[Freeipa-devel] DN patch and documentation

Petr Viktorin pviktori at redhat.com
Wed Jul 11 14:46:10 UTC 2012 

On 07/07/2012 08:45 PM, John Dennis wrote:
> The DN work I was doing on master is ready for review and testing. It's
> been a long haul and I've been working relentlessly to get this work
> completed. I am on PTO for a week starting today (I know bad timing) but
> I spent yesterday and my first day of PTO today writing up extensive
> documentation for the work so others can start taking a look at it while
> I'm gone. The documentation as well as where to find the code can be
> found here:
>
> http://jdennis.fedorapeople.org/dn_summary.html
>
> The document is long but I felt it was better to provide explanations
> for as much as possible.
>
> I may check in during the week but I'm going to try and discipline
> myself not to and take an actual much needed break.
>
> John
>

Two more code review points:
ipa-adtrust-install uses DN without importing it, that'll fail

You've changed API.txt, be sure to also bump IPA_API_VERSION_MINOR in 
VERSION.


And now for the functional testing.

I ran through the unit tests, and tested the command-line utilities.
I did not test replica stuff (replica-prepare doesn't work, see below) 
and AD integration (I'd like to ask someone else to do the tests here).

I rebased the patch to master, so some of the problems I found may be 
new regressions.

I'm attaching an additional patch I've tested with, which solves some 
errors I've encountered:


• The lint error mentioned earlier

• ipa-client-install passing a DN object to ipautil.run
$ sudo ipa-client-install
Discovery was successful!
Hostname: vm-149.idm.lab.bos.redhat.com
Realm: IDM.LAB.BOS.REDHAT.COM
DNS Domain: idm.lab.bos.redhat.com
IPA Server: vm-044.idm.lab.bos.redhat.com
BaseDN: dc=idm,dc=lab,dc=bos,dc=redhat,dc=com

Continue to configure the system with these values? [no]: y
User authorized to enroll computers: admin
Synchronizing time with KDC...
Password for admin at IDM.LAB.BOS.REDHAT.COM:
Traceback (most recent call last):
   File "/sbin/ipa-client-install", line 1763, in <module>
     sys.exit(main())
   File "/sbin/ipa-client-install", line 1749, in main
     rval = install(options, env, fstore, statestore)
   File "/sbin/ipa-client-install", line 1473, in install
     (stdout, stderr, returncode) = run(join_args, raiseonerr=False, 
env=env, nolog=nolog)
   File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 
285, in run
     close_fds=True, env=env)
   File "/usr/lib64/python2.7/subprocess.py", line 679, in __init__
     errread, errwrite)
   File "/usr/lib64/python2.7/subprocess.py", line 1249, in _execute_child
     raise child_exception
TypeError: coercing to Unicode: need string or buffer, DN found



I also ran into:

• ipa-replica-setup uses removed a LDAPEntry method that got removed 
when LDAPEntry became a namedtuple
$ sudo ipa-replica-prepare vm-$REPLICANUM.idm.lab.bos.redhat.com -p 
12345678 --ip-address 10.16.78.28
Preparing replica for vm-028.idm.lab.bos.redhat.com from 
vm-044.idm.lab.bos.redhat.com
preparation of replica failed: 'LDAPEntry' object has no attribute 
'getValue'
'LDAPEntry' object has no attribute 'getValue'
   File "/sbin/ipa-replica-prepare", line 461, in <module>
     main()

   File "/sbin/ipa-replica-prepare", line 309, in main
     dirman_password)

   File 
"/usr/lib/python2.7/site-packages/ipaserver/install/replication.py", 
line 89, in enable_replication_version_checking
     if entry[0].getValue('nsslapd-pluginenabled') == 'off':


• dnsrecord_{del,mod} AAAA unit tests fail, e.g.
ipa: ERROR: non-public: AssertionError:
Traceback (most recent call last):
   File "/home/pviktori/freeipa/ipaserver/rpcserver.py", line 332, in 
wsgi_execute
     result = self.Command[name](*args, **options)
   File "/home/pviktori/freeipa/ipalib/frontend.py", line 435, in __call__
     ret = self.run(*args, **options)
   File "/home/pviktori/freeipa/ipalib/frontend.py", line 747, in run
     return self.execute(*args, **options)
   File "/home/pviktori/freeipa/ipalib/plugins/dns.py", line 2601, in 
execute
     result = super(dnsrecord_del, self).execute(*keys, **options)
   File "/home/pviktori/freeipa/ipalib/plugins/baseldap.py", line 1350, 
in execute
     assert isinstance(dn, DN)
AssertionError
ipa: INFO: admin at IDM.LAB.BOS.REDHAT.COM: dnsrecord_del(u'dnszone.test', 
u'testdnsres', arecord=(u'127.0.0.1',), del_all=False, struct


• ipa-compliance still uses strings for DNs (see lines 119, 139). It 
fails with an AssertionError (which may not be apparent at first because 
the tool isn't very good at error reporting).
Traceback (most recent call last):
   File "/sbin/ipa-compliance", line 179, in main
     check_compliance(tmpdir, options.debug)
   File "/sbin/ipa-compliance", line 121, in check_compliance
     size_limit = -1)
   File "/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", 
line 1050, in find_entries
     assert isinstance(base_dn, DN)
AssertionError


• ipa-ldap-updater fails when running plugins. The offending code around 
updateclient.py:134 is wrong.
$ sudo ipa-ldap-updater
Directory Manager password:

ipa.ipaserver.install.ldapupdate.LDAPUpdate: INFO     PRE_UPDATE
ipa.ipaserver.install.ldapupdate.LDAPUpdate: INFO     Parsing update 
file /usr/share/ipa/updates/10-60basev2.update
ipa.ipaserver.install.ldapupdate.LDAPUpdate: INFO     Parsing update 
file /usr/share/ipa/updates/10-60basev3.update
[...]
ipa.ipaserver.install.ldapupdate.LDAPUpdate: INFO     Done
ipa.ipaserver.install.ldapupdate.LDAPUpdate: INFO     Updating existing 
entry: cn=UPG Definition,cn=Definitions,cn=Managed 
Entries,cn=etc,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
ipa.ipaserver.install.ldapupdate.LDAPUpdate: INFO     Done
ipa.ipaserver.install.ldapupdate.LDAPUpdate: INFO     POST_UPDATE
Traceback (most recent call last):
   File "/sbin/ipa-ldap-updater", line 163, in <module>
     sys.exit(main())
   File "/sbin/ipa-ldap-updater", line 144, in main
     modified = ld.update(files)
   File 
"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py", line 
879, in update
     updates = api.Backend.updateclient.update(POST_UPDATE, 
self.dm_password, self.ldapi, self.live_run)
   File 
"/usr/lib/python2.7/site-packages/ipaserver/install/plugins/updateclient.py", 
line 134, in update
     if dn not in rdn_count_list[rdn_count]:
IndexError: list index out of range


• ipa-nis-manage uses unlocked global DNs. But it works!


• ipa-managed-entries still uses strings for DNs (see line 97), so it 
can't find the entries it manages (again due to AssertionError).
$ sudo ipa-managed-entries -l
Directory Manager password:

Unable to find managed entries at cn=Definitions,cn=Managed 
Entries,cn=etc,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com



-- 
Petr³
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fixup-dn-conversion.patch
Type: text/x-patch
Size: 1738 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120711/2d2ebb3f/attachment.bin>

More information about the Freeipa-devel mailing list