[Freeipa-devel] [PATCH] Add new pwpolicy plugin based on baseldap classes

[Pavel Zuna]

On 04/27/2010 09:49 PM, Rob Crittenden wrote:
> Pavel Zůna wrote:
>> Don't mind the numbering. This is a completely independent patch.
>>
>> It adds a new pwpolicy plugin based on baseldap.py classes. It has the
>> same functionality as the current pwpolicy plugin, but a more clean
>> and consistent interface, fine grained search capabilities, etc.
>>
>> This is actually an updated version of a patch I released some time
>> ago, but it never got fully reviewed.
>>
>> Pavel
>
> The original pwpolicy module took group policy via the --group option,
> yours takes group as the first argument (if any). My thought on this was
> that at some point someone would want per-user password policy so we
> could add a --user option. If this isn't forseen as needed then using
> the first argument for group is probably easier to grok.
>
> Had a failure:
> $ ./ipa pwpolicy2-mod g1 --priority=2
> ipa: ERROR: an internal error has occurred
>
> File "/home/rcrit/redhat/freeipa-ca/ipalib/plugins/pwpolicy2.py", line
> 99, in pre_callback
> del entry_attrs['cn']
> KeyError: 'cn'
>
> rob
Fixed.

I also noticed another minor bug. When only priority is modified by 
pwpolicy2-mod, the EmptyModlist exception is raised. This is because priority is 
stored in a different entry that is managed by cosentry_* commands and there's 
nothing left to be changed for the policy entry. The command does it's job, but 
reports an error and there is no way to catch it without ugly hacks. I'm going 
to implement a new callback type for baseldap.py classes for the purpose of 
error handling/exception catching.

Pavel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pzuna-freeipa-0003-pwpolicy2.patch
Type: application/mbox
Size: 18949 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20100504/5412071b/attachment.mbox>