[Freeipa-devel] [PATCH] 78 Use ldapi: instead of unsecured ldap: in ipa core tools.
JR Aquino
JR.Aquino at citrix.com
Mon Feb 21 22:35:09 UTC 2011
On 2/15/11 6:19 AM, "Pavel Zuna" <pzuna at redhat.com> wrote:
>On 02/14/2011 04:56 PM, JR Aquino wrote:
>> On 2/10/11 2:42 AM, "Pavel Zuna"<pzuna at redhat.com> wrote:
>>
>>> On 02/08/2011 01:06 PM, Pavel Zuna wrote:
>>>> The patch also corrects exception handling in some of the tools.
>>>>
>>>> Fix #874
>>>>
>>>> Pavel
>>>>
>>>
>>> Updated patch attached. Forgot to rename an identifier in exception
>>> handling.
>>>
>>> Pavel
>>> _______________________________________________
>>> Freeipa-devel mailing list
>>> Freeipa-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>
>> NACK
>>
>> It looks like LDAPUpdate calls may want to include ldapi=True?
>>
>> -=-
>> # ipa-nis-manage enable
>> Directory Manager password:
>>
>> Enabling plugin
>> Traceback (most recent call last):
>> File "/usr/sbin/ipa-nis-manage", line 211, in<module>
>> sys.exit(main())
>> File "/usr/sbin/ipa-nis-manage", line 151, in main
>> ld = LDAPUpdate(dm_password=dirman_password, sub_dict={})
>> File
>>"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
>> line 101, in __init__
>> conn.do_simple_bind(bindpw=self.dm_password)
>> File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line
>>350,
>> in do_simple_bind
>> self.simple_bind_s(binddn, bindpw)
>> File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line
>>204,
>> in inner
>> return f(*args, **kargs)
>> File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line
>>207,
>> in simple_bind_s
>> return self.result(msgid,all=1,timeout=self.timeout)
>> File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line
>>181,
>> in inner
>> objtype, data = f(*args, **kargs)
>> File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line
>>436,
>> in result
>> res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
>> File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line
>>204,
>> in inner
>> return f(*args, **kargs)
>> File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line
>>440,
>> in result2
>> res_type, res_data, res_msgid, srv_ctrls =
>> self.result3(msgid,all,timeout)
>> File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line
>>204,
>> in inner
>> return f(*args, **kargs)
>> File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line
>>446,
>> in result3
>> ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout)
>> File "/usr/lib/python2.7/site-packages/ipaserver/ipaldap.py", line
>>204,
>> in inner
>> return f(*args, **kargs)
>> File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line
>>96,
>> in _ldap_call
>> result = func(*args,**kwargs)
>> ldap.UNWILLING_TO_PERFORM: {'info': 'Minimum SSF not met.', 'desc':
>> 'Server is unwilling to perform'}
>>
>
>I can't reproduce this. :-/
>
>For me it goes fine:
>
>[root at ipadev tools]# ./ipa-nis-manage enable
>Directory Manager password:
>
>Enabling plugin
>This setting will not take effect until you restart Directory Server.
>The rpcbind service may need to be started.
>
>
>Pavel
To reproduce this, you must have minssf set in the dse.ldif on the ipa
server.
The highest number you can put in is: 56 due to some oddities with how
SASL communicates bit strength.
>
More information about the Freeipa-devel
mailing list