[Freeipa-devel] [PATCH] 0159-0162 ID views in compat tree: ACIs, support for shell, gidNumber, and SSH keys

Petr Vobornik pvoborni at redhat.com
Fri Oct 10 15:42:19 UTC 2014 

On 10.10.2014 16:38, Alexander Bokovoy wrote:
> On Fri, 10 Oct 2014, Petr Vobornik wrote:
>> On 10.10.2014 15:36, Alexander Bokovoy wrote:
>>> On Fri, 10 Oct 2014, Petr Vobornik wrote:
>>>> On 10.10.2014 10:39, Alexander Bokovoy wrote:
>>>>> Hi!
>>>>>
>>>>> I'm resending patches 0159 and 0160, and adding two more:
>>>>>
>>>>> 0161 -- support user SSH public keys in ID view user overrides
>>>>> 0162 -- support gidNumber in ID view user override
>>>>>
>>>>> SSH public keys to work require support from SSSD and that one is
>>>>> currently missing. At least, one add/remove the keys to/from the
>>>>> override objects.
>>>>>
>>>>> Compat tree does not support exporting SSH keys. When accessing the
>>>>> tree
>>>>> anonymously, the entry will be filtered out by ACIs but for
>>>>> authenticated users we need to explicitly ignore ipaSshPubKey
>>>>> attribute
>>>>> in the override, so I'm resending updated slapi-nis patch that only
>>>>> adds one more attribute to filter out.
>>>>>
>>>>
>>>> I'm going to prepare Web UI for, 160, 161, 162.
>>>>
>>>> Q: ipaUserOverride object class contains also 'gecos' attribute. Will
>>>> it be handled be CLI and Web UI as well?
>>> I'll add another patch for that.
>>>
>>>>
>>>> Comments for these 3 patches:
>>>>
>>>> 1. VERSION was not bumped
>>>>
>>>> Patch 160:
>>>> Apart form #1, is OK (not sure if #1 is needed for ACK)
>>> I wonder if I should bump it in a separate patch that would be the last
>>> one in the series, to avoid proliferation of API version numbers? :)
>>
>> IMHO it should be sufficient. Same outcome as if the patches were
>> squashed.
> Yep.
>
> One more update for patch 0161, Petr noticed we need to call super
> post_callback() too.
>

idoverrideuser_find callback causes internal error. I've attached new 
version of the patch which fixes it. Basically it's this change:

diff --git a/ipalib/plugins/idviews.py b/ipalib/plugins/idviews.py
index 25b9bcf..bfa8675 100644
--- a/ipalib/plugins/idviews.py
+++ b/ipalib/plugins/idviews.py
@@ -831,11 +831,12 @@ class idoverrideuser_find(baseidoverride_find):
      msg_summary = ngettext('%(count)d User ID override matched',
                             '%(count)d User ID overrides matched', 0)

-    def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
-        dn = super(idoverrideuser_find, self).post_callback(ldap, dn,
-                 entry_attrs, *keys, **options)
-        convert_sshpubkey_post(ldap, dn, entry_attrs)
-        return dn
+    def post_callback(self, ldap, entries, truncated, *args, **options):
+        truncated = super(idoverrideuser_find, self).post_callback(
+            ldap, entries, truncated, *args, **options)
+        for entry in entries:
+            convert_sshpubkey_post(ldap, entry.dn, entry)
+        return truncated

If you are OK with it, then ACK for patches 160, 161-3, 162-1, 164 and 165.

Patch 159 should be reviewed by somebody more versed in Compat tree. 
Btw. 10-schema_compat.update contains whitespace warning(git am) - 
additional blank line at the end of file.
-- 
Petr Vobornik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-abbra-0161-Allow-user-overrides-to-specify-SSH-public-keys-3.patch
Type: text/x-patch
Size: 7372 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20141010/b960cfb8/attachment.bin>

More information about the Freeipa-devel mailing list