Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove LDAP parts #366

Open
wants to merge 9 commits into
base: master
Choose a base branch
from
Open

Remove LDAP parts #366

wants to merge 9 commits into from
+137 −7,612

Conversation

Firstyear
Copy link

Start to remove all ldap integration.

The LDAP integration as it exists in Yast is unmaintained and does a lot of things incorrectly. It relies on functionality to bypass password policy in LDAP servers, it requires client side pre-hashing/salting of passwords, it allows clear text storage of pws, it isn't schema aware, it relies on openldap specific functionality and more. Generally it's not in a good shape.

This starts the removal process. There are better tools to manage ldap accounts like ldapvi, dsidm, apache directory studio and more.

Currently this PR does have an error with rake run but the ruby trace has no correlation to the code so I don't know whats wrong :(

INFO: Gem yast-rake-ci not installed, extra tasks not loaded
** Invoke run (first_time)
** Execute run
/sbin/yast2 src/clients/users.rb
rake aborted!
Command failed with status (2): [/sbin/yast2 src/clients/users.rb...]
/usr/lib64/ruby/gems/3.1.0/gems/rake-13.0.6/lib/rake/file_utils.rb:67:in `block in create_shell_runner'
/usr/lib64/ruby/gems/3.1.0/gems/rake-13.0.6/lib/rake/file_utils.rb:57:in `sh'
/usr/lib64/ruby/gems/3.1.0/gems/yast-rake-0.2.47/lib/tasks/run.rake:48:in `block in <top (required)>'
/usr/lib64/ruby/gems/3.1.0/gems/rake-13.0.6/lib/rake/task.rb:281:in `block in execute'
/usr/lib64/ruby/gems/3.1.0/gems/rake-13.0.6/lib/rake/task.rb:281:in `each'
/usr/lib64/ruby/gems/3.1.0/gems/rake-13.0.6/lib/rake/task.rb:281:in `execute'
/usr/lib64/ruby/gems/3.1.0/gems/rake-13.0.6/lib/rake/task.rb:219:in `block in invoke_with_call_chain'
/usr/lib64/ruby/gems/3.1.0/gems/rake-13.0.6/lib/rake/task.rb:199:in `synchronize'
/usr/lib64/ruby/gems/3.1.0/gems/rake-13.0.6/lib/rake/task.rb:199:in `invoke_with_call_chain'
/usr/lib64/ruby/gems/3.1.0/gems/rake-13.0.6/lib/rake/task.rb:188:in `invoke'
/usr/lib64/ruby/gems/3.1.0/gems/rake-13.0.6/lib/rake/application.rb:160:in `invoke_task'
/usr/lib64/ruby/gems/3.1.0/gems/rake-13.0.6/lib/rake/application.rb:116:in `block (2 levels) in top_level'
/usr/lib64/ruby/gems/3.1.0/gems/rake-13.0.6/lib/rake/application.rb:116:in `each'
/usr/lib64/ruby/gems/3.1.0/gems/rake-13.0.6/lib/rake/application.rb:116:in `block in top_level'
/usr/lib64/ruby/gems/3.1.0/gems/rake-13.0.6/lib/rake/application.rb:125:in `run_with_threads'
/usr/lib64/ruby/gems/3.1.0/gems/rake-13.0.6/lib/rake/application.rb:110:in `top_level'
/usr/lib64/ruby/gems/3.1.0/gems/rake-13.0.6/lib/rake/application.rb:83:in `block in run'
/usr/lib64/ruby/gems/3.1.0/gems/rake-13.0.6/lib/rake/application.rb:186:in `standard_exception_handling'
/usr/lib64/ruby/gems/3.1.0/gems/rake-13.0.6/lib/rake/application.rb:80:in `run'
/usr/lib64/ruby/gems/3.1.0/gems/rake-13.0.6/exe/rake:27:in `<top (required)>'
/usr/bin/rake:25:in `load'
/usr/bin/rake:25:in `<main>'
Tasks: TOP => run

dgdavid
dgdavid reviewed Aug 10, 2022
View reviewed changes
Copy link
Member

@dgdavid dgdavid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot for the PR, much appreciate.

I'd like to test the module manually before going for the approval. It might take me some time because I'm a bit busy today. Hope you don't mind.

Meanwhile, you can bump version and add an entry in the changelog ;)

@dgdavid

This comment was marked as outdated.

Sign in to view
@dgdavid

This comment was marked as outdated.

Sign in to view
@dgdavid dgdavid mentioned this pull request Aug 23, 2022
Merged
dgdavid
dgdavid requested changes Aug 23, 2022
View reviewed changes
Copy link
Member

@dgdavid dgdavid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I managed to invest some time testing this PR today. We're on the way ;) but there are some thing to polish yet.

  • Users.pm has now a bunch of variables that are used but not previously declared. For example, $substituted, @user_internals, @group_internals or even $password (this one in the sub _hashPassword) We have to either, get ride of the useless code using them or re-declare those that still in use.

  • The Makefile still referencing files that does not exist anymore

    diff --git a/src/Makefile.am b/src/Makefile.am
index 8622773e..3771f491 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -9,7 +9,6 @@ module_DATA = \
  modules/UsersPlugins.pm \
  modules/UsersSimple.pm \
  modules/UsersCache.pm \
-  modules/UsersPluginKerberos.pm \
  modules/UsersPasswd.pm \
  modules/Y2UsersLinux.rb

@@ -25,9 +24,6 @@ client_DATA = \
  clients/users_finish.rb \
  clients/groups.rb \
  clients/users_plugin_quota.rb \
-  clients/users_plugin_ldap_all.rb \
-  clients/users_plugin_ldap_shadowaccount.rb \
-  clients/users_plugin_ldap_passwordpolicy.rb \
  clients/users.rb \
  clients/inst_root_first.rb \
  clients/inst_user_first.rb \
@@ -42,7 +38,6 @@ yncludedir = @yncludedir@/users
ynclude_DATA = \
  include/users/widgets.rb \
  include/users/wizards.rb \
-  include/users/ldap_dialogs.rb \
  include/users/dialogs.rb \
  include/users/complex.rb \
  include/users/routines.rb \

    We have to remove these references from there.

  • The module fails when trying to write changes to the system

    Internal error. Please report a bug report with logs.
Run save_y2logs to get complete logs.

Caller: /usr/share/YaST2/include/users/complex.rb:84:in `WriteDialog'

Details: undefined method `LDAPModified' for Yast::Users:Module

if Users.LDAPModified && (Ldap.anonymous || Ldap.bind_pass == nil)
^^^^^^^^^^^^^

Start the Ruby debugger now and debug the issue? (Experts only!)

    Which is probably a matter of adapting the #WriteDialog method.

@dgdavid

This comment was marked as outdated.

Sign in to view
@dgdavid

This comment was marked as outdated.

Sign in to view
@dgdavid

This comment was marked as outdated.

Sign in to view
@dgdavid

This comment was marked as outdated.

Sign in to view
dgdavid
dgdavid reviewed Aug 23, 2022
View reviewed changes
src/modules/Users.pm Show resolved Hide resolved
src/modules/Users.pm Show resolved Hide resolved
@dgdavid
Copy link
Member

dgdavid commented Aug 23, 2022

This step should be removed too:

yast-users/src/modules/Users.pm

Lines 4161 to 4164 in 074bb76

# progress stage label
__("Write LDAP users, groups and settings"),
# progress stage label
__("Write local users, groups and settings"),

@Firstyear
Copy link
Author

Yeah, there is a lot to remove still, but once I hit the case where I couldn't proceed, I stopped "removing" since I could no longer test and I didn't want to cause more damage. So any help would be great :)

@dgdavid
Copy link
Member

dgdavid commented Aug 24, 2022

Yeah, there is a lot to remove still, but once I hit the case where I couldn't proceed, I stopped "removing" since I could no longer test and I didn't want to cause more damage. So any help would be great :)

Ok, I'll jump in. Let's see how further I can go.

@dgdavid dgdavid force-pushed the 20220810-remove-ldap branch from 2b168e4 to 3d6791d Compare August 24, 2022 08:21
@coveralls
Copy link

coveralls commented Aug 24, 2022
edited
Loading

Pull Request Test Coverage Report for Build 2925671381

  • 0 of 11 (0.0%) changed or added relevant lines in 4 files are covered.
  • 12 unchanged lines in 4 files lost coverage.
  • Overall coverage increased (+4.8%) to 64.835%
Changes Missing Coverage Covered Lines Changed/Added Lines %
src/include/users/wizards.rb 0 1 0.0%
src/include/users/helps.rb 0 2 0.0%
src/include/users/widgets.rb 0 2 0.0%
src/include/users/dialogs.rb 0 6 0.0%
Files with Coverage Reduction New Missed Lines %
src/include/users/complex.rb 1 43.48%
src/include/users/wizards.rb 3 29.27%
src/include/users/dialogs.rb 4 10.95%
src/include/users/widgets.rb 4 13.33%
Totals Coverage Status
Change from base Build 2904522885: 4.8%
Covered Lines: 3269
Relevant Lines: 5042
💛 - Coveralls

dgdavid added 3 commits August 24, 2022 09:39
@dgdavid
Additional LDAP removals
5a0e4d4
@dgdavid
Do not use bareword true
5a89fe5 
Otherwise, Perl will complain with 'Bareword "true" not allowed while
"strict subs"'
@dgdavid
Fix member_attr initialization in USERS.pm
ec7bbd1
@dgdavid
Copy link
Member

dgdavid commented Aug 24, 2022

I manage to get CI green, but still changes to do. Specially in the documentation, where none LDAP reference has been removed yet.

@ancorgs
Copy link
Contributor

ancorgs commented Aug 25, 2022

There are quite some documents that mention the LDAP functionality. I guess they should also get updated to explicitly mention the functionality was there but was intentionally removed:

@dgdavid dgdavid force-pushed the 20220810-remove-ldap branch from 5daa2f7 to 67acebc Compare August 25, 2022 09:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dgdavid dgdavid dgdavid requested changes

@jreidinger jreidinger Awaiting requested review from jreidinger

@joseivanlopez joseivanlopez Awaiting requested review from joseivanlopez

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Firstyear @dgdavid @coveralls @ancorgs @jreidinger