[Freeipa-devel] Re: [PATCH] Add --all to LDAPCreate and make LDAP commands always display default attributes.
Rob Crittenden
rcritten at redhat.com
Tue Nov 17 20:56:34 UTC 2009
Pavel Zuna wrote:
> Rob Crittenden wrote:
>> Pavel Zuna wrote:
>>> And here's the actual patch. :)
>>>
>>> Pavel Zuna wrote:
>>>> This should fix the issue:
>>>>
>>>> Rob Crittenden wrote:
>>>>> Michael Gregg wrote:
>>>>>>
>>>>>> Rob, did the support for posix groups change?
>>>>>>
>>>>>> If I create a group specifying "--posix" the cli does create the
>>>>>> group.
>>>>>> Then, using ipa group-find, I do not see any way to determine if
>>>>>> that group is a posixgroup or not.
>>>>>> group-find -all used to reveal a PosixGroup field.
>>>>>>
>>>>>> How do I determine if a group is a posix group or not?
>>>>>>
>>>>>> Michael-
>>>>>
>>>>> Ok, I suppose I could have looked at this before firing off an
>>>>> e-mail :-)
>>>>>
>>>>> I do see the group number when showing a group:
>>>>>
>>>>> $ ./ipa group-show g9
>>>>> -----------
>>>>> group-show:
>>>>> -----------
>>>>> Group: g9
>>>>> name: g9
>>>>> description: test posix group
>>>>> group id: 1117
>>>>>
>>>>> But when adding it this doesn't appear. Oddly enough we show the
>>>>> ipquniqueid when adding a group but not when showing it!
>>>>>
>>>>> Pavel, do you have time to investigate this inconsistency?
>>>>>
>>>>> rob
>>>>
>>>> Pavel
>>>>
>>
>> I'm not sure how this addresses the issue that when adding a group
>> different values are returned than when you show one.
> When an entry is created, we show the default attributes and all
> attributes that were created explicitly. Before this patch, it was just
> all attributes, that were created explicitly, so for example gid didn't
> show up on groups, because it was created by the DNA plugin.
>
> When showing an entry, we return the default attributes.
>
> Should I change LDAPCreate to only return default attributes?
No. I understand the problem now. I think in earlier versions we were
actually doing a lookup of the entry after creation and returning that.
This would resolve the problem.
>> This also causes a whole ton of tests to fail. I think in baseldap.oy
>> instead of:
>>
>> if options['all']:
>>
>> You want:
>>
>> if options.get('all', False):
> Some of the tests were failing before this patch. I submitted a fix for
> most of them.
>
> if options['all'] is fine, because --all is a Flag parameters and is
> required.
The service plugin overrides takes_options() in some cases, hence no
'all. Probably something to fix but we still should handle this case
(all not in options).
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20091117/af74593e/attachment.bin>
More information about the Freeipa-devel
mailing list