[Freeipa-devel] [PATCH 0057] Do not use anonymous bind in migration UI.
Alexander Bokovoy
abokovoy at redhat.com
Fri Jul 17 05:18:24 UTC 2015
On Fri, 17 Jul 2015, Jan Cholasta wrote:
>Dne 16.7.2015 v 12:16 David Kupka napsal(a):
>>On 15/07/15 16:04, David Kupka wrote:
>>>On 15/07/15 15:34, Jan Cholasta wrote:
>>>>Dne 15.7.2015 v 15:21 David Kupka napsal(a):
>>>>>https://fedorahosted.org/freeipa/ticket/4953
>>>>>
>>>>>To test this patch:
>>>>>
>>>>>1. Migrate users from LDAP or other FreeIPA server
>>>>>(https://www.freeipa.org/page/Howto/Migration)
>>>>>
>>>>>2. Disable anonymous bind to Directory Server
>>>>>(https://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/disabling-anon-binds.html)
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>3. Go to FreeIPA migration page (ipa.example.com/ipa/migration/) and
>>>>>enter name and password of one of the migrated users.
>>>>>
>>>>>Without this patch you will get an error page.
>>>>
>>>>NACK, you are calling do_bind with wrong arguments.
>>>>
>>>Updated patch attached.
>>>
>>>
>>>
>>
>>With Honza, we've found better solution. Instead of binding to the LDAP
>>just to get base DN we can instantiate api and use api.env.basedn
>>variable. In the same time we can use api.anv.ldap_uri instead of
>>searching filesystem for ldapi socket.
>>Patch attached.
>
>LGTM, but since I had a part in this, I'd like someone else (Petr?) to
>ACK this.
I went through the code and I think it is also a better approach than it
was before, so ACK.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list