[Freeipa-devel] [PATCH] Add group plugin port to new LDAP backend.
Pavel Zuna
pzuna at redhat.com
Tue May 19 08:29:33 UTC 2009
Jason Gerard DeRose wrote:
> On Wed, 2009-05-13 at 14:04 -0400, Rob Crittenden wrote:
>> Pavel Zuna wrote:
>>> Rob Crittenden wrote:
>>>> Pavel Zuna wrote:
>>>>> Rob Crittenden wrote:
>>>>>> Pavel Zuna wrote:
>>>>>>> By the way, there's a little bug I discovered while testing this
>>>>>>> plugin. It affects the old group plugin as well. When trying to
>>>>>>> modify a group into a posixGroup, gidNumber doesn't get generated
>>>>>>> automatically resulting in a object violation LDAP error. Solution
>>>>>>> is to generate it ourselves, but I didn't know how it works, so I
>>>>>>> commented that part out for now. (/FIXME in vim)
>>>>>>>
>>>>>> This should be fixed in FDS 1.2. Can you update and give it a try?
>>>>>>
>>>>>> rob
>>>>> Sure, just updated and you're right, it works. :)
>>>>> Updated patch attached.
>>>>>
>>>>> Pavel
>>>> nack. This won't handle someone using group-mod to set a specific
>>>> gidnumber. The posixGroup objectclass won't be added.
>>>>
>>>> rob
>>> Fixed patch attached.
>>>
>>> Pavel
>> The basegroup2 part looks ok but nack on group2.
>
> So is there an update on this yet, Pavel? I was trying to review your
> 0001-Fix-counting..., 0002-Add-houstgroup..., and 0003-Add-netgroup...
> patches, but they depend on this patch here.
Attached, but camelCase is still there for now. I'm currently testing
the Encoder class with ldap2 and will post a patch soon that makes all
plugins2 use lowercase when referring to LDAP attributes.
>> I think we should stick with using lower-case attribute names as a rule
>> of thumb rather than camel case. In any case you test for the string
>> posixGroup is in the list of objectclasses, this test needs to be case
>> insensitive.
>>
>> I also wonder if we should be using ldap.get_entry(). Why use this over
>> group-show?
>>
>> I'm not sure if the logic around setting gidnumber is right. If you set
>> the gidnumber but aren't using the --posix flag it looks like it will
>> always append posixgroup to the list of objectclasses. I'm pretty sure
>> the LDAP server is going to reject the update. I suppose making a
>> list(set(objectclasses)) would work for de-duping.
>>
>> rob
>
Pavel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-group-plugin-port-to-new-LDAP-backend.patch
Type: application/mbox
Size: 23087 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20090519/f21dc969/attachment.mbox>
More information about the Freeipa-devel
mailing list