[Freeipa-devel] [PATCH] 067 A new flag to disable creation of UPG

Rob Crittenden rcritten at redhat.com
Tue May 24 16:09:49 UTC 2011 

Rob Crittenden wrote:
> Martin Kosek wrote:
>> On Mon, 2011-05-23 at 17:32 -0400, Rob Crittenden wrote:
>>> Martin Kosek wrote:
>>>> On Fri, 2011-05-20 at 10:58 -0400, Rob Crittenden wrote:
>>>>> Rob Crittenden wrote:
>>>>>> Martin Kosek wrote:
>>>>>>> On Mon, 2011-05-16 at 22:12 -0400, Rob Crittenden wrote:
>>>>>>>> Martin Kosek wrote:
>>>>>>>>> This patch is based on old Pavel's patch.
>>>>>>>>>
>>>>>>>>> I am considering applying the patch for master branch only as it
>>>>>>>>> changes
>>>>>>>>> an API (adds a new flag) and is a sort of new-functionality-ish.
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Automatic creation may of User Private Groups (UPG) may not be
>>>>>>>>> wanted at all times. This patch adds a new flag --noprivate to
>>>>>>>>> ipa user-add command to disable it.
>>>>>>>>>
>>>>>>>>> https://fedorahosted.org/freeipa/ticket/1131
>>>>>>>>
>>>>>>>> Nack, setattr and addattr are removed from API.txt. I'm guessing
>>>>>>>> it's a
>>>>>>>> side-effect of some change here.
>>>>>>>>
>>>>>>>> The approach generally looks good.
>>>>>>>>
>>>>>>>> rob
>>>>>>>
>>>>>>> You are right, this was a side-effect in user.py. I fixed the
>>>>>>> problem,
>>>>>>> updated patch is attached.
>>>>>>>
>>>>>>> Martin
>>>>>>
>>>>>> This looks good, just a couple of requests:
>>>>>>
>>>>>> 1. Bump the minor API version since we are adding a new flag
>>>>>> 2. Add a self-test for not creating a private group
>>>>>>
>>>>>> rob
>>>>>
>>>>> Oh, and looking back at the user I create it still has the UPG
>>>>> magic in
>>>>> the description attribute.
>>>>>
>>>>> rob
>>>>
>>>> Thanks for careful review, I missed this bug in the original patch. UPG
>>>> magic has been removed from the description and a test checking all
>>>> this
>>>> has been added.
>>>>
>>>> Martin
>>>
>>> I'm getting this on output, not sure if it is a bug in my tree or not:
>>>
>>> # ipa user-add --first=tim --last=user tuser3 --all --noprivate
>>> -------------------
>>> Added user "tuser3"
>>> -------------------
>>> dn: uid=tuser3,cn=users,cn=accounts,dc=greyoak,dc=com
>>> User login: tuser3
>>> First name: tim
>>> Last name: user
>>> Full name: tim user
>>> Display name: tim user
>>> Initials: tu
>>> Home directory: /home/tuser3
>>> GECOS field: tim user
>>> Login shell: /bin/sh
>>> Kerberos principal: tuser3 at GREYOAK.COM
>>> UID: 204000006
>>> GID: 204000001
>>> ipa: ERROR: IndexError: tuple index out of range
>>> Traceback (most recent call last):
>>> File "/usr/lib/python2.7/site-packages/ipalib/cli.py", line 1103, in run
>>> sys.exit(api.Backend.cli.run(argv))
>>> File "/usr/lib/python2.7/site-packages/ipalib/cli.py", line 930, in run
>>> rv = cmd.output_for_cli(self.api.Backend.textui, result, *args,
>>> **options)
>>> File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 956,
>>> in output_for_cli
>>> textui.print_entry(result, order, labels, flags, print_all)
>>> File "/usr/lib/python2.7/site-packages/ipalib/cli.py", line 388, in
>>> print_entry
>>> if type(entry[key]) in (tuple, list) and isinstance(entry[key][0],
>>> dict):
>>> IndexError: tuple index out of range
>>> ipa: ERROR: an internal error has occurred
>>>
>>> Otherwise things look ok.
>>>
>>> rob
>>
>> Hmm, that's strange. Doesn't happen for me:
>>
>> $ ipa user-add --first=tim --last=user tuser3 --all --noprivate
>> -------------------
>> Added user "tuser3"
>> -------------------
>> dn: uid=tuser3,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
>> User login: tuser3
>> First name: tim
>> Last name: user
>> Full name: tim user
>> Display name: tim user
>> Initials: tu
>> Home directory: /home/tuser3
>> GECOS field: tim user
>> Login shell: /bin/sh
>> Kerberos principal: tuser3 at IDM.LAB.BOS.REDHAT.COM
>> UID: 557200036
>> GID: 557200001
>> ipauniqueid: 07b2864e-85e1-11e0-957d-00163e0605ff
>> krbpwdpolicyreference:
>> cn=global_policy,cn=IDM.LAB.BOS.REDHAT.COM,cn=kerberos,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
>>
>> objectclass: top, person, organizationalperson, inetorgperson,
>> inetuser, posixaccount,
>> krbprincipalaux, krbticketpolicyaux, ipaobject
>>
>>
>> Can you please try again with a clean tree and only my patch applied?
>
> Sure, I'll give it a fresh look this morning.

Tried with a fresh tree, looks good.

ack

rob

More information about the Freeipa-devel mailing list