[Freeipa-devel] [PATCH] 734 Add handling for indirect memberof other entries.
Rob Crittenden
rcritten at redhat.com
Mon Feb 21 14:44:49 UTC 2011
Rob Crittenden wrote:
> Jakub Hrozek wrote:
>> On Sat, Feb 19, 2011 at 11:47:45PM -0500, Rob Crittenden wrote:
>>> This creates a new custom attribute, memberofindirect_[plugin].
>>> Using this you can tell the difference between being an actual
>>> memberof another entry and being a memberof as the result if
>>> inheritence. This is particularly useful when trying to remove
>>> members of an entry, you can only remove direct members.
>>>
>>> I had to add a couple of short sleep calls to make things work a
>>> little better. The memberof plugin runs as a postop and we have no
>>> way of knowing when it has done its work. If we don't pause we may
>>> show some stale data that memberof hasn't updated yet. .3 seconds is
>>> an arbitrary choice.
>>>
>>
>> I don't know the DS plugin architecture good enough but there's no
>> callback or anything we can hook to? If the machine swaps or something,
>> we might get incorrect data with the sleep anyway..
>>
>>> The ticket has an excellent test case for this. Similar tests can be
>>> done for users/groups and hosts/hostgroups.
>>>
>>> ticket 966
>>>
>>> rob
>>>
>>
>> The testcase is failing for me:
>> test_group[13]: hostgroup_add: Create u'testhostgroup1' ... FAIL
>> test_group[14]: hostgroup_add: Create u'testhostgroup2' ... FAIL
>>
>> It seems that the objectlasses should be updated:
>> expected = [u'ipaobject', u'ipahostgroup', u'nestedGroup',
>> u'groupOfNames', u'top']
>> got = [u'ipaobject', u'ipahostgroup', u'nestedGroup', u'groupOfNames',
>> u'top', u'mepOriginEntry']
>
> Oh, that's because we create the netgroup now. Strange that I didn't see
> that, I just redid my base install on Thursday. I'll update that and
> give it another go.
>
> rob
Updated patch
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-734-2-indirect.patch
Type: application/mbox
Size: 18995 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20110221/6fa8dfae/attachment.mbox>
More information about the Freeipa-devel
mailing list