[Freeipa-devel] [PATCH] 0159-0162 ID views in compat tree: ACIs, support for shell, gidNumber, and SSH keys

[Martin Kosek]

On 10/10/2014 03:12 PM, Petr Vobornik wrote:
> On 10.10.2014 10:39, Alexander Bokovoy wrote:
>> Hi!
>>
>> I'm resending patches 0159 and 0160, and adding two more:
>>
>> 0161 -- support user SSH public keys in ID view user overrides
>> 0162 -- support gidNumber in ID view user override
>>
>> SSH public keys to work require support from SSSD and that one is
>> currently missing. At least, one add/remove the keys to/from the
>> override objects.
>>
>> Compat tree does not support exporting SSH keys. When accessing the tree
>> anonymously, the entry will be filtered out by ACIs but for
>> authenticated users we need to explicitly ignore ipaSshPubKey attribute
>> in the override, so I'm resending updated slapi-nis patch that only
>> adds one more attribute to filter out.
>>
>
> I'm going to prepare Web UI for, 160, 161, 162.
>
> Q: ipaUserOverride object class contains also 'gecos' attribute. Will it be
> handled be CLI and Web UI as well?
>
> Comments for these 3 patches:
>
> 1. VERSION was not bumped
>
> Patch 160:
> Apart form #1, is OK (not sure if #1 is needed for ACK)
>
> Patch 161:
>
> 2. idoverrideuser_show and _find should have post_callback with
> convert_sshpubkey_post as well - to be consistent.
>
> 3. Add blank line before new methods - both post_callbacks
>
> 4. I have created a helper method for adding object classes in patch 761
> (currently on review) - add_missing_object_class. Would be nice fit, but also I
> don't want to block this patch with mine.
>
> Patch 162:
>
> Is it good to have different CLI option name in this and user plugin for the
> same attribute: --gid vs --gidnumber ? That said, it's sad that --gid was not
> used in user plugin since the beginning.
>

Also, we will need to have slapi-nis version in the spec file bumped. I already 
fired a build of slapi-nis to FreeIPA Copr.

Martin