Admin handling in fusiondirectory-setup seems wrong

Several problems: -It searchs for a specific uid and cn : (&(cn=System Administrator)(uid=fd-admin)(objectClass=inetOrgPerson)), while the admin might be named something else -It creates the cn with uid= while the FD might be configured to use cns in user dns. -If it fails it fail with a message about a dn starting with cn= while it tried with uid=

(from redmine: issue id 1708, created on 2012-12-18, closed on 2013-04-15)

• Changesets:
  • Revision 2161a8ca by Côme Chilliet on 2013-02-22T16:06:06.000Z:

Fixes: #1708 Admin handling in fusiondirectory-setup seems wrong

• Revision 6abfcf00 by Côme Chilliet on 2013-02-27T08:37:21.000Z:

Fixes: #1708 missing args for check_admin

• Revision 4f4a9434 by Côme Chilliet on 2013-03-20T10:15:26.000Z:

Fixes: #1708 Fixed lots of perl errors

• Revision b413da19 by Côme Chilliet on 2013-04-09T09:40:11.000Z:

Fixes: #1708 Not creating admin account if existing

• Revision c38f97f4 by Côme Chilliet on 2013-04-15T15:05:52.000Z:

Fixes: #1708 Admin handling in fusiondirectory-setup

• Custom Fields:
  • Bug in version: 1.0.4
• Uploads:
  • 0001-Fixes-1708-Admin-handling-in-fusiondirectory-setup-s.patch
  • 0002-Fixes-1708-missing-args-for-check_admin.patch
  • 0003-Fixes-1708-Fixed-lots-of-perl-errors.patch
  • 0004-Fixes-1708-Not-creating-admin-account-if-existing.patch
  • 0005-Fixes-1708-Admin-handling-in-fusiondirectory-setup.patch

Ok, so now it searches for admin acls associated to existing dns. If none exists it propose to create one. When creating it create the admin user AND the acl associated. It delete any admin acl associated to a non-found dn. It searches for the config object and use the config account primary attribute in the dn. If no config is found it defaults to uid. It needs the following tests:

• run it on a standard FD installation
• run it after deleting the admin user
• run it after deleting the admin acl
• run it after adding other user to the admin acl (that might fail and do bad things, please report any errors here)
• run it after deleting admin user and acl
• run it on a FD with some acls after deleting admin user or acl, check that acls are not lost

I might be very buggy on the first run, I did not tested it yet.

(from redmine: written on 2013-02-22)

By Côme Chilliet on 2017-09-02T14:53:20 (imported from GitLab)

Hello,

when running fusiondirectory-setup --check-ldap i got this

root@fusiondirectory-105:/etc/ldap/schema/fusiondirectory# fusiondirectory-setup --check-ldap Checking your LDAP tree Use of uninitialized value $base in string at /usr/sbin/fusiondirectory-setup line 535. Can't call method "search" on an undefined value at /usr/sbin/fusiondirectory-setup line 535.

Cheers

(from redmine: written on 2013-02-26)

By bmortier on 2017-09-02T14:53:21 (imported from GitLab)

oops

(from redmine: written on 2013-02-27)

By Côme Chilliet on 2017-09-02T14:53:21 (imported from GitLab)

There was a lot of errors in this code. Fixed now.

(from redmine: written on 2013-03-20)

By Côme Chilliet on 2017-09-02T14:53:21 (imported from GitLab)

Hello,

tested case 2 and got those errors

root@server:/home/benoit# fusiondirectory-setup --check-ldap Checking your LDAP tree Use of uninitialized value $base in concatenation (.) or string at /usr/sbin/fusiondirectory-setup line 625, line 522. ! ou=people, not found in your LDAP directory Do you want to create it ?: [Yes/No]? Yes Use of uninitialized value $base in concatenation (.) or string at /usr/sbin/fusiondirectory-setup line 629, line 1. Use of uninitialized value $base in concatenation (.) or string at /usr/sbin/fusiondirectory-setup line 636, line 1. ! failed to add LDAP's ou=people, branch Please enter a login for FusionDirectory's admin [fd-admin]:

Please enter FusionDirectory's admin password: tester Please enter it again: tester Use of uninitialized value $base in string at /usr/sbin/fusiondirectory-setup line 409, line 4. Could not find configuration object, using default value Use of uninitialized value $base in concatenation (.) or string at /usr/sbin/fusiondirectory-setup line 435, line 4.

! failed to add LDAP's uid=fd-admin,ou=people, entry - LDAP_INVALID_DN_SYNTAX: The request contained an invalid DN

Cheers

(from redmine: written on 2013-04-05)

By bmortier on 2017-09-02T14:53:21 (imported from GitLab)

This is related to #2159, not #1708 (closed)

(from redmine: written on 2013-04-05)

By Côme Chilliet on 2017-09-02T14:53:21 (imported from GitLab)

See #2159

(from redmine: written on 2013-04-05)

By Côme Chilliet on 2017-09-02T14:53:22 (imported from GitLab)

Hello,

In case 3 :

i tries to add the acl but also tries to add an user, it donest work because the user is already there, it should only add the missing admin acl

root@server:/etc/ldap/schema# fusiondirectory-setup --check-ldap Checking your LDAP tree ! ACL entries are missing No valid admin account found, do you want to create it ? [Yes/No]? Yes Please enter a login for FusionDirectory's admin [fd-admin]:

Please enter FusionDirectory's admin password: tester Please enter it again: tester

! failed to add LDAP's uid=fd-admin,ou=people,dc=opensides,dc=be entry - LDAP_ALREADY_EXISTS: The client attempted to add an entry that already exists. This can occur as a result of

• An add request was submitted with a DN that already exists

• A modify DN requested was submitted, where the requested new DN already exists

• The request is adding an attribute to the schema and an attribute with the given OID or name already exists

(from redmine: written on 2013-04-05)

By bmortier on 2017-09-02T14:53:22 (imported from GitLab)

Côme BERNIGAUD wrote:

Ok, so now it searches for admin acls associated to existing dns. If none exists it propose to create one. When creating it create the admin user AND the acl associated. It delete any admin acl associated to a non-found dn. It searches for the config object and use the config account primary attribute in the dn. If no config is found it defaults to uid. It needs the following tests:

• run it on a standard FD installation

ok !

• run it after deleting the admin user

ok !

• run it after deleting the admin acl

ok !

• run it after adding other user to the admin acl (that might fail and do bad things, please report any errors here)
• run it after deleting admin user and acl

ok !

• run it on a FD with some acls after deleting admin user or acl, check that acls are not lost

I might be very buggy on the first run, I did not tested it yet.

(from redmine: written on 2013-04-05)

By bmortier on 2017-09-02T14:53:22 (imported from GitLab)

Hello,

case three no gosaAcl onto

0 dc=opensides,dc=be o: opensides.be dc: opensides ou: opensides description: opensides objectClass: dcObject objectClass: gosaDepartment objectClass: organization objectClass: top

but admin-user still present in ldap tree

root@server:/home/benoit# fusiondirectory-setup --check-ldap Checking your LDAP tree ! ACL entries are missing No valid admin account found, do you want to create it ? [Yes/No]? yes Please enter a login for FusionDirectory's admin [fd-admin]: fd-admin
Please enter FusionDirectory's admin password: tester Please enter it again: tester

! failed to add LDAP's uid=fd-admin,ou=people,dc=opensides,dc=be entry - LDAP_ALREADY_EXISTS: The client attempted to add an entry that already exists. This can occur as a result of

• An add request was submitted with a DN that already exists

• A modify DN requested was submitted, where the requested new DN already exists

• The request is adding an attribute to the schema and an attribute with the given OID or name already exists

Cheers

(from redmine: written on 2013-04-12)

By bmortier on 2017-09-02T14:53:23 (imported from GitLab)

Close issue

(from redmine: written on 2013-04-15)

By bmortier on 2017-09-02T14:53:23 (imported from GitLab)

closed

By bmortier on 2017-09-02T14:53:23 (imported from GitLab)

added Changed PJ1802-0188 and removed Bugs labels

By bmortier on 2019-01-24T17:21:33 (imported from GitLab)