[Freeipa-devel] [PATCH] 0159-0162 ID views in compat tree: ACIs, support for shell, gidNumber, and SSH keys
Petr Vobornik
pvoborni at redhat.com
Fri Oct 10 13:12:18 UTC 2014
On 10.10.2014 10:39, Alexander Bokovoy wrote:
> Hi!
>
> I'm resending patches 0159 and 0160, and adding two more:
>
> 0161 -- support user SSH public keys in ID view user overrides
> 0162 -- support gidNumber in ID view user override
>
> SSH public keys to work require support from SSSD and that one is
> currently missing. At least, one add/remove the keys to/from the
> override objects.
>
> Compat tree does not support exporting SSH keys. When accessing the tree
> anonymously, the entry will be filtered out by ACIs but for
> authenticated users we need to explicitly ignore ipaSshPubKey attribute
> in the override, so I'm resending updated slapi-nis patch that only
> adds one more attribute to filter out.
>
I'm going to prepare Web UI for, 160, 161, 162.
Q: ipaUserOverride object class contains also 'gecos' attribute. Will it
be handled be CLI and Web UI as well?
Comments for these 3 patches:
1. VERSION was not bumped
Patch 160:
Apart form #1, is OK (not sure if #1 is needed for ACK)
Patch 161:
2. idoverrideuser_show and _find should have post_callback with
convert_sshpubkey_post as well - to be consistent.
3. Add blank line before new methods - both post_callbacks
4. I have created a helper method for adding object classes in patch
761 (currently on review) - add_missing_object_class. Would be nice fit,
but also I don't want to block this patch with mine.
Patch 162:
Is it good to have different CLI option name in this and user plugin for
the same attribute: --gid vs --gidnumber ? That said, it's sad that
--gid was not used in user plugin since the beginning.
--
Petr Vobornik
More information about the Freeipa-devel
mailing list