[Freeipa-devel] [PATCH] 6 Sort password policy by priority

Rob Crittenden rcritten at redhat.com
Tue Nov 29 19:43:09 UTC 2011 

Ondrej Hamada wrote:
> On 11/29/2011 03:46 PM, Ondrej Hamada wrote:
>> https://fedorahosted.org/freeipa/ticket/2045
>>
>> 'ipa pwpolicy-find' output is now sorted by priority of the policies.
>> Lower position means lower priority. Global policy is then at the bottom.
>>
>> The changes has also affected LDAPSearch class in baseldap.py:
>> LDAPSearch class sorts the search results by primary key be default
>> (which is usually 'cn'). Therefor a function pointer entries_sortfn
>> was added. If no sorting function exists, default sorting by primary key
>> is used.
>>
>> Sorting function had to be introduced due to the fact that pwpolicy's
>> primary
>> key is also it's 'cn' and global policy is not allowed to have any
>> priority.
>>
> forget to attach the patch, sorry :-[
>


Doesn't work with the lite-server due to changing a ReadOnly value. I 
think you have the right idea you just need to assign the sorting 
statically instead of dynamically (it won't change after finalization).

$ ./ipa pwpolicy-add editors --minlife=2 --priority=9

ipa: DEBUG: Created connection context.ldap2
ipa: DEBUG: raw: pwpolicy_add(u'editors', krbminpwdlife=2, 
cospriority=9, all=False, raw=False, version=u'2.15')
ipa: DEBUG: pwpolicy_add(u'editors', krbminpwdlife=2, cospriority=9, 
all=False, raw=False, version=u'2.15')
ipa: DEBUG: raw: cosentry_add(u'editors', 
krbpwdpolicyreference=u'cn=editors,cn=GREYOAK.COM,cn=kerberos,dc=greyoak,dc=com', 
cospriority=9)
ipa: DEBUG: cosentry_add(u'editors', 
krbpwdpolicyreference=u'cn=editors,cn=GREYOAK.COM,cn=kerberos,dc=greyoak,dc=com', 
cospriority=9, all=False, raw=False)
ipa: DEBUG: raw: group_show(u'editors', all=True)
ipa: DEBUG: group_show(u'editors', rights=False, all=True, raw=False)
ipa: DEBUG: raw: cosentry_find(None, cospriority=9)
ipa: DEBUG: cosentry_find(None, cospriority=9, all=False, raw=False, 
pkey_only=False)
ipa: ERROR: non-public: AttributeError: locked: cannot set 
cosentry_find.entries_sortfn to <function <lambda> at 0x7f7abc33ec80>
Traceback (most recent call last):
   File "/home/rcrit/redhat/freeipa-review/ipaserver/rpcserver.py", line 
223, in wsgi_execute
     result = self.Command[name](*args, **options)
   File "/home/rcrit/redhat/freeipa-review/ipalib/frontend.py", line 
438, in __call__
     ret = self.run(*args, **options)
   File "/home/rcrit/redhat/freeipa-review/ipalib/frontend.py", line 
756, in run
     return self.execute(*args, **options)
   File "/home/rcrit/redhat/freeipa-review/ipalib/plugins/baseldap.py", 
line 700, in execute
     ldap, dn, entry_attrs, attrs_list, *keys, **options
   File "/home/rcrit/redhat/freeipa-review/ipalib/plugins/pwpolicy.py", 
line 346, in pre_callback
     cospriority=options.get('cospriority')
   File "/home/rcrit/redhat/freeipa-review/ipalib/frontend.py", line 
438, in __call__
     ret = self.run(*args, **options)
   File "/home/rcrit/redhat/freeipa-review/ipalib/frontend.py", line 
756, in run
     return self.execute(*args, **options)
   File "/home/rcrit/redhat/freeipa-review/ipalib/plugins/baseldap.py", 
line 700, in execute
     ldap, dn, entry_attrs, attrs_list, *keys, **options
   File "/home/rcrit/redhat/freeipa-review/ipalib/plugins/pwpolicy.py", 
line 127, in pre_callback
     self.obj.check_priority_uniqueness(*keys, **options)
   File "/home/rcrit/redhat/freeipa-review/ipalib/plugins/pwpolicy.py", 
line 101, in check_priority_uniqueness
     cospriority=options['cospriority']
   File "/home/rcrit/redhat/freeipa-review/ipalib/frontend.py", line 
438, in __call__
     ret = self.run(*args, **options)
   File "/home/rcrit/redhat/freeipa-review/ipalib/frontend.py", line 
756, in run
     return self.execute(*args, **options)
   File "/home/rcrit/redhat/freeipa-review/ipalib/plugins/baseldap.py", 
line 1620, in execute
     self.entries_sortfn=lambda x,y: 
cmp(x[1][self.obj.primary_key.name][0].lower(), 
y[1][self.obj.primary_key.name][0].lower())
   File "/home/rcrit/redhat/freeipa-review/ipalib/base.py", line 131, in 
__setattr__
     SET_ERROR % (self.__class__.__name__, name, value)
AttributeError: locked: cannot set cosentry_find.entries_sortfn to 
<function <lambda> at 0x7f7abc33ec80>
ipa: INFO: admin at GREYOAK.COM: pwpolicy_add(u'editors', krbminpwdlife=2, 
cospriority=9, all=False, raw=False, version=u'2.15'): AttributeError
ipa: DEBUG: response: InternalError: an internal error has occurred
ipa: DEBUG: Destroyed connection context.ldap2

More information about the Freeipa-devel mailing list