[Freeipa-devel] [PATCH] 0004 User life cycle: support of MODRDN to a new superior

thierry bordaz tbordaz at redhat.com
Sun Apr 12 16:51:09 UTC 2015 

On 04/09/2015 12:42 PM, thierry bordaz wrote:
> On 04/08/2015 03:33 PM, Jan Cholasta wrote:
>> Dne 8.4.2015 v 15:00 thierry bordaz napsal(a):
>>> On 04/08/2015 08:34 AM, Jan Cholasta wrote:
>>>> Hi,
>>>>
>>>> Dne 1.4.2015 v 17:40 thierry bordaz napsal(a):
>>>>> Hello,
>>>>>
>>>>>     In user life cycle, Active entries are moved to Delete 
>>>>> container and
>>>>>     Delete entries can be moved back to Staging container.
>>>>>     This requires a LDAP modrdn with new superior that is not 
>>>>> supported
>>>>>     in ldap2.
>>>>
>>>> Since update_entry_rdn() is used only in one spot in baseldap, I think
>>>> we can merge it and move_entry_newsuperior() into a single method
>>>> move_entry():
>>>>
>>>>     def move_entry(self, dn, new_dn, del_old=True):
>>>>
>>>> We can easily detect whether the superior needs to be updated by
>>>> comparing dn[1:] and new_dn[1:].
>>>
>>> Hello Jan,
>>>
>>> Yes that is a good idea to merge those two methods. They both rely on
>>> modrdn and a single method is enough.
>>
>> Well, I had something like this in mind:
>>
>>     def move_entry(self, dn, new_dn, del_old=True):
>>         assert isinstance(dn, DN)
>>         assert isinstance(new_dn, DN)
>>
>>         if new_dn == dn:
>>             raise errors.EmptyModlist()
>>
>>         new_rdn = new_dn[0]
>>         if new_rdn == dn[0]:
>>             new_rdn = None
>>
>>         new_superior = new_dn[1:]
>>         if new_superior == dn[1:]:
>>             new_superior = None
>>
>>         with self.error_handler():
>>             self.conn.rename_s(dn, new_rdn, new_superior, int(del_old))
>>             time.sleep(.3)  # Give memberOf plugin a chance to work
>>
>> so that you don't have to care if you should change the RDN or the 
>> superior and it just does the right thing.
>>
>>>
>>>>
>>>> Maybe we can also get rid of del_old, if it's always gonna be True in
>>>> our code?
>>>
>>> I think it is better to get this interface as close as possible as the
>>> MODRDN call, so that del_old option will be already available for 
>>> future
>>> usage.
>>> I agree that currently del_old is always true in case of IPA but it
>>> could be the default value.
>>
>> OK, it's not a big piece of code, so I guess we can leave it.
>>
> Thank for the reviews and the help. Here is a new patch.
>
> thierry
>
Hello,

After additional tests, the previous patch was incomplete...

thierry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150412/39701743/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-tbordaz-0004-4-User-life-cycle-allows-MODRDN-from-ldap2.patch
Type: text/x-patch
Size: 3623 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150412/39701743/attachment.bin>

More information about the Freeipa-devel mailing list