Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 99435 - libuser LDAP backend is not functional
Summary: libuser LDAP backend is not functional
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Raw Hide
Classification: Retired
Component: libuser
Version: 1.0
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Miloslav Trmač
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: CambridgeTarget
TreeView+ depends on / blocked
 
Reported: 2003-07-19 13:14 UTC by Felipe Alfaro Solana
Modified: 2005-10-31 22:00 UTC (History)
1 user (show)

Fixed In Version: 0.52.1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2004-09-27 18:03:26 UTC
Embargoed:

Attachments (Terms of Use)
fully functional LDAP backend module (deleted)
2003-07-28 19:39 UTC, Felipe Alfaro Solana 		no flags Details | Diff
View All

Description Felipe Alfaro Solana 2003-07-19 13:14:53 UTC 
Description of problem: 
Looking at the sources for the "libuser" library, I'm guessing the LDAP backend is 
incomplete. I've been trying to use the "libuser" LDAP backend to manage my user 
and group accouns that I've stored in my OpenLDAP server. What I found is that I 
can't use "lgroupadd" to add a group using the LDAP backend. 
 
Looking at the sources, the "lgroupadd" command-line tool invokes the 
"lu_ldap_group_add" located in "modules/ldap.c". This function, in turn, will invoke 
"lu_ldap_set" which is able to perform modifications, but not additions to the 
OpenLDAP directory. 
 
The problem here is that invoking "lgroupadd" to add a new group "testgroup", will 
map the group "testgroup" to an LDAP distinguised name of "cn=testgroup, 
ou=groups, dc=example, dc=com" (for example). Note that we are trying to add a 
new directory entry. However, the "lu_ldap_set" function will try to perform a 
modification (LDAP_MOD) and since the entry doesn't exist in the directory, it will 
fail. 
 
The "libuser" LDAP module backend is thus incomplete, and unable to properly 
manage additions, like adding groups and users to the directory. 
 
Version-Release number of selected component (if applicable): 
libuser-0.51.7 
 
How reproducible: 
Always 
 
Steps to Reproduce: 
1. Install libuser-0.51.7 
2. Modify "/etc/libuser.conf": 
... 
modules = ldap 
create_modules = ldap 
... 
[ldap] 
server = your.server.name 
basedn = dc=example,dc=com 
... 
 
3. Invoke "lgroupadd testgroup". It will complain that the group can't be added. 
This was expected, since the LDAP backend module is trying to perform a 
modification on the group, which doesn't exist, as we are trying to add it. 
     
Actual results: 
libuser's LDAP backend is completely useless. 
 
Expected results: 
libuser's LDAP backend should be able to properly perform add operations on an 
LDAP directory. 
 
Additional info: 
Will this get fixed? We're implemented a centralized OpenLDAP directory for user 
authentication and we miss a tool that allows to add users/groups to the directory. 
We though "libuser" was the solution, but it seems incomplete.
Comment 1 Felipe Alfaro Solana 2003-07-28 19:39:02 UTC 
I have attached a patch file which enables 100% operational suppor to libuser's 
LDAP module. With the original libuser, "luseradd" and "lgroupadd" command-line 
tools would fail as the original LDAP module is incomplete. 
 
This patch adds support to libuser's LDAP module to completely support "add", 
"modify" and "delete" operations. 
 
The attached patch is "libuser-LDAP-20030728.patch".
Comment 2 Felipe Alfaro Solana 2003-07-28 19:39:51 UTC 
Created attachment 93195 [details]
fully functional LDAP backend module
Comment 3 Manuel Pelayo 2003-10-03 12:24:34 UTC 
Great, 

Finally the 'libuser' is operational with LDAP.
On the other hand, when I enter a password, the error message is posted:
SystemError: error setting password in LDAP directory for
uid=testuser,ou=People,dc=example,dc=com: Undefined attribute type 

It misses nothing any more but that to use it completely.

Thank you for this work.
Comment 4 Miloslav Trmač 2004-09-22 22:31:15 UTC 
Thanks a lot for the patch.
Even though the patch was not incorporated directly, the
fixes in libuser-0.51.11-1 implement the same ideas.
Comment 5 Miloslav Trmač 2004-09-27 18:03:26 UTC 
libuser-0.52.1 should have a good-working LDAP backend.
Note You need to log in before you can comment on or make changes to this bug.