[Freeipa-devel] DN patch and documentation
Petr Viktorin
pviktori at redhat.com
Wed Jul 11 14:46:10 UTC 2012
On 07/07/2012 08:45 PM, John Dennis wrote:
> The DN work I was doing on master is ready for review and testing. It's
> been a long haul and I've been working relentlessly to get this work
> completed. I am on PTO for a week starting today (I know bad timing) but
> I spent yesterday and my first day of PTO today writing up extensive
> documentation for the work so others can start taking a look at it while
> I'm gone. The documentation as well as where to find the code can be
> found here:
>
> http://jdennis.fedorapeople.org/dn_summary.html
>
> The document is long but I felt it was better to provide explanations
> for as much as possible.
>
> I may check in during the week but I'm going to try and discipline
> myself not to and take an actual much needed break.
>
> John
>
Two more code review points:
ipa-adtrust-install uses DN without importing it, that'll fail
You've changed API.txt, be sure to also bump IPA_API_VERSION_MINOR in
VERSION.
And now for the functional testing.
I ran through the unit tests, and tested the command-line utilities.
I did not test replica stuff (replica-prepare doesn't work, see below)
and AD integration (I'd like to ask someone else to do the tests here).
I rebased the patch to master, so some of the problems I found may be
new regressions.
I'm attaching an additional patch I've tested with, which solves some
errors I've encountered:
• The lint error mentioned earlier
• ipa-client-install passing a DN object to ipautil.run
$ sudo ipa-client-install
Discovery was successful!
Hostname: vm-149.idm.lab.bos.redhat.com
Realm: IDM.LAB.BOS.REDHAT.COM
DNS Domain: idm.lab.bos.redhat.com
IPA Server: vm-044.idm.lab.bos.redhat.com
BaseDN: dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
Continue to configure the system with these values? [no]: y
User authorized to enroll computers: admin
Synchronizing time with KDC...
Password for admin at IDM.LAB.BOS.REDHAT.COM:
Traceback (most recent call last):
File "/sbin/ipa-client-install", line 1763, in <module>
sys.exit(main())
File "/sbin/ipa-client-install", line 1749, in main
rval = install(options, env, fstore, statestore)
File "/sbin/ipa-client-install", line 1473, in install
(stdout, stderr, returncode) = run(join_args, raiseonerr=False,
env=env, nolog=nolog)
File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line
285, in run
close_fds=True, env=env)
File "/usr/lib64/python2.7/subprocess.py", line 679, in __init__
errread, errwrite)
File "/usr/lib64/python2.7/subprocess.py", line 1249, in _execute_child
raise child_exception
TypeError: coercing to Unicode: need string or buffer, DN found
I also ran into:
• ipa-replica-setup uses removed a LDAPEntry method that got removed
when LDAPEntry became a namedtuple
$ sudo ipa-replica-prepare vm-$REPLICANUM.idm.lab.bos.redhat.com -p
12345678 --ip-address 10.16.78.28
Preparing replica for vm-028.idm.lab.bos.redhat.com from
vm-044.idm.lab.bos.redhat.com
preparation of replica failed: 'LDAPEntry' object has no attribute
'getValue'
'LDAPEntry' object has no attribute 'getValue'
File "/sbin/ipa-replica-prepare", line 461, in <module>
main()
File "/sbin/ipa-replica-prepare", line 309, in main
dirman_password)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/replication.py",
line 89, in enable_replication_version_checking
if entry[0].getValue('nsslapd-pluginenabled') == 'off':
• dnsrecord_{del,mod} AAAA unit tests fail, e.g.
ipa: ERROR: non-public: AssertionError:
Traceback (most recent call last):
File "/home/pviktori/freeipa/ipaserver/rpcserver.py", line 332, in
wsgi_execute
result = self.Command[name](*args, **options)
File "/home/pviktori/freeipa/ipalib/frontend.py", line 435, in __call__
ret = self.run(*args, **options)
File "/home/pviktori/freeipa/ipalib/frontend.py", line 747, in run
return self.execute(*args, **options)
File "/home/pviktori/freeipa/ipalib/plugins/dns.py", line 2601, in
execute
result = super(dnsrecord_del, self).execute(*keys, **options)
File "/home/pviktori/freeipa/ipalib/plugins/baseldap.py", line 1350,
in execute
assert isinstance(dn, DN)
AssertionError
ipa: INFO: admin at IDM.LAB.BOS.REDHAT.COM: dnsrecord_del(u'dnszone.test',
u'testdnsres', arecord=(u'127.0.0.1',), del_all=False, struct
• ipa-compliance still uses strings for DNs (see lines 119, 139). It
fails with an AssertionError (which may not be apparent at first because
the tool isn't very good at error reporting).
Traceback (most recent call last):
File "/sbin/ipa-compliance", line 179, in main
check_compliance(tmpdir, options.debug)
File "/sbin/ipa-compliance", line 121, in check_compliance
size_limit = -1)
File "/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py",
line 1050, in find_entries
assert isinstance(base_dn, DN)
AssertionError
• ipa-ldap-updater fails when running plugins. The offending code around
updateclient.py:134 is wrong.
$ sudo ipa-ldap-updater
Directory Manager password:
ipa.ipaserver.install.ldapupdate.LDAPUpdate: INFO PRE_UPDATE
ipa.ipaserver.install.ldapupdate.LDAPUpdate: INFO Parsing update
file /usr/share/ipa/updates/10-60basev2.update
ipa.ipaserver.install.ldapupdate.LDAPUpdate: INFO Parsing update
file /usr/share/ipa/updates/10-60basev3.update
[...]
ipa.ipaserver.install.ldapupdate.LDAPUpdate: INFO Done
ipa.ipaserver.install.ldapupdate.LDAPUpdate: INFO Updating existing
entry: cn=UPG Definition,cn=Definitions,cn=Managed
Entries,cn=etc,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
ipa.ipaserver.install.ldapupdate.LDAPUpdate: INFO Done
ipa.ipaserver.install.ldapupdate.LDAPUpdate: INFO POST_UPDATE
Traceback (most recent call last):
File "/sbin/ipa-ldap-updater", line 163, in <module>
sys.exit(main())
File "/sbin/ipa-ldap-updater", line 144, in main
modified = ld.update(files)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py", line
879, in update
updates = api.Backend.updateclient.update(POST_UPDATE,
self.dm_password, self.ldapi, self.live_run)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/plugins/updateclient.py",
line 134, in update
if dn not in rdn_count_list[rdn_count]:
IndexError: list index out of range
• ipa-nis-manage uses unlocked global DNs. But it works!
• ipa-managed-entries still uses strings for DNs (see line 97), so it
can't find the entries it manages (again due to AssertionError).
$ sudo ipa-managed-entries -l
Directory Manager password:
Unable to find managed entries at cn=Definitions,cn=Managed
Entries,cn=etc,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
--
Petr³
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fixup-dn-conversion.patch
Type: text/x-patch
Size: 1738 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120711/2d2ebb3f/attachment.bin>
More information about the Freeipa-devel
mailing list