[Freeipa-devel] [PATCH] 734 Add handling for indirect memberof other entries.

Rob Crittenden rcritten at redhat.com
Mon Feb 21 16:22:11 UTC 2011 

Jakub Hrozek wrote:
> On Mon, Feb 21, 2011 at 09:44:49AM -0500, Rob Crittenden wrote:
>> Rob Crittenden wrote:
>>> Jakub Hrozek wrote:
>>>> On Sat, Feb 19, 2011 at 11:47:45PM -0500, Rob Crittenden wrote:
>>>>> This creates a new custom attribute, memberofindirect_[plugin].
>>>>> Using this you can tell the difference between being an actual
>>>>> memberof another entry and being a memberof as the result if
>>>>> inheritence. This is particularly useful when trying to remove
>>>>> members of an entry, you can only remove direct members.
>>>>>
>>>>> I had to add a couple of short sleep calls to make things work a
>>>>> little better. The memberof plugin runs as a postop and we have no
>>>>> way of knowing when it has done its work. If we don't pause we may
>>>>> show some stale data that memberof hasn't updated yet. .3 seconds is
>>>>> an arbitrary choice.
>>>>>
>>>>
>>>> I don't know the DS plugin architecture good enough but there's no
>>>> callback or anything we can hook to? If the machine swaps or something,
>>>> we might get incorrect data with the sleep anyway..
>>>>
>>>>> The ticket has an excellent test case for this. Similar tests can be
>>>>> done for users/groups and hosts/hostgroups.
>>>>>
>>>>> ticket 966
>>>>>
>>>>> rob
>>>>>
>>>>
>>>> The testcase is failing for me:
>>>> test_group[13]: hostgroup_add: Create u'testhostgroup1' ... FAIL
>>>> test_group[14]: hostgroup_add: Create u'testhostgroup2' ... FAIL
>>>>
>>>> It seems that the objectlasses should be updated:
>>>> expected = [u'ipaobject', u'ipahostgroup', u'nestedGroup',
>>>> u'groupOfNames', u'top']
>>>> got = [u'ipaobject', u'ipahostgroup', u'nestedGroup', u'groupOfNames',
>>>> u'top', u'mepOriginEntry']
>>>
>>> Oh, that's because we create the netgroup now. Strange that I didn't see
>>> that, I just redid my base install on Thursday. I'll update that and
>>> give it another go.
>>>
>>> rob
>>
>> Updated patch
>>
>> rob
>
> Strangely enough, I had to do a slight modification to make the test
> pass:
>
>   hostgroup = [
> -    u'mepOriginEntry',
>       u'ipaobject',
>       u'ipahostgroup',
>       u'nestedGroup',
>       u'groupOfNames',
>       u'top',
> +    u'mepOriginEntry',
>   ]
>
> I thought that the comparison wouldn't take order into account..

The list checking does currently assume the same order.

>
> Other than that, ack

Ok, re-ordered and pushed.

rob

More information about the Freeipa-devel mailing list