[Freeipa-devel] [PATCH] 404 ensure priority is unique
Pavel Zuna
pzuna at redhat.com
Tue Mar 23 14:34:03 UTC 2010
Rob Crittenden wrote:
> Pavel Zůna wrote:
>> Rob Crittenden wrote:
>>> Pavel Zuna wrote:
>>>> Jason Gerard DeRose wrote:
>>>>> On Fri, 2010-03-12 at 18:01 -0500, Rob Crittenden wrote:
>>>>>> Ensure that the group policy priority is unique.
>>>>>>
>>>>>> We use CoS to determine the order in which group policy is
>>>>>> applied. The behavior in CoS is undefined for multiple entries
>>>>>> with the same
>>>>>> cospriority.
>>>>>>
>>>>>> This likely relies on some other outstanding pwpolicy patches.
>>>>>>
>>>>>> rob
>>>>>
>>>>> ack. pushed to master.
>>>>>
>>>> The patch works, but I find the way it checks for priority
>>>> uniqueness highly ineffective. It pulls out all policies and then
>>>> retrieves their CoS entries one by one to do the checking. Instead
>>>> it should just make a search for a CoS entry with the given priority.
>>>>
>>>> Pavel
>>>
>>> Well, we may need to store the group policy entries in a subtree
>>> then. All CoS policies are currently dumped into the same place
>>> making this impossible.
>> Not necessarily. It's just a matter of tweaking the search filter. We
>> can search only for CoS entries, that have the krbContainer object
>> class and their krbPwdReference attribute contains a group DN.
>
> Oh right, duh. Yeah, it is even simpler than that as we don't need to
> look at group dns because only group policy is stored this way.
>
> New patch attached.
>
> rob
The patch looks fine, but doesn't apply since the original patch was pushed.
Pavel
More information about the Freeipa-devel
mailing list