[Freeipa-devel] [PATCH] Make ldap2.convert_attr_synonyms more robust against schema lookup fails.
Pavel Zuna
pzuna at redhat.com
Fri Nov 20 12:35:33 UTC 2009
Rob Crittenden wrote:
> Pavel Zuna wrote:
>> Rob Crittenden wrote:
>>> Pavel Zuna wrote:
>>>> Rob Crittenden wrote:
>>>>> The user plugin is crapping out on line 317 of ldap2.py because
>>>>> attr is coming back None. The attribute it is looking for is member.
>>>>>
>>>>> I think the fix involves setting member_attributes = ['member'] to
>>>>> the user plugin.
>>>>>
>>>>> I wonder if we need to make the ldap2 plugin a bit more robust too
>>>>> so it can handle it better if the schema lookup returns None.
>>>>>
>>>>> rob
>>>> This should fix the issue.
>>>>
>>>
>>> Yes, this will fix it (I did a similar fix to work around it) but
>>> what does it mean if there is no attribute found? Is that possible?
>>>
>>> Should we catch it and return a more specific error message instead?
>>>
>>> rob
>>
>> If it doesn't find the attribute, PROBABLY nothing will happen...
>>
>> Fortunately, we don't have to worry about it anymore. I played with
>> python-ldap a bit today and it seems to have the convert_attr_synonyms
>> functionality built-in. :)
>>
>> Here's a replacement patch.
>>
>> Pavel
>
> nack. I don't see where python-ldap is replacing it. We weren't seeing
> it done before were we?
That's because we were doing it wrong.
We were requesting all attributes ('*') + ACIs ('aci'). After this patch we
explicitly request all attributes in the new entry (i.e. all attributes that are
going to be updated) and python-ldap will always return them named as they were
requested. In other words: If we request localityName as l, python-ldap will
return it as l, if we request it as localityName, python-ldap will return it as
localityName.
> Also, we need to request the 'aci' attribute for the aci plugin to work.
And we do so, because after this patch, we're requesting all attributes explicitly.
> rob
Pavel
More information about the Freeipa-devel
mailing list