[Freeipa-devel] [PATCH] Add group plugin port to new LDAP backend.
Jason Gerard DeRose
jderose at redhat.com
Wed May 20 22:52:37 UTC 2009
ack. pushed to master.
On Tue, 2009-05-19 at 10:29 +0200, Pavel Zuna wrote:
> Jason Gerard DeRose wrote:
> > On Wed, 2009-05-13 at 14:04 -0400, Rob Crittenden wrote:
> >> Pavel Zuna wrote:
> >>> Rob Crittenden wrote:
> >>>> Pavel Zuna wrote:
> >>>>> Rob Crittenden wrote:
> >>>>>> Pavel Zuna wrote:
> >>>>>>> By the way, there's a little bug I discovered while testing this
> >>>>>>> plugin. It affects the old group plugin as well. When trying to
> >>>>>>> modify a group into a posixGroup, gidNumber doesn't get generated
> >>>>>>> automatically resulting in a object violation LDAP error. Solution
> >>>>>>> is to generate it ourselves, but I didn't know how it works, so I
> >>>>>>> commented that part out for now. (/FIXME in vim)
> >>>>>>>
> >>>>>> This should be fixed in FDS 1.2. Can you update and give it a try?
> >>>>>>
> >>>>>> rob
> >>>>> Sure, just updated and you're right, it works. :)
> >>>>> Updated patch attached.
> >>>>>
> >>>>> Pavel
> >>>> nack. This won't handle someone using group-mod to set a specific
> >>>> gidnumber. The posixGroup objectclass won't be added.
> >>>>
> >>>> rob
> >>> Fixed patch attached.
> >>>
> >>> Pavel
> >> The basegroup2 part looks ok but nack on group2.
> >
> > So is there an update on this yet, Pavel? I was trying to review your
> > 0001-Fix-counting..., 0002-Add-houstgroup..., and 0003-Add-netgroup...
> > patches, but they depend on this patch here.
>
> Attached, but camelCase is still there for now. I'm currently testing
> the Encoder class with ldap2 and will post a patch soon that makes all
> plugins2 use lowercase when referring to LDAP attributes.
>
> >> I think we should stick with using lower-case attribute names as a rule
> >> of thumb rather than camel case. In any case you test for the string
> >> posixGroup is in the list of objectclasses, this test needs to be case
> >> insensitive.
> >>
> >> I also wonder if we should be using ldap.get_entry(). Why use this over
> >> group-show?
> >>
> >> I'm not sure if the logic around setting gidnumber is right. If you set
> >> the gidnumber but aren't using the --posix flag it looks like it will
> >> always append posixgroup to the list of objectclasses. I'm pretty sure
> >> the LDAP server is going to reject the update. I suppose making a
> >> list(set(objectclasses)) would work for de-duping.
> >>
> >> rob
> >
> Pavel
More information about the Freeipa-devel
mailing list