[Freeipa-devel] [PATCH] 404 ensure priority is unique
Rob Crittenden
rcritten at redhat.com
Tue Mar 23 18:04:31 UTC 2010
Pavel Zuna wrote:
> Rob Crittenden wrote:
>> Pavel Zůna wrote:
>>> Rob Crittenden wrote:
>>>> Pavel Zuna wrote:
>>>>> Jason Gerard DeRose wrote:
>>>>>> On Fri, 2010-03-12 at 18:01 -0500, Rob Crittenden wrote:
>>>>>>> Ensure that the group policy priority is unique.
>>>>>>>
>>>>>>> We use CoS to determine the order in which group policy is
>>>>>>> applied. The behavior in CoS is undefined for multiple entries
>>>>>>> with the same
>>>>>>> cospriority.
>>>>>>>
>>>>>>> This likely relies on some other outstanding pwpolicy patches.
>>>>>>>
>>>>>>> rob
>>>>>>
>>>>>> ack. pushed to master.
>>>>>>
>>>>> The patch works, but I find the way it checks for priority
>>>>> uniqueness highly ineffective. It pulls out all policies and then
>>>>> retrieves their CoS entries one by one to do the checking. Instead
>>>>> it should just make a search for a CoS entry with the given priority.
>>>>>
>>>>> Pavel
>>>>
>>>> Well, we may need to store the group policy entries in a subtree
>>>> then. All CoS policies are currently dumped into the same place
>>>> making this impossible.
>>> Not necessarily. It's just a matter of tweaking the search filter. We
>>> can search only for CoS entries, that have the krbContainer object
>>> class and their krbPwdReference attribute contains a group DN.
>>
>> Oh right, duh. Yeah, it is even simpler than that as we don't need to
>> look at group dns because only group policy is stored this way.
>>
>> New patch attached.
>>
>> rob
> The patch looks fine, but doesn't apply since the original patch was
> pushed.
>
> Pavel
>
Ok, I just pushed out the diff in unique_priority then.
rob
More information about the Freeipa-devel
mailing list