[Freeipa-devel] [PATCH 0057] Do not use anonymous bind in migration UI.
Petr Vobornik
pvoborni at redhat.com
Fri Jul 17 08:31:11 UTC 2015
On 07/17/2015 07:18 AM, Alexander Bokovoy wrote:
> On Fri, 17 Jul 2015, Jan Cholasta wrote:
>> Dne 16.7.2015 v 12:16 David Kupka napsal(a):
>>> On 15/07/15 16:04, David Kupka wrote:
>>>> On 15/07/15 15:34, Jan Cholasta wrote:
>>>>> Dne 15.7.2015 v 15:21 David Kupka napsal(a):
>>>>>> https://fedorahosted.org/freeipa/ticket/4953
>>>>>>
>>>>>> To test this patch:
>>>>>>
>>>>>> 1. Migrate users from LDAP or other FreeIPA server
>>>>>> (https://www.freeipa.org/page/Howto/Migration)
>>>>>>
>>>>>> 2. Disable anonymous bind to Directory Server
>>>>>> (https://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/disabling-anon-binds.html)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> 3. Go to FreeIPA migration page (ipa.example.com/ipa/migration/) and
>>>>>> enter name and password of one of the migrated users.
>>>>>>
>>>>>> Without this patch you will get an error page.
>>>>>
>>>>> NACK, you are calling do_bind with wrong arguments.
>>>>>
>>>> Updated patch attached.
>>>>
>>>>
>>>>
>>>
>>> With Honza, we've found better solution. Instead of binding to the LDAP
>>> just to get base DN we can instantiate api and use api.env.basedn
>>> variable. In the same time we can use api.anv.ldap_uri instead of
>>> searching filesystem for ldapi socket.
>>> Patch attached.
>>
>> LGTM, but since I had a part in this, I'd like someone else (Petr?) to
>> ACK this.
> I went through the code and I think it is also a better approach than it
> was before, so ACK.
ACK as well.
Pushed to:
master: e5d179b5b96bba5048a05135693acc5507d38163
ipa-4-2: 65877820b821884ac3b539e7f64e12c2cb3dd34f
--
Petr Vobornik
More information about the Freeipa-devel
mailing list