[Freeipa-devel] [PATCH] 067 A new flag to disable creation of UPG

Martin Kosek mkosek at redhat.com
Wed May 25 06:41:38 UTC 2011 

On Tue, 2011-05-24 at 12:09 -0400, Rob Crittenden wrote:
> Rob Crittenden wrote:
> > Martin Kosek wrote:
> >> On Mon, 2011-05-23 at 17:32 -0400, Rob Crittenden wrote:
> >>> Martin Kosek wrote:
> >>>> On Fri, 2011-05-20 at 10:58 -0400, Rob Crittenden wrote:
> >>>>> Rob Crittenden wrote:
> >>>>>> Martin Kosek wrote:
> >>>>>>> On Mon, 2011-05-16 at 22:12 -0400, Rob Crittenden wrote:
> >>>>>>>> Martin Kosek wrote:
> >>>>>>>>> This patch is based on old Pavel's patch.
> >>>>>>>>>
> >>>>>>>>> I am considering applying the patch for master branch only as it
> >>>>>>>>> changes
> >>>>>>>>> an API (adds a new flag) and is a sort of new-functionality-ish.
> >>>>>>>>>
> >>>>>>>>> --
> >>>>>>>>> Automatic creation may of User Private Groups (UPG) may not be
> >>>>>>>>> wanted at all times. This patch adds a new flag --noprivate to
> >>>>>>>>> ipa user-add command to disable it.
> >>>>>>>>>
> >>>>>>>>> https://fedorahosted.org/freeipa/ticket/1131
> >>>>>>>>
> >>>>>>>> Nack, setattr and addattr are removed from API.txt. I'm guessing
> >>>>>>>> it's a
> >>>>>>>> side-effect of some change here.
> >>>>>>>>
> >>>>>>>> The approach generally looks good.
> >>>>>>>>
> >>>>>>>> rob
> >>>>>>>
> >>>>>>> You are right, this was a side-effect in user.py. I fixed the
> >>>>>>> problem,
> >>>>>>> updated patch is attached.
> >>>>>>>
> >>>>>>> Martin
> >>>>>>
> >>>>>> This looks good, just a couple of requests:
> >>>>>>
> >>>>>> 1. Bump the minor API version since we are adding a new flag
> >>>>>> 2. Add a self-test for not creating a private group
> >>>>>>
> >>>>>> rob
> >>>>>
> >>>>> Oh, and looking back at the user I create it still has the UPG
> >>>>> magic in
> >>>>> the description attribute.
> >>>>>
> >>>>> rob
> >>>>
> >>>> Thanks for careful review, I missed this bug in the original patch. UPG
> >>>> magic has been removed from the description and a test checking all
> >>>> this
> >>>> has been added.
> >>>>
> >>>> Martin
> >>>
> >>> I'm getting this on output, not sure if it is a bug in my tree or not:
> >>>
> >>> # ipa user-add --first=tim --last=user tuser3 --all --noprivate
> >>> -------------------
> >>> Added user "tuser3"
> >>> -------------------
> >>> dn: uid=tuser3,cn=users,cn=accounts,dc=greyoak,dc=com
> >>> User login: tuser3
> >>> First name: tim
> >>> Last name: user
> >>> Full name: tim user
> >>> Display name: tim user
> >>> Initials: tu
> >>> Home directory: /home/tuser3
> >>> GECOS field: tim user
> >>> Login shell: /bin/sh
> >>> Kerberos principal: tuser3 at GREYOAK.COM
> >>> UID: 204000006
> >>> GID: 204000001
> >>> ipa: ERROR: IndexError: tuple index out of range
> >>> Traceback (most recent call last):
> >>> File "/usr/lib/python2.7/site-packages/ipalib/cli.py", line 1103, in run
> >>> sys.exit(api.Backend.cli.run(argv))
> >>> File "/usr/lib/python2.7/site-packages/ipalib/cli.py", line 930, in run
> >>> rv = cmd.output_for_cli(self.api.Backend.textui, result, *args,
> >>> **options)
> >>> File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 956,
> >>> in output_for_cli
> >>> textui.print_entry(result, order, labels, flags, print_all)
> >>> File "/usr/lib/python2.7/site-packages/ipalib/cli.py", line 388, in
> >>> print_entry
> >>> if type(entry[key]) in (tuple, list) and isinstance(entry[key][0],
> >>> dict):
> >>> IndexError: tuple index out of range
> >>> ipa: ERROR: an internal error has occurred
> >>>
> >>> Otherwise things look ok.
> >>>
> >>> rob
> >>
> >> Hmm, that's strange. Doesn't happen for me:
> >>
> >> $ ipa user-add --first=tim --last=user tuser3 --all --noprivate
> >> -------------------
> >> Added user "tuser3"
> >> -------------------
> >> dn: uid=tuser3,cn=users,cn=accounts,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
> >> User login: tuser3
> >> First name: tim
> >> Last name: user
> >> Full name: tim user
> >> Display name: tim user
> >> Initials: tu
> >> Home directory: /home/tuser3
> >> GECOS field: tim user
> >> Login shell: /bin/sh
> >> Kerberos principal: tuser3 at IDM.LAB.BOS.REDHAT.COM
> >> UID: 557200036
> >> GID: 557200001
> >> ipauniqueid: 07b2864e-85e1-11e0-957d-00163e0605ff
> >> krbpwdpolicyreference:
> >> cn=global_policy,cn=IDM.LAB.BOS.REDHAT.COM,cn=kerberos,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
> >>
> >> objectclass: top, person, organizationalperson, inetorgperson,
> >> inetuser, posixaccount,
> >> krbprincipalaux, krbticketpolicyaux, ipaobject
> >>
> >>
> >> Can you please try again with a clean tree and only my patch applied?
> >
> > Sure, I'll give it a fresh look this morning.
> 
> Tried with a fresh tree, looks good.
> 
> ack
> 
> rob

Pushed to master only.

Martin

More information about the Freeipa-devel mailing list