[Freeipa-devel] [PATCH 0057] Do not use anonymous bind in migration UI.
Jan Cholasta
jcholast at redhat.com
Fri Jul 17 05:05:03 UTC 2015
Dne 16.7.2015 v 12:16 David Kupka napsal(a):
> On 15/07/15 16:04, David Kupka wrote:
>> On 15/07/15 15:34, Jan Cholasta wrote:
>>> Dne 15.7.2015 v 15:21 David Kupka napsal(a):
>>>> https://fedorahosted.org/freeipa/ticket/4953
>>>>
>>>> To test this patch:
>>>>
>>>> 1. Migrate users from LDAP or other FreeIPA server
>>>> (https://www.freeipa.org/page/Howto/Migration)
>>>>
>>>> 2. Disable anonymous bind to Directory Server
>>>> (https://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/disabling-anon-binds.html)
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> 3. Go to FreeIPA migration page (ipa.example.com/ipa/migration/) and
>>>> enter name and password of one of the migrated users.
>>>>
>>>> Without this patch you will get an error page.
>>>
>>> NACK, you are calling do_bind with wrong arguments.
>>>
>> Updated patch attached.
>>
>>
>>
>
> With Honza, we've found better solution. Instead of binding to the LDAP
> just to get base DN we can instantiate api and use api.env.basedn
> variable. In the same time we can use api.anv.ldap_uri instead of
> searching filesystem for ldapi socket.
> Patch attached.
LGTM, but since I had a part in this, I'd like someone else (Petr?) to
ACK this.
--
Jan Cholasta
More information about the Freeipa-devel
mailing list