Ubuntu
adcli package

[FFe]: apply some useful upstream changes

Bug #1893784 reported by Andreas Hasenack
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
adcli (Ubuntu)
Fix Released
Undecided
Andreas Hasenack

Bug Description

As part of our roadmap commitment to better support integration with Active Directory, and adcli was recently moved to main as a result of that, we should cherry-pick these changes which introduce new useful funcionality:

a) https://gitlab.freedesktop.org/realmd/adcli/-/commit/3937a2a7db90611aa7a93248233b0c5d31e85a3e
"""
add description option to join and update
This new option allows to set the description LDAP attribute for the AD
computer object.
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1737342
"""
The above is an optional new parameter to the join and update commands. I tested it with an actual AD server (windows 2019).

b) https://gitlab.freedesktop.org/realmd/adcli/-/commit/0a169bd9b2687293f74bb57694eb82f9769610c9
"""
tools: add show-computer command
The show-computer command prints the LDAP attributes of the related
computer object from AD.
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1737342
"""

This is a new command to show details about a computer account in AD, like OS, OS version, description (added by (a) above) and others. I also tested it with a live AD windows 2019 server.

Both new parameters or commands are not used by the realm tool, from the realmd package, so there is no risk of regression there.

PPA with test builds: https://launchpad.net/~ahasenack/+archive/ubuntu/adcli-fixes

See original description

Related branches

~ahasenack/ubuntu/+source/adcli:groovy-adcli-upstream-fixes
Christian Ehrhardt  (community): Approve
Canonical Server: Pending requested
Diff: 1448 lines (+1356/-1)
14 files modified
debian/changelog (+33/-0)
debian/control (+2/-1)
debian/patches/Use-GSS-SPNEGO-if-available.patch (+127/-0)
debian/patches/add-description-option-to-join-and-update.patch (+186/-0)
debian/patches/add-option-use-ldaps.patch (+383/-0)
debian/patches/delete-do-not-exit-if-keytab-cannot-be-read.patch (+34/-0)
debian/patches/discovery-fix.patch (+29/-0)
debian/patches/man-explain-optional-parameter-of-login-ccache-bette.patch (+46/-0)
debian/patches/man-make-handling-of-optional-credential-cache-more-.patch (+43/-0)
debian/patches/man-move-note-to-the-right-section.patch (+50/-0)
debian/patches/series (+11/-0)
debian/patches/tools-add-show-computer-command.patch (+341/-0)
debian/patches/tools-disable-SSSD-s-locator-plugin.patch (+43/-0)
debian/patches/tools-fix-typo-in-show-password-help-output.patch (+28/-0)
Andreas Hasenack (ahasenack)
summary: - Apply some useful unreleased fixes
+ Apply some useful unreleased changes
description: updated
summary: - Apply some useful unreleased changes
+ [FFe]: apply some useful upstream changes
Andreas Hasenack (ahasenack)
description: updated
description: updated
description: updated
description: updated
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

I was cleaning MPs today, this seems to still waiting on FFe approval :-/
I'll ping a few people ...

Revision history for this message
Łukasz Zemczak (sil2100) wrote :

This seems safe to include, even this late in the cycle. FFe granted!

Changed in adcli (Ubuntu):
status: New → Triaged
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package adcli - 0.9.0-1ubuntu1

---------------
adcli (0.9.0-1ubuntu1) groovy; urgency=medium

  * New features (LP: #1893784):
    - d/p/tools-add-show-computer-command.patch: add a show-computer
      command to print the LDAP attrs of the computer object
    - d/p/add-description-option-to-join-and-update.patch: allow setting
      an optional description on the computer account
  * Handle new Active Directory requirements from
    https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023
    (LP: #1868703):
    - d/p/Use-GSS-SPNEGO-if-available.patch: prefer GSS-SPNEGO over
      GSSAPI if available, as that can handle some of the more advanced
      features which can be required by an AD server
    - d/p/add-option-use-ldaps.patch: add option to use LDAPS, useful
      if for some reason the LDAP port is blocked.
  * Documentation fixes:
    - d/p/man-move-note-to-the-right-section.patch: move note about
      password lifetime to the update section
    - d/p/man-explain-optional-parameter-of-login-ccache-bette.patch,
      d/p/man-make-handling-of-optional-credential-cache-more-.patch:
      better explain the login-ccache and -C parameters
    - d/p/tools-fix-typo-in-show-password-help-output.patch: typo fix
  * Other fixes:
    - d/p/discovery-fix.patch: do not continue processing on a closed
      connection
    - d/p/delete-do-not-exit-if-keytab-cannot-be-read.patch: fix computer
      deletion when keytab cannot be read
    - d/p/tools-disable-SSSD-s-locator-plugin.patch: ignore MIT's locator
      plugin to avoid conflicts if it returns a different DC than the one
      used for the LDAP connection

 -- Andreas Hasenack <email address hidden> Wed, 02 Sep 2020 09:50:18 -0300

Changed in adcli (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.