Bug 338952

Summary: YaST module ldap-server - acl package is missing - Cannot write TLS Settings
Product: [openSUSE] openSUSE 11.0 Reporter: Andreas Pedersen <alofflambas>
Component: YaST2Assignee: Ralf Haferkamp <ralf>
Status: RESOLVED FIXED QA Contact: Jiri Srain <jsrain>
Severity: Minor    
Priority: P5 - None CC: tgoettlicher
Version: Alpha 2   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Andreas Pedersen 2007-11-03 12:20:34 UTC 
I tried to use 'Common Server Certificate' with ldap and it needs the tools from the acl package.
Solve it with just installing the package.
$ zypper in acl

YaST doesn't also change the variable in /etc/sysconfig/openldap when I'm
enable TLS support.
OPENLDAP_START_LDAPS="yes"
I need to change it by my self.

## y2log ##
2007-11-03 14:00:15 <2> misa(6784) [Parser] ldap-server/tree_structure.ycp:903 Warning: find(...) is deprecated, please fix
2007-11-03 14:00:15 <2> misa(6784) [Parser] ldap-server/tree_structure.ycp:923 Warning: find(...) is deprecated, please fix
2007-11-03 14:00:16 <2> misa(6784) [Parser] ldap-server/dialogs.ycp:102 Warning: Format string is not constant, no parameter checking possible
2007-11-03 14:00:16 <2> misa(6784) [Parser] ldap-server/dialogs.ycp:249 Warning: find(...) is deprecated, please fix
2007-11-03 14:00:17 <0> misa(6791) [Perl] servers_non_y2/ag_ldapserver(ag_ldapserver::__init_rec):876 starting new <schemainclude> with value </etc/openldap/schema/core.schema> at position <2>
2007-11-03 14:00:17 <0> misa(6791) [Perl] servers_non_y2/ag_ldapserver(ag_ldapserver::__init_rec):876 starting new <schemainclude> with value </etc/openldap/schema/cosine.schema> at position <3>
2007-11-03 14:00:17 <0> misa(6791) [Perl] servers_non_y2/ag_ldapserver(ag_ldapserver::__init_rec):876 starting new <schemainclude> with value </etc/openldap/schema/inetorgperson.schema> at position <4>
2007-11-03 14:00:17 <0> misa(6791) [Perl] servers_non_y2/ag_ldapserver(ag_ldapserver::__init_rec):876 starting new <schemainclude> with value </etc/openldap/schema/rfc2307bis.schema> at position <5>
2007-11-03 14:00:59 <3> misa(6784) [bash] ShellCommand.cc(shellcommand):78 sh: /usr/bin/setfacl: No such file or directory
2007-11-03 14:00:59 <3> misa(6784) [-e] SCR_EXECUTE_ERROR[1906:/usr/share/YaST2/modules/YaPI/LdapServer.pm] Can not set a filesystem acl on the private key
2007-11-03 14:00:59 <3> misa(6784) [-e] Description: setfacl -m u:ldap:r /etc/ssl/servercerts/serverkey.pem failed.
2007-11-03 14:02:32 <3> misa(6784) [YCP] Report.ycp:484 Cannot write 'TLS Settings'.
Comment 1 Thomas Göttlicher 2007-11-15 09:36:20 UTC 
Reassigning to maintainer.
Comment 2 Ralf Haferkamp 2007-12-03 15:17:16 UTC 
(In reply to comment #0 from Andreas Pedersen)
> I tried to use 'Common Server Certificate' with ldap and it needs the tools
> from the acl package.
> Solve it with just installing the package.
> $ zypper in acl
Moving to 11.0 to fix it for the next openSUSE release.
 
> YaST doesn't also change the variable in /etc/sysconfig/openldap when I'm
> enable TLS support.
> OPENLDAP_START_LDAPS="yes"
> I need to change it by my self.
The OPENLDAP_START_LDAPS is not necessarily needed to use TLS. That's why we
don't enable it by default. Most LDAP clients support StartTLS nowadays. I'll
treat this part as a feature request and move it to FATE, our feature tracking
tool.
Comment 3 Ralf Haferkamp 2007-12-07 09:28:16 UTC 
Entered the part about OPENLDAP_START_LDAPS  into Fate (ID #303058).
Comment 4 Ralf Haferkamp 2008-01-08 11:16:12 UTC 
Fix for the missing "acl" requirement submitted to SVN.