[Freeipa-devel] [PATCH] Add group plugin port to new LDAP backend.

Pavel Zuna pzuna at redhat.com
Tue May 19 08:29:33 UTC 2009 

Jason Gerard DeRose wrote:
> On Wed, 2009-05-13 at 14:04 -0400, Rob Crittenden wrote:
>> Pavel Zuna wrote:
>>> Rob Crittenden wrote:
>>>> Pavel Zuna wrote:
>>>>> Rob Crittenden wrote:
>>>>>> Pavel Zuna wrote:
>>>>>>> By the way, there's a little bug I discovered while testing this 
>>>>>>> plugin. It affects the old group plugin as well. When trying to 
>>>>>>> modify a group into a posixGroup, gidNumber doesn't get generated 
>>>>>>> automatically resulting in a object violation LDAP error. Solution 
>>>>>>> is to generate it ourselves, but I didn't know how it works, so I 
>>>>>>> commented that part out for now. (/FIXME in vim)
>>>>>>>
>>>>>> This should be fixed in FDS 1.2. Can you update and give it a try?
>>>>>>
>>>>>> rob
>>>>> Sure, just updated and you're right, it works.  :)
>>>>> Updated patch attached.
>>>>>
>>>>> Pavel
>>>> nack. This won't handle someone using group-mod to set a specific 
>>>> gidnumber. The posixGroup objectclass won't be added.
>>>>
>>>> rob
>>> Fixed patch attached.
>>>
>>> Pavel
>> The basegroup2 part looks ok but nack on group2.
> 
> So is there an update on this yet, Pavel?  I was trying to review your
> 0001-Fix-counting..., 0002-Add-houstgroup..., and 0003-Add-netgroup...
> patches, but they depend on this patch here.

Attached, but camelCase is still there for now. I'm currently testing 
the Encoder class with ldap2 and will post a patch soon that makes all 
plugins2 use lowercase when referring to LDAP attributes.

>> I think we should stick with using lower-case attribute names as a rule 
>> of thumb rather than camel case. In any case you test for the string 
>> posixGroup is in the list of objectclasses, this test needs to be case 
>> insensitive.
>>
>> I also wonder if we should be using ldap.get_entry(). Why use this over 
>> group-show?
>>
>> I'm not sure if the logic around setting gidnumber is right. If you set 
>> the gidnumber but aren't using the --posix flag it looks like it will 
>> always append posixgroup to the list of objectclasses. I'm pretty sure 
>> the LDAP server is going to reject the update. I suppose making a 
>> list(set(objectclasses)) would work for de-duping.
>>
>> rob
> 
Pavel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-group-plugin-port-to-new-LDAP-backend.patch
Type: application/mbox
Size: 23087 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20090519/f21dc969/attachment.mbox>

More information about the Freeipa-devel mailing list