[Freeipa-devel] [PATCH] 6 Sort password policy by priority

Ondrej Hamada ohamada at redhat.com
Fri Dec 2 13:25:30 UTC 2011 

On 11/29/2011 08:43 PM, Rob Crittenden wrote:
> Ondrej Hamada wrote:
>> On 11/29/2011 03:46 PM, Ondrej Hamada wrote:
>>> https://fedorahosted.org/freeipa/ticket/2045
>>>
>>> 'ipa pwpolicy-find' output is now sorted by priority of the policies.
>>> Lower position means lower priority. Global policy is then at the 
>>> bottom.
>>>
>>> The changes has also affected LDAPSearch class in baseldap.py:
>>> LDAPSearch class sorts the search results by primary key be default
>>> (which is usually 'cn'). Therefor a function pointer entries_sortfn
>>> was added. If no sorting function exists, default sorting by primary 
>>> key
>>> is used.
>>>
>>> Sorting function had to be introduced due to the fact that pwpolicy's
>>> primary
>>> key is also it's 'cn' and global policy is not allowed to have any
>>> priority.
>>>
>> forget to attach the patch, sorry :-[
>>
>
>
> Doesn't work with the lite-server due to changing a ReadOnly value. I 
> think you have the right idea you just need to assign the sorting 
> statically instead of dynamically (it won't change after finalization).
>
> $ ./ipa pwpolicy-add editors --minlife=2 --priority=9
>
> ipa: DEBUG: Created connection context.ldap2
> ipa: DEBUG: raw: pwpolicy_add(u'editors', krbminpwdlife=2, 
> cospriority=9, all=False, raw=False, version=u'2.15')
> ipa: DEBUG: pwpolicy_add(u'editors', krbminpwdlife=2, cospriority=9, 
> all=False, raw=False, version=u'2.15')
> ipa: DEBUG: raw: cosentry_add(u'editors', 
> krbpwdpolicyreference=u'cn=editors,cn=GREYOAK.COM,cn=kerberos,dc=greyoak,dc=com', 
> cospriority=9)
> ipa: DEBUG: cosentry_add(u'editors', 
> krbpwdpolicyreference=u'cn=editors,cn=GREYOAK.COM,cn=kerberos,dc=greyoak,dc=com', 
> cospriority=9, all=False, raw=False)
> ipa: DEBUG: raw: group_show(u'editors', all=True)
> ipa: DEBUG: group_show(u'editors', rights=False, all=True, raw=False)
> ipa: DEBUG: raw: cosentry_find(None, cospriority=9)
> ipa: DEBUG: cosentry_find(None, cospriority=9, all=False, raw=False, 
> pkey_only=False)
> ipa: ERROR: non-public: AttributeError: locked: cannot set 
> cosentry_find.entries_sortfn to <function <lambda> at 0x7f7abc33ec80>
> Traceback (most recent call last):
>   File "/home/rcrit/redhat/freeipa-review/ipaserver/rpcserver.py", 
> line 223, in wsgi_execute
>     result = self.Command[name](*args, **options)
>   File "/home/rcrit/redhat/freeipa-review/ipalib/frontend.py", line 
> 438, in __call__
>     ret = self.run(*args, **options)
>   File "/home/rcrit/redhat/freeipa-review/ipalib/frontend.py", line 
> 756, in run
>     return self.execute(*args, **options)
>   File "/home/rcrit/redhat/freeipa-review/ipalib/plugins/baseldap.py", 
> line 700, in execute
>     ldap, dn, entry_attrs, attrs_list, *keys, **options
>   File "/home/rcrit/redhat/freeipa-review/ipalib/plugins/pwpolicy.py", 
> line 346, in pre_callback
>     cospriority=options.get('cospriority')
>   File "/home/rcrit/redhat/freeipa-review/ipalib/frontend.py", line 
> 438, in __call__
>     ret = self.run(*args, **options)
>   File "/home/rcrit/redhat/freeipa-review/ipalib/frontend.py", line 
> 756, in run
>     return self.execute(*args, **options)
>   File "/home/rcrit/redhat/freeipa-review/ipalib/plugins/baseldap.py", 
> line 700, in execute
>     ldap, dn, entry_attrs, attrs_list, *keys, **options
>   File "/home/rcrit/redhat/freeipa-review/ipalib/plugins/pwpolicy.py", 
> line 127, in pre_callback
>     self.obj.check_priority_uniqueness(*keys, **options)
>   File "/home/rcrit/redhat/freeipa-review/ipalib/plugins/pwpolicy.py", 
> line 101, in check_priority_uniqueness
>     cospriority=options['cospriority']
>   File "/home/rcrit/redhat/freeipa-review/ipalib/frontend.py", line 
> 438, in __call__
>     ret = self.run(*args, **options)
>   File "/home/rcrit/redhat/freeipa-review/ipalib/frontend.py", line 
> 756, in run
>     return self.execute(*args, **options)
>   File "/home/rcrit/redhat/freeipa-review/ipalib/plugins/baseldap.py", 
> line 1620, in execute
>     self.entries_sortfn=lambda x,y: 
> cmp(x[1][self.obj.primary_key.name][0].lower(), 
> y[1][self.obj.primary_key.name][0].lower())
>   File "/home/rcrit/redhat/freeipa-review/ipalib/base.py", line 131, 
> in __setattr__
>     SET_ERROR % (self.__class__.__name__, name, value)
> AttributeError: locked: cannot set cosentry_find.entries_sortfn to 
> <function <lambda> at 0x7f7abc33ec80>
> ipa: INFO: admin at GREYOAK.COM: pwpolicy_add(u'editors', 
> krbminpwdlife=2, cospriority=9, all=False, raw=False, 
> version=u'2.15'): AttributeError
> ipa: DEBUG: response: InternalError: an internal error has occurred
> ipa: DEBUG: Destroyed connection context.ldap2
>
corrected, patch attached

-- 
Regards,

Ondrej Hamada
FreeIPA team
jabber: ohama at jabbim.cz
IRC: ohamada

-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-ohamada-6-2-Sort-password-policy-by-priority.patch
Type: text/x-patch
Size: 3391 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20111202/61a351ac/attachment.bin>

More information about the Freeipa-devel mailing list