[Freeipa-devel] [PATCH] 142 Improve default user/group object class validation

Martin Kosek mkosek at redhat.com
Tue Oct 11 09:47:10 UTC 2011 

On Tue, 2011-10-11 at 12:01 +0300, Alexander Bokovoy wrote:
> On Tue, 11 Oct 2011, Martin Kosek wrote:
> > @@ -212,6 +216,24 @@ class config_mod(LDAPUpdate):
> >                          raise errors.ValidationError(
> >                              name=k, error='attribute "%s" not allowed' % a
> >                          )
> Could you please also (in a separate patch) fix the above and others 
> by adding translations? Other exception messages in 
> plugins/config.py are designed to be used for user interactions but 
> this one is not localized.

Patch based on 142 for config plugin i18n fix attached. I created a
ticket to fix all of these issues in 3.0 branch:

https://fedorahosted.org/freeipa/ticket/1953

> 
> > +
> > +        for (attr, obj) in (('ipauserobjectclasses', 'user'),
> > +                            ('ipagroupobjectclasses', 'group')):
> > +            if attr in entry_attrs:
> > +                objectclasses = entry_attrs[attr] + self.api.Object[obj].possible_objectclasses
> would it make sense to do sort(set(objectclasses)) to get unique list 
> before using it further? Just a thought. get_allowed_attributes() will 
> go to LDAP's schema to consult about the attributes and it seems to me 
> we'd better not to do this multiple times for the same.

I added a list(set()) to remove duplicates, I don't think it is
necessary to sort it.

> 
> > +                new_allowed_attrs = ldap.get_allowed_attributes(objectclasses,
> > +                                        raise_on_unknown=True)
> > +                checked_attrs = self.api.Object[obj].default_attributes
> > +                if self.api.Object[obj].uuid_attribute:
> > +                    checked_attrs.append(self.api.Object[obj].uuid_attribute)
> > +                for obj_attr in self.api.Object[obj].default_attributes:
> Shouldn't this be checked_attrs?
> 

Correct. The previous version worked because .append modified the
original list. Fixed.

Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkosek-142-2-improve-default-user-group-object-class-validation.patch
Type: text/x-patch
Size: 3803 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20111011/3655cf52/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkosek-144-fix-i18n-in-config-plugin.patch
Type: text/x-patch
Size: 1403 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20111011/3655cf52/attachment-0001.bin>

More information about the Freeipa-devel mailing list