|
Bugzilla – Full Text Bug Listing |
| Summary: | yast ldap - Password Policy | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE 10.3 | Reporter: | Andreas Pedersen <alofflambas> |
| Component: | YaST2 | Assignee: | Jiří Suchomel <jsuchome> |
| Status: | RESOLVED FIXED | QA Contact: | Jiri Srain <jsrain> |
| Severity: | Normal | ||
| Priority: | P5 - None | CC: | ralf |
| Version: | Final | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: | y2log | ||
|
Description
Andreas Pedersen
2007-12-04 17:56:09 UTC
Andreas, thank you for your bugreport. Could you please provide your y2logs? Created attachment 185977 [details]
y2log
hmmm I'll remember I included my y2log file.
And did you enabled the support in the LDAP server configuration before? Ralf, how can I detect that policies are enabled on the server? Should client disable adding new policies when server doesn't have their support or should it rather change the server configuration? What needs to be done from client sude if the "support" is currently missing? (In reply to comment #4 from Jiri Suchomel) > Ralf, how can I detect that policies are enabled on the server? You could the Schema if the "pwdpolicy" Objectclass if defined. That does not give a 100% accurate result, but should be good enough. (The server might have the ppolicy schema loaded but the overlay might not be configured.) > Should client disable adding new policies when server doesn't have their > support or should it rather change the server configuration? The client shoud not change the server configuration. In many case you can't even do that. As the LDAP Server runs on a different machine than the yast2-ldap-client module. > What needs to be done from client sude if the "support" is currently > missing? You should inform the user about that and check the "pam_lookup_policy" value in /etc/ldap.conf. (In reply to comment #5 from Ralf Haferkamp) > > What needs to be done from client sude if the "support" is currently > > missing? > You should inform the user about that and check the "pam_lookup_policy" value > in /etc/ldap.conf. I don't understand. If client should not change the server configuration (as stated above), than it should probably not even edit ldap.conf regarding the LDAP policy, right? We are in the situation where there is still no support at server side. I assume that the client should just disable the widgets for editing password policy objects (+ maybe inform user to configure it on server), right? (In reply to comment #6 from Jiri Suchomel) > (In reply to comment #5 from Ralf Haferkamp) > > > What needs to be done from client sude if the "support" is currently > > > missing? > > You should inform the user about that and check the "pam_lookup_policy" > > value > > in /etc/ldap.conf. > > I don't understand. If client should not change the server configuration (as > stated above), than it should probably not even edit ldap.conf regarding the > LDAP policy, right? I probably missunderstood the original question, but I thougt the client was already configured to handle password policies and then something on the server was change. (In that case it would make sense to inform the user about the fact, that there seems to be a missconfiguration). During the initial setup I agree, if the client detect, that the server does not support ppolicy. It should not change the ldap.conf regarding ppolicy. > We are in the situation where there is still no support at server side. I > assume that the client should just disable the widgets for editing password > policy objects (+ maybe inform user to configure it on server), right? Yep. So, I'll add this line to the client's help text: "The configuration is only possible when the Password Policies are already enabled on the LDAP server." yast2-ldap-client-2.16.5 |