Bug 509874

Summary: YaST2 does not process ldap groups properly
Product: [openSUSE] openSUSE 11.1 Reporter: Waldemar Spitz <wspitz>
Component: YaST2Assignee: Jiří Suchomel <jsuchome>
Status: RESOLVED FIXED QA Contact: Jiri Srain <jsrain>
Severity: Critical    
Priority: P5 - None CC: jsuchome
Version: Final   
Target Milestone: ---   
Hardware: All   
OS: openSUSE 11.1   
Whiteboard: maint:released:11.1:25151 maint:released:sle11:25150
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: patch for /usr/share/YaST2/modules/Ldap.ycp and /usr/share/YaST2/include/ldap/ui.ycp
solves the first problem
solves the second problem
patch for /usr/share/YaST2/modules/Ldap.ycp and /usr/share/YaST2/include/ldap/ui.ycp

Description Waldemar Spitz 2009-06-04 11:02:12 UTC 
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)

if OpenSuSE 11.1 is configured to use ldap to authenticate users and the
"Group Member Attribute" is set to "uniquemember" there are two problems:

1. adding a new member to a ldap group or modifying an existing ldap group
 destroys all existing members in this group.

2. when adding a new ldap group yast displays the following error message

Error
The attribute 'uniqueMember' is required for this object according to
its LDAP configuration, but it is currently empty.


Reproducible: Always

Steps to Reproduce:
1.
2.
3.



This problems arise because in OpenSuSE 11.1 all ldap attributes are processed case sensitive. In former version of OpenSuSE all attributes are transformed into lower case before processing.

For both problems a quick solution is to reestablish the processing of the 'uniqueMember' attribute in lower case.

The following two patches in attachment solve the problems:

getgroupentry.patch solves the first 
checkreqattr.patch solves the second.
Comment 1 Jiří Suchomel 2009-06-04 12:44:36 UTC 
Created attachment 296218 [details]
patch for /usr/share/YaST2/modules/Ldap.ycp and  /usr/share/YaST2/include/ldap/ui.ycp

Your patches are not here yet, I tried to create mine: could you test if they work? After patching Ldap.ycp it is necessary to call 'ycpc -c Ldap.ycp'.
Comment 2 Waldemar Spitz 2009-06-04 19:47:05 UTC 
Created attachment 296341 [details]
solves the first problem
Comment 3 Waldemar Spitz 2009-06-04 19:50:38 UTC 
Created attachment 296342 [details]
solves the second problem
Comment 4 Waldemar Spitz 2009-06-04 19:52:05 UTC 
Will test your patches as soon as possible
Comment 5 Waldemar Spitz 2009-06-05 09:18:01 UTC 
Now I have tested your patches, but unfortunately they did not work. 

In first case the problem is, that the LdapAgent::getGroupEntry method in LdapAgent.cc (see yast2-ldap sources) passes the group members in a 'uniqueMember' list to YaST but YaST expects they in an 'uniquemember' hash.

In second case YaST stores the members of a new group in a 'uniquemember' structure but checks (at /usr/share/YaST2/modules/UsersPluginLDAPAll.pm:250) the presence of required attribute 'uniqueMember'.
Comment 6 Jiří Suchomel 2009-06-05 09:39:10 UTC 
I see. But I'd like to have a solution that correctly uses the original names, not lowercased ones. I hope next patch is correct.
Comment 7 Jiří Suchomel 2009-06-05 09:42:52 UTC 
Created attachment 296474 [details]
patch for /usr/share/YaST2/modules/Ldap.ycp and /usr/share/YaST2/include/ldap/ui.ycp

This replaces the previous patch, but the change is only in Ldap.ycp part. Revert the old one and apply this one, or look into for changes and do the change manually.
Comment 8 Waldemar Spitz 2009-06-06 06:51:11 UTC 
After application of the latest Ldap.ycp patch YaST works correct. Both problems are solved. Thank you.
Comment 10 Swamp Workflow Management 2009-06-08 11:44:55 UTC 
The SWAMPID for this issue is 25147.
Please submit the patch and patchinfo file using this ID.
(https://swamp.suse.de/webswamp/wf/25147)
Comment 13 Jiří Suchomel 2009-06-08 13:03:38 UTC 
Waldemar, thanks for your help and investigations!
Comment 14 Swamp Workflow Management 2009-06-17 09:48:53 UTC 
Update released for: yast2-ldap-client
Products:
openSUSE 11.1 (i586)
Comment 15 Swamp Workflow Management 2009-06-17 22:08:36 UTC 
Update released for: yast2-ldap-client
Products:
SLE-DESKTOP 11 (i386, x86_64)
SLE-SERVER 11 (i386, ia64, ppc64, s390x, x86_64)