Red Hat Bugzilla – Bug 99435
libuser LDAP backend is not functional
Last modified: 2005-10-31 17:00:50 EST
Description of problem: Looking at the sources for the "libuser" library, I'm guessing the LDAP backend is incomplete. I've been trying to use the "libuser" LDAP backend to manage my user and group accouns that I've stored in my OpenLDAP server. What I found is that I can't use "lgroupadd" to add a group using the LDAP backend. Looking at the sources, the "lgroupadd" command-line tool invokes the "lu_ldap_group_add" located in "modules/ldap.c". This function, in turn, will invoke "lu_ldap_set" which is able to perform modifications, but not additions to the OpenLDAP directory. The problem here is that invoking "lgroupadd" to add a new group "testgroup", will map the group "testgroup" to an LDAP distinguised name of "cn=testgroup, ou=groups, dc=example, dc=com" (for example). Note that we are trying to add a new directory entry. However, the "lu_ldap_set" function will try to perform a modification (LDAP_MOD) and since the entry doesn't exist in the directory, it will fail. The "libuser" LDAP module backend is thus incomplete, and unable to properly manage additions, like adding groups and users to the directory. Version-Release number of selected component (if applicable): libuser-0.51.7 How reproducible: Always Steps to Reproduce: 1. Install libuser-0.51.7 2. Modify "/etc/libuser.conf": ... modules = ldap create_modules = ldap ... [ldap] server = your.server.name basedn = dc=example,dc=com ... 3. Invoke "lgroupadd testgroup". It will complain that the group can't be added. This was expected, since the LDAP backend module is trying to perform a modification on the group, which doesn't exist, as we are trying to add it. Actual results: libuser's LDAP backend is completely useless. Expected results: libuser's LDAP backend should be able to properly perform add operations on an LDAP directory. Additional info: Will this get fixed? We're implemented a centralized OpenLDAP directory for user authentication and we miss a tool that allows to add users/groups to the directory. We though "libuser" was the solution, but it seems incomplete.
I have attached a patch file which enables 100% operational suppor to libuser's LDAP module. With the original libuser, "luseradd" and "lgroupadd" command-line tools would fail as the original LDAP module is incomplete. This patch adds support to libuser's LDAP module to completely support "add", "modify" and "delete" operations. The attached patch is "libuser-LDAP-20030728.patch".
Created attachment 93195 [details] fully functional LDAP backend module
Great, Finally the 'libuser' is operational with LDAP. On the other hand, when I enter a password, the error message is posted: SystemError: error setting password in LDAP directory for uid=testuser,ou=People,dc=example,dc=com: Undefined attribute type It misses nothing any more but that to use it completely. Thank you for this work.
Thanks a lot for the patch. Even though the patch was not incorporated directly, the fixes in libuser-0.51.11-1 implement the same ideas.
libuser-0.52.1 should have a good-working LDAP backend.