[Freeipa-devel] [PATCH] 734 Add handling for indirect memberof other entries.
Rob Crittenden
rcritten at redhat.com
Mon Feb 21 13:53:40 UTC 2011
Jakub Hrozek wrote:
> On Sat, Feb 19, 2011 at 11:47:45PM -0500, Rob Crittenden wrote:
>> This creates a new custom attribute, memberofindirect_[plugin].
>> Using this you can tell the difference between being an actual
>> memberof another entry and being a memberof as the result if
>> inheritence. This is particularly useful when trying to remove
>> members of an entry, you can only remove direct members.
>>
>> I had to add a couple of short sleep calls to make things work a
>> little better. The memberof plugin runs as a postop and we have no
>> way of knowing when it has done its work. If we don't pause we may
>> show some stale data that memberof hasn't updated yet. .3 seconds is
>> an arbitrary choice.
>>
>
> I don't know the DS plugin architecture good enough but there's no
> callback or anything we can hook to? If the machine swaps or something,
> we might get incorrect data with the sleep anyway..
>
>> The ticket has an excellent test case for this. Similar tests can be
>> done for users/groups and hosts/hostgroups.
>>
>> ticket 966
>>
>> rob
>>
>
> The testcase is failing for me:
> test_group[13]: hostgroup_add: Create u'testhostgroup1' ... FAIL
> test_group[14]: hostgroup_add: Create u'testhostgroup2' ... FAIL
>
> It seems that the objectlasses should be updated:
> expected = [u'ipaobject', u'ipahostgroup', u'nestedGroup', u'groupOfNames', u'top']
> got = [u'ipaobject', u'ipahostgroup', u'nestedGroup', u'groupOfNames', u'top', u'mepOriginEntry']
Oh, that's because we create the netgroup now. Strange that I didn't see
that, I just redid my base install on Thursday. I'll update that and
give it another go.
rob
More information about the Freeipa-devel
mailing list