[Freeipa-devel] [PATCH] Make ldap2.convert_attr_synonyms more robust against schema lookup fails.
Rob Crittenden
rcritten at redhat.com
Fri Nov 20 14:32:18 UTC 2009
Pavel Zuna wrote:
> Rob Crittenden wrote:
>> Pavel Zuna wrote:
>>> Rob Crittenden wrote:
>>>> Pavel Zuna wrote:
>>>>> Rob Crittenden wrote:
>>>>>> The user plugin is crapping out on line 317 of ldap2.py because
>>>>>> attr is coming back None. The attribute it is looking for is member.
>>>>>>
>>>>>> I think the fix involves setting member_attributes = ['member'] to
>>>>>> the user plugin.
>>>>>>
>>>>>> I wonder if we need to make the ldap2 plugin a bit more robust too
>>>>>> so it can handle it better if the schema lookup returns None.
>>>>>>
>>>>>> rob
>>>>> This should fix the issue.
>>>>>
>>>>
>>>> Yes, this will fix it (I did a similar fix to work around it) but
>>>> what does it mean if there is no attribute found? Is that possible?
>>>>
>>>> Should we catch it and return a more specific error message instead?
>>>>
>>>> rob
>>>
>>> If it doesn't find the attribute, PROBABLY nothing will happen...
>>>
>>> Fortunately, we don't have to worry about it anymore. I played with
>>> python-ldap a bit today and it seems to have the
>>> convert_attr_synonyms functionality built-in. :)
>>>
>>> Here's a replacement patch.
>>>
>>> Pavel
>>
>> nack. I don't see where python-ldap is replacing it. We weren't seeing
>> it done before were we?
> That's because we were doing it wrong.
>
> We were requesting all attributes ('*') + ACIs ('aci'). After this patch
> we explicitly request all attributes in the new entry (i.e. all
> attributes that are going to be updated) and python-ldap will always
> return them named as they were requested. In other words: If we request
> localityName as l, python-ldap will return it as l, if we request it as
> localityName, python-ldap will return it as localityName.
>
>> Also, we need to request the 'aci' attribute for the aci plugin to work.
> And we do so, because after this patch, we're requesting all attributes
> explicitly.
>
Well, no, you're requesting all attributes in the current entry. The
code looked like this once before and caused the aci plugin to break. I
guess some other change fixed that, things are working as expected.
ack
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20091120/8dfe1c57/attachment.bin>
More information about the Freeipa-devel
mailing list