022-02-07 08:42:40 +02:00
parent 3c1f4ba995
commit c93fa491f6
7 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ipaclient/remote_plugins/2_114/sudorule.py
View File

@ -41,7 +41,9 @@ IPA provides a designated binddn to use with Sudo located at:
uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
To enable the binddn run the following command to set the password:
LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W -h ipa.example.com -ZZ -D "cn=Directory Manager" uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W \\
-H ldap://ipa.example.com -ZZ -D "cn=Directory Manager" \\
uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
EXAMPLES:

4
ipaclient/remote_plugins/2_156/sudorule.py
View File

@ -41,7 +41,9 @@ IPA provides a designated binddn to use with Sudo located at:
uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
To enable the binddn run the following command to set the password:
LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W -h ipa.example.com -ZZ -D "cn=Directory Manager" uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W \\
-H ldap://ipa.example.com -ZZ -D "cn=Directory Manager" \\
uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
EXAMPLES:

4
ipaclient/remote_plugins/2_164/sudorule.py
View File

@ -41,7 +41,9 @@ IPA provides a designated binddn to use with Sudo located at:
uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
To enable the binddn run the following command to set the password:
LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W -h ipa.example.com -ZZ -D "cn=Directory Manager" uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W \\
-H ldap://ipa.example.com -ZZ -D "cn=Directory Manager" \\
uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
EXAMPLES:

4
ipaclient/remote_plugins/2_49/sudorule.py
View File

@ -41,7 +41,9 @@ IPA provides a designated binddn to use with Sudo located at:
uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
To enable the binddn run the following command to set the password:
LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W -h ipa.example.com -ZZ -D "cn=Directory Manager" uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W \\
-H ldap://ipa.example.com -ZZ -D "cn=Directory Manager" \\
uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
For more information, see the IPA Documentation to Sudo.
""")

2
ipaserver/install/dsinstance.py
View File

@ -1040,7 +1040,7 @@ class DsInstance(service.Service):
admpwdfile.write(password)
admpwdfile.flush()
args = [paths.LDAPPASSWD, "-h", self.fqdn,
args = [paths.LDAPPASSWD, "-H", "ldap://{}".format(self.fqdn),
"-ZZ", "-x", "-D", str(DN(('cn', 'Directory Manager'))),
"-y", dmpwdfile.name, "-T", admpwdfile.name,
str(DN(('uid', 'admin'), ('cn', 'users'), ('cn', 'accounts'), self.suffix))]

2
ipaserver/plugins/sudorule.py
View File

@ -71,7 +71,7 @@ uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
""") + _("""
To enable the binddn run the following command to set the password:
LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W \
-h ipa.example.com -ZZ -D "cn=Directory Manager" \
-H ldap://ipa.example.com -ZZ -D "cn=Directory Manager" \
uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
""") + _("""
EXAMPLES:

3
ipatests/pytest_ipa/integration/tasks.py
View File

@ -2086,8 +2086,7 @@ def ldapsearch_dm(host, base, ldap_args, scope='sub', **kwargs):
args = [
'ldapsearch',
'-x', '-ZZ',
'-h', host.hostname,
'-p', '389',
'-H', "ldap://{}".format(host.hostname),
'-D', str(host.config.dirman_dn),
'-w', host.config.dirman_password,
'-s', scope,