[Freeipa-devel] [PATCH] 067 A new flag to disable creation of UPG

Martin Kosek mkosek at redhat.com
Tue May 24 08:42:42 UTC 2011 

On Mon, 2011-05-23 at 17:32 -0400, Rob Crittenden wrote:
> Martin Kosek wrote:
> > On Fri, 2011-05-20 at 10:58 -0400, Rob Crittenden wrote:
> >> Rob Crittenden wrote:
> >>> Martin Kosek wrote:
> >>>> On Mon, 2011-05-16 at 22:12 -0400, Rob Crittenden wrote:
> >>>>> Martin Kosek wrote:
> >>>>>> This patch is based on old Pavel's patch.
> >>>>>>
> >>>>>> I am considering applying the patch for master branch only as it
> >>>>>> changes
> >>>>>> an API (adds a new flag) and is a sort of new-functionality-ish.
> >>>>>>
> >>>>>> --
> >>>>>> Automatic creation may of User Private Groups (UPG) may not be
> >>>>>> wanted at all times. This patch adds a new flag --noprivate to
> >>>>>> ipa user-add command to disable it.
> >>>>>>
> >>>>>> https://fedorahosted.org/freeipa/ticket/1131
> >>>>>
> >>>>> Nack, setattr and addattr are removed from API.txt. I'm guessing it's a
> >>>>> side-effect of some change here.
> >>>>>
> >>>>> The approach generally looks good.
> >>>>>
> >>>>> rob
> >>>>
> >>>> You are right, this was a side-effect in user.py. I fixed the problem,
> >>>> updated patch is attached.
> >>>>
> >>>> Martin
> >>>
> >>> This looks good, just a couple of requests:
> >>>
> >>> 1. Bump the minor API version since we are adding a new flag
> >>> 2. Add a self-test for not creating a private group
> >>>
> >>> rob
> >>
> >> Oh, and looking back at the user I create it still has the UPG magic in
> >> the description attribute.
> >>
> >> rob
> >
> > Thanks for careful review, I missed this bug in the original patch. UPG
> > magic has been removed from the description and a test checking all this
> > has been added.
> >
> > Martin
> 
> I'm getting this on output, not sure if it is a bug in my tree or not:
> 
> # ipa user-add --first=tim --last=user tuser3 --all --noprivate
> -------------------
> Added user "tuser3"
> -------------------
>    dn: uid=tuser3,cn=users,cn=accounts,dc=greyoak,dc=com
>    User login: tuser3
>    First name: tim
>    Last name: user
>    Full name: tim user
>    Display name: tim user
>    Initials: tu
>    Home directory: /home/tuser3
>    GECOS field: tim user
>    Login shell: /bin/sh
>    Kerberos principal: tuser3 at GREYOAK.COM
>    UID: 204000006
>    GID: 204000001
> ipa: ERROR: IndexError: tuple index out of range
> Traceback (most recent call last):
>    File "/usr/lib/python2.7/site-packages/ipalib/cli.py", line 1103, in run
>      sys.exit(api.Backend.cli.run(argv))
>    File "/usr/lib/python2.7/site-packages/ipalib/cli.py", line 930, in run
>      rv = cmd.output_for_cli(self.api.Backend.textui, result, *args, 
> **options)
>    File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 956, 
> in output_for_cli
>      textui.print_entry(result, order, labels, flags, print_all)
>    File "/usr/lib/python2.7/site-packages/ipalib/cli.py", line 388, in 
> print_entry
>      if type(entry[key]) in (tuple, list) and isinstance(entry[key][0], 
> dict):
> IndexError: tuple index out of range
> ipa: ERROR: an internal error has occurred
> 
> Otherwise things look ok.
> 
> rob

Hmm, that's strange. Doesn't happen for me:

$ ipa user-add --first=tim --last=user tuser3 --all --noprivate
-------------------
Added user "tuser3"
-------------------
  dn: uid=tuser3,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
  User login: tuser3
  First name: tim
  Last name: user
  Full name: tim user
  Display name: tim user
  Initials: tu
  Home directory: /home/tuser3
  GECOS field: tim user
  Login shell: /bin/sh
  Kerberos principal: tuser3 at IDM.LAB.BOS.REDHAT.COM
  UID: 557200036
  GID: 557200001
  ipauniqueid: 07b2864e-85e1-11e0-957d-00163e0605ff
  krbpwdpolicyreference: cn=global_policy,cn=IDM.LAB.BOS.REDHAT.COM,cn=kerberos,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
  objectclass: top, person, organizationalperson, inetorgperson, inetuser, posixaccount,
               krbprincipalaux, krbticketpolicyaux, ipaobject


Can you please try again with a clean tree and only my patch applied?

I have a one more question. Bumping minor API version makes the client
incompatible and it fails to operate. Is this OK? I thought it would be
incompatible only when a major version changes:

$ ipa user-add --first=tim --last=user tuser3 --all --noprivate
ipa: ERROR: 2.2 client incompatible with 2.1 server at u'https://vm-027.idm.lab.bos.redhat.com/ipa/xml'

Martin

More information about the Freeipa-devel mailing list