[Freeipa-devel] [PATCH] 0159-0162 ID views in compat tree: ACIs, support for shell, gidNumber, and SSH keys

Petr Vobornik pvoborni at redhat.com
Fri Oct 10 14:07:28 UTC 2014 

On 10.10.2014 15:36, Alexander Bokovoy wrote:
> On Fri, 10 Oct 2014, Petr Vobornik wrote:
>> On 10.10.2014 10:39, Alexander Bokovoy wrote:
>>> Hi!
>>>
>>> I'm resending patches 0159 and 0160, and adding two more:
>>>
>>> 0161 -- support user SSH public keys in ID view user overrides
>>> 0162 -- support gidNumber in ID view user override
>>>
>>> SSH public keys to work require support from SSSD and that one is
>>> currently missing. At least, one add/remove the keys to/from the
>>> override objects.
>>>
>>> Compat tree does not support exporting SSH keys. When accessing the tree
>>> anonymously, the entry will be filtered out by ACIs but for
>>> authenticated users we need to explicitly ignore ipaSshPubKey attribute
>>> in the override, so I'm resending updated slapi-nis patch that only
>>> adds one more attribute to filter out.
>>>
>>
>> I'm going to prepare Web UI for, 160, 161, 162.
>>
>> Q: ipaUserOverride object class contains also 'gecos' attribute. Will
>> it be handled be CLI and Web UI as well?
> I'll add another patch for that.
>
>>
>> Comments for these 3 patches:
>>
>> 1. VERSION was not bumped
>>
>> Patch 160:
>> Apart form #1, is OK (not sure if #1 is needed for ACK)
> I wonder if I should bump it in a separate patch that would be the last
> one in the series, to avoid proliferation of API version numbers? :)

IMHO it should be sufficient. Same outcome as if the patches were squashed.

>
>> Patch 161:
>>
>> 2. idoverrideuser_show and _find should have post_callback with
>> convert_sshpubkey_post as well - to be consistent.
>>
>> 3. Add blank line before new methods - both post_callbacks
>>
>> 4. I have created a helper method for adding object classes in patch
>> 761 (currently on review) - add_missing_object_class. Would be nice
>> fit, but also I don't want to block this patch with mine.
>>
>> Patch 162:
>>
>> Is it good to have different CLI option name in this and user plugin
>> for the same attribute: --gid vs --gidnumber ? That said, it's sad
>> that --gid was not used in user plugin since the beginning.
> I'll fix these.
>
-- 
Petr Vobornik

More information about the Freeipa-devel mailing list