[Freeipa-devel] [PATCH] 593 fix group objectclasses on detach
Jakub Hrozek
jhrozek at redhat.com
Fri Nov 19 15:21:14 UTC 2010
On Thu, Nov 18, 2010 at 05:37:52PM -0500, Rob Crittenden wrote:
> Rob Crittenden wrote:
> >Jakub Hrozek wrote:
> >>On Mon, Nov 01, 2010 at 12:08:36PM -0400, Rob Crittenden wrote:
> >>>Make sure a detached group has the default list of objectclasses.
> >>>ipaUniqueId is handled by the new uuid plugin.
> >>>
> >>>https://fedorahosted.org/freeipa/ticket/250
> >>>
> >>>rob
> >>
> >>I haven't fully tested the patch yet, but this caught my attention:
> >>
> >>>+ (group_dn, group_attrs) = ldap.get_entry(group_dn)
> >>>+ is_managed = self.obj.has_objectclass(group_attrs['objectclass'], '')
> >>
> >>I think that is_managed is guaranteed to be False in this case, since
> >>has_objectclass would do:
> >>
> >>return '' in group_attrs['objectclass']
> >
> >Gah! Good catch, that should be mepManagedBy. Can you fix this and
> >continue testing?
> >
> >rob
>
> I rebased this and fix this error (I rebased it with patches 604 and
> 607 on my tree in case that makes a difference).
>
> To test this do:
>
> # ipa user-add --first=Tim --last=User tuser
> # ipa group-show tuser --all
> [ note the objectclasses ]
> # ipa group-detach tuser
> # ipa group-show --all tuser
>
> It should now be a full POSIX group with a ipaUniqueId and a full
> set of objectclass. You should be able to add a user to it.
>
> # ipa group-add-member --users=tuser tuser
>
> rob
Ack (before applying and pushing please note that as Rob notes above,
this must be applied on top of his patches 604 and 607)
Jakub
More information about the Freeipa-devel
mailing list