Bug 99435 - libuser LDAP backend is not functional
Summary: libuser LDAP backend is not functional
Alias: None
Product: Red Hat Raw Hide
Classification: Retired
Component: libuser   
(Show other bugs)
Version: 1.0
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Miloslav Trmač
QA Contact:
Depends On:
Blocks: CambridgeTarget
TreeView+ depends on / blocked
Reported: 2003-07-19 13:14 UTC by Felipe Alfaro Solana
Modified: 2005-10-31 22:00 UTC (History)
1 user (show)

Fixed In Version: 0.52.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-09-27 18:03:26 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
fully functional LDAP backend module (13.28 KB, patch)
2003-07-28 19:39 UTC, Felipe Alfaro Solana
no flags Details | Diff

Description Felipe Alfaro Solana 2003-07-19 13:14:53 UTC
Description of problem: 
Looking at the sources for the "libuser" library, I'm guessing the LDAP backend is 
incomplete. I've been trying to use the "libuser" LDAP backend to manage my user 
and group accouns that I've stored in my OpenLDAP server. What I found is that I 
can't use "lgroupadd" to add a group using the LDAP backend. 
Looking at the sources, the "lgroupadd" command-line tool invokes the 
"lu_ldap_group_add" located in "modules/ldap.c". This function, in turn, will invoke 
"lu_ldap_set" which is able to perform modifications, but not additions to the 
OpenLDAP directory. 
The problem here is that invoking "lgroupadd" to add a new group "testgroup", will 
map the group "testgroup" to an LDAP distinguised name of "cn=testgroup, 
ou=groups, dc=example, dc=com" (for example). Note that we are trying to add a 
new directory entry. However, the "lu_ldap_set" function will try to perform a 
modification (LDAP_MOD) and since the entry doesn't exist in the directory, it will 
The "libuser" LDAP module backend is thus incomplete, and unable to properly 
manage additions, like adding groups and users to the directory. 
Version-Release number of selected component (if applicable): 
How reproducible: 
Steps to Reproduce: 
1. Install libuser-0.51.7 
2. Modify "/etc/libuser.conf": 
modules = ldap 
create_modules = ldap 
server = your.server.name 
basedn = dc=example,dc=com 
3. Invoke "lgroupadd testgroup". It will complain that the group can't be added. 
This was expected, since the LDAP backend module is trying to perform a 
modification on the group, which doesn't exist, as we are trying to add it. 
Actual results: 
libuser's LDAP backend is completely useless. 
Expected results: 
libuser's LDAP backend should be able to properly perform add operations on an 
LDAP directory. 
Additional info: 
Will this get fixed? We're implemented a centralized OpenLDAP directory for user 
authentication and we miss a tool that allows to add users/groups to the directory. 
We though "libuser" was the solution, but it seems incomplete.

Comment 1 Felipe Alfaro Solana 2003-07-28 19:39:02 UTC
I have attached a patch file which enables 100% operational suppor to libuser's 
LDAP module. With the original libuser, "luseradd" and "lgroupadd" command-line 
tools would fail as the original LDAP module is incomplete. 
This patch adds support to libuser's LDAP module to completely support "add", 
"modify" and "delete" operations. 
The attached patch is "libuser-LDAP-20030728.patch". 

Comment 2 Felipe Alfaro Solana 2003-07-28 19:39:51 UTC
Created attachment 93195 [details]
fully functional LDAP backend module

Comment 3 Manuel Pelayo 2003-10-03 12:24:34 UTC

Finally the 'libuser' is operational with LDAP.
On the other hand, when I enter a password, the error message is posted:
SystemError: error setting password in LDAP directory for
uid=testuser,ou=People,dc=example,dc=com: Undefined attribute type 

It misses nothing any more but that to use it completely.

Thank you for this work.

Comment 4 Miloslav Trmač 2004-09-22 22:31:15 UTC
Thanks a lot for the patch.
Even though the patch was not incorporated directly, the
fixes in libuser-0.51.11-1 implement the same ideas.

Comment 5 Miloslav Trmač 2004-09-27 18:03:26 UTC
libuser-0.52.1 should have a good-working LDAP backend.

Note You need to log in before you can comment on or make changes to this bug.