Bug 841553 - Error initializing libuser: the `files' and `ldap' modules can not be combined.
Error initializing libuser: the `files' and `ldap' modules can not be combined.
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libuser (Show other bugs)
7.0
Unspecified Unspecified
medium Severity medium
: beta
: ---
Assigned To: Miloslav Trmač
BaseOS QE Security Team
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-07-19 07:33 EDT by Ondrej Moriš
Modified: 2012-11-21 09:35 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-11-21 09:35:34 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ondrej Moriš 2012-07-19 07:33:36 EDT
Description of problem:

In RHEL6 it was possible to combine 'files' and 'ldap' modules in libuser configuration, in RHEL7 is is no longer possible and this change is also not documented in libuser.conf man page.

Version-Release number of selected component (if applicable):

libuser-0.57.6-1.el7

How reproducible:

100%

Steps to Reproduce:

1. Configure libuser as follows (libuser.conf):

login_defs = /etc/login.defs
default_useradd = /etc/default/useradd

[defaults]

crypt_style = md5
create_modules = files shadow ldap
modules = files shadow ldap

[userdefaults]
LU_USERNAME = %n
LU_GIDNUMBER = %u

[groupdefaults]
LU_GROUPNAME = %n

[files]

[shadow]

[ldap]
server = ldap://127.0.0.1
basedn = dc=foo,dc=bar,dc=com
binddn = cn=Manager,dc=foo,dc=bar,dc=com
password = x
bindtype = simple

[sasl]

2. Optionally configure LDAP in the aforementioned configuration.

3. lid ldapuser
  
Actual results:

Error initializing libuser: the `files' and `ldap' modules can not be combined.

Expected results:

ldapgroup(gid=20001) [e.g.]

Additional info:
Comment 1 Miloslav Trmač 2012-07-19 22:49:31 EDT
Thanks for your report.

This was an intentional change in libuser-0.57, to resolve bug #643227.  The semantics of the "encrypted password" field differs between /etc/shadow and LDAP, and libuser's architecture cannot cope with this without non-trivial changes, so disabling the combination of the two modules was considered the cleanest solution.  Yes, it removes a feature, however one that I don't think is used very frequently.

Do you know of a case where the module combination is needed?  Looking at the referenced test case, it seems that it could be modified not to combine the files/shadow and ldap modules.

Note You need to log in before you can comment on or make changes to this bug.