Bug 459729 - Windows sync support in IPA
Windows sync support in IPA
Status: CLOSED ERRATA
Product: freeIPA
Classification: Community
Component: ipa-server (Show other bugs)
1.2
All Linux
low Severity low
: ---
: ---
Assigned To: Rich Megginson
Chandrasekar Kannan
:
: 436119 436236 (view as bug list)
Depends On:
Blocks: 453489
  Show dependency treegraph
 
Reported: 2008-08-21 13:13 EDT by Rich Megginson
Modified: 2015-01-04 18:33 EST (History)
7 users (show)

See Also:
Fixed In Version: freeipa-2.0.0-1.fc15
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-03-27 03:13:26 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Initial-addition-of-ipa-winsync-plugin (18.31 KB, patch)
2008-08-21 13:15 EDT, Rich Megginson
no flags Details | Diff
add ipa-winsync to ipa makefiles, spec files (10.24 KB, patch)
2008-08-21 13:16 EDT, Rich Megginson
no flags Details | Diff
add support for posixAccount (11.06 KB, patch)
2008-08-21 13:16 EDT, Rich Megginson
no flags Details | Diff
ipa-winsync-config.c handles dynamic config changes (32.10 KB, patch)
2008-08-21 13:17 EDT, Rich Megginson
no flags Details | Diff
fix some memory leaks (1.64 KB, patch)
2008-08-21 13:17 EDT, Rich Megginson
no flags Details | Diff
ifdef out some testing code (7.69 KB, patch)
2008-08-22 18:19 EDT, Rich Megginson
no flags Details | Diff
library name is libipa_winsync not libipa-winsync (1.54 KB, patch)
2008-08-22 18:19 EDT, Rich Megginson
no flags Details | Diff
Support IPA in IPA server install and ipa-replica-manage (16.44 KB, patch)
2008-09-11 13:10 EDT, Rich Megginson
no flags Details | Diff
fix issues brought up by code review (3.76 KB, patch)
2008-09-17 15:15 EDT, Rich Megginson
no flags Details | Diff
Add account disable and force sync (41.92 KB, patch)
2008-09-26 12:19 EDT, Rich Megginson
no flags Details | Diff
patch - fix code review issues (5.20 KB, patch)
2008-10-01 11:39 EDT, Rich Megginson
no flags Details | Diff
patch - add winsync options to man page (1.39 KB, patch)
2008-10-03 16:16 EDT, Rich Megginson
no flags Details | Diff
add winsync support to replica manage cli (4.56 KB, patch)
2008-10-03 16:17 EDT, Rich Megginson
no flags Details | Diff
patch - do not stop the server conditionally - always stop it (1008 bytes, patch)
2008-10-03 16:18 EDT, Rich Megginson
no flags Details | Diff
patch - add eq,pres indices to existing index config entries (1.21 KB, patch)
2008-10-03 16:18 EDT, Rich Megginson
no flags Details | Diff
patch - ipa-winsync plugin does not depend on MMR (1.82 KB, patch)
2008-10-03 16:19 EDT, Rich Megginson
no flags Details | Diff
add --win-subtree argument to ipa-replica-manage (2.31 KB, patch)
2008-10-08 15:33 EDT, Rich Megginson
no flags Details | Diff
do not store the OUs in the entry when flattening (2.69 KB, patch)
2008-10-10 14:24 EDT, Rich Megginson
no flags Details | Diff
add update for winsync attribute indexes (1.40 KB, patch)
2008-10-10 14:24 EDT, Rich Megginson
no flags Details | Diff

  None (edit)
Description Rich Megginson 2008-08-21 13:13:50 EDT
IPA needs to support the windows sync that is included with directory server
Comment 1 Rich Megginson 2008-08-21 13:15:14 EDT
Created attachment 314729 [details]
Initial-addition-of-ipa-winsync-plugin
Comment 2 Rich Megginson 2008-08-21 13:16:30 EDT
Created attachment 314730 [details]
add ipa-winsync to ipa makefiles, spec files
Comment 3 Rich Megginson 2008-08-21 13:16:55 EDT
Created attachment 314731 [details]
add support for posixAccount
Comment 4 Rich Megginson 2008-08-21 13:17:25 EDT
Created attachment 314732 [details]
ipa-winsync-config.c handles dynamic config changes
Comment 5 Rich Megginson 2008-08-21 13:17:47 EDT
Created attachment 314733 [details]
fix some memory leaks
Comment 6 Rich Megginson 2008-08-22 18:19:30 EDT
Created attachment 314844 [details]
ifdef out some testing code
Comment 7 Rich Megginson 2008-08-22 18:19:58 EDT
Created attachment 314845 [details]
library name is libipa_winsync not libipa-winsync
Comment 9 Rich Megginson 2008-09-11 13:10:20 EDT
Created attachment 316460 [details]
Support IPA in IPA server install and ipa-replica-manage

This patch adds support for Windows Sync and the IPA Winsync plugin ipa-server-install and ipa-replica-manage

server install will just install the plugin config entry.

A Windows Sync agreement is added via ipa-replica-manage add.  I had to add additional flags to make it work:
  --port=PORT           port number of other server
  --binddn=BINDDN       Bind DN to use with remote server
  --bindpw=BINDPW       Password for Bind DN to use with remote server
  --winsync             This is a Windows Sync Agreement
  --cacert=CACERT       Full path and filename of CA certificate to use with
                        TLS/SSL to the remote server
Comment 10 Nathan Kinder 2008-09-16 21:59:33 EDT
In this section, there's an error message referring to the pam passthru plug-in since hte config code was based on that.  This message needs to be changed.

https://bugzilla.redhat.com/attachment.cgi?id=314732&action=diff#a/ipa-server/ipa-slapi-plugins/ipa-winsync/ipa-winsync-config.c_sec1

110  	    if ( inited ) {
111 	        slapi_log_error( SLAPI_LOG_FATAL, IPA_WINSYNC_PLUGIN_NAME,
112                     "only one PAM pass through plugin instance can be used\n" );
113             return( LDAP_PARAM_ERROR );
114 	    }
Comment 11 Nathan Kinder 2008-09-16 22:29:07 EDT
In ipa-winsync.c, there's a comment stating the following:

  "ntUniqueId and ntUserDomainId are indexed for equality only - need
   to add presence?"

We should make sure to add the right indexes in the install/upgrade code for the filters we use in the plug-in.

Aside from that and the issue I pointed out in comment#10, the attachments from comment#1-7 look good.
Comment 12 Rich Megginson 2008-09-17 15:15:38 EDT
Created attachment 317002 [details]
fix issues brought up by code review

Addresses the issues mentioned by Nathan and by Rob on the mail list.
Comment 13 Rich Megginson 2008-09-26 12:19:20 EDT
Created attachment 317807 [details]
Add account disable and force sync
Comment 14 Rich Megginson 2008-10-01 11:39:35 EDT
Created attachment 318214 [details]
patch - fix code review issues
Comment 15 Rich Megginson 2008-10-03 16:16:38 EDT
Created attachment 319412 [details]
patch - add winsync options to man page
Comment 16 Rich Megginson 2008-10-03 16:17:18 EDT
Created attachment 319413 [details]
add winsync support to replica manage cli
Comment 17 Rich Megginson 2008-10-03 16:18:02 EDT
Created attachment 319414 [details]
patch - do not stop the server conditionally - always stop it
Comment 18 Rich Megginson 2008-10-03 16:18:42 EDT
Created attachment 319415 [details]
patch - add eq,pres indices to existing index config entries
Comment 19 Rich Megginson 2008-10-03 16:19:11 EDT
Created attachment 319416 [details]
patch - ipa-winsync plugin does not depend on MMR
Comment 20 Rich Megginson 2008-10-08 15:33:34 EDT
Created attachment 319786 [details]
add --win-subtree argument to ipa-replica-manage
Comment 21 Rich Megginson 2008-10-10 14:24:19 EDT
Created attachment 320039 [details]
do not store the OUs in the entry when flattening
Comment 22 Rich Megginson 2008-10-10 14:24:43 EDT
Created attachment 320040 [details]
add update for winsync attribute indexes
Comment 23 Rich Megginson 2008-10-13 13:41:24 EDT
Patches have been committed to master and 1.2 branch:

commit f02d1429cadd2f6926a0094187ff467a5eb55220
commit 5c56c43693b4b7a5da25777a8a441f596ed2fa84
commit 9f18858e5826eab7430a4edb1b988ef45eaa8b65
commit 0988e1c53c34e474606813d0e3adce1e090c98e7
commit d3637dde7cc56970dec7c36db3d7478e5d04b28e
commit 38154073a88f5608d9b33854d3282687fb422bad
commit 28195610f6f768179159f841887745dcbee27b2d
commit 068ed81195131781b8ec88a7c4cc3df2604c978a
commit 0e346ff6fbc722d805b7fdf2710f169d5e62ab68
commit 69180c2dccb82c6bb6b9a058309294f80f1c05d6
commit e8bebebc2346c381e4b30a4995aff38b553695f6
commit be5e783f72c987603288522a21e7f9bab1e9bd9a
commit 5a5bfa2c70a15a0be20d92fae72faefcc619d18b
commit 2a2bc851bdccb9402ec02a08deaa4e9945925908
commit 434f9aca6abe6055de4d92b5e082666027387388
commit 4bc89c427e5ecc47052a7489a9d4f8d18fbc1856
commit c80ecc8c2af350483f3316727395cb0e5bb3600e
commit 61b5a95dd12ffc1efa5c14b2caedc8c002c2d18f
commit 6454956d51f5a99f80f63475ae38d422ebc4432d
commit 09514965931d91b8b88841e14493b5213bf381a3
Comment 24 Rob Crittenden 2008-12-03 12:08:05 EST
*** Bug 436119 has been marked as a duplicate of this bug. ***
Comment 25 Yi Zhang 2008-12-04 19:03:40 EST
test and verified based on our PRD requirement. 

bug closed.
Comment 27 Rob Crittenden 2009-01-12 15:09:27 EST
*** Bug 436236 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.