[Freeipa-devel] [PATCH 0057] Do not use anonymous bind in migration UI.
Petr Vobornik
pvoborni at redhat.com
Fri Jul 17 11:41:44 UTC 2015
On 07/17/2015 10:31 AM, Petr Vobornik wrote:
> On 07/17/2015 07:18 AM, Alexander Bokovoy wrote:
>> On Fri, 17 Jul 2015, Jan Cholasta wrote:
>>> Dne 16.7.2015 v 12:16 David Kupka napsal(a):
>>>> On 15/07/15 16:04, David Kupka wrote:
>>>>> On 15/07/15 15:34, Jan Cholasta wrote:
>>>>>> Dne 15.7.2015 v 15:21 David Kupka napsal(a):
>>>>>>> https://fedorahosted.org/freeipa/ticket/4953
>>>>>>>
>>>>>>> To test this patch:
>>>>>>>
>>>>>>> 1. Migrate users from LDAP or other FreeIPA server
>>>>>>> (https://www.freeipa.org/page/Howto/Migration)
>>>>>>>
>>>>>>> 2. Disable anonymous bind to Directory Server
>>>>>>> (https://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/disabling-anon-binds.html)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> 3. Go to FreeIPA migration page (ipa.example.com/ipa/migration/) and
>>>>>>> enter name and password of one of the migrated users.
>>>>>>>
>>>>>>> Without this patch you will get an error page.
>>>>>>
>>>>>> NACK, you are calling do_bind with wrong arguments.
>>>>>>
>>>>> Updated patch attached.
>>>>>
>>>>>
>>>>>
>>>>
>>>> With Honza, we've found better solution. Instead of binding to the LDAP
>>>> just to get base DN we can instantiate api and use api.env.basedn
>>>> variable. In the same time we can use api.anv.ldap_uri instead of
>>>> searching filesystem for ldapi socket.
>>>> Patch attached.
>>>
>>> LGTM, but since I had a part in this, I'd like someone else (Petr?) to
>>> ACK this.
>> I went through the code and I think it is also a better approach than it
>> was before, so ACK.
>
> ACK as well.
>
> Pushed to:
> master: e5d179b5b96bba5048a05135693acc5507d38163
> ipa-4-2: 65877820b821884ac3b539e7f64e12c2cb3dd34f
Also tested and pushed to 4-1 (ticket is in 4-1)
e40a6bc0824020af6ae9d95f444c69a09457cb24
--
Petr Vobornik
More information about the Freeipa-devel
mailing list