[Freeipa-devel] ipapwd_extop vs password_extop
thierry bordaz
tbordaz at redhat.com
Tue Jun 7 13:53:35 UTC 2016
On 06/07/2016 03:47 PM, Alexander Bokovoy wrote:
> On Tue, 07 Jun 2016, thierry bordaz wrote:
>>>> Well here we have IPA password extop that receives a 'compat'
>>>> entry. This compat entry does not exist except in slapi-nis that
>>>> can do the mapping to the real entry. What I was thinking of was
>>>> some kind of call from IPA password extop to slapi-nis that for a
>>>> given entry DN return the real entryDN. But the tranformation of
>>>> the extop('compat') -> extop('real') would be done in IPA password
>>>> extop
>>> no, just look at slapi-nis code to see how we rewrite DN of the
>>> request.
>>> You'd need to do a similar trick.
>>>
>>
>> Thanks for the pointer. What differs is that slapi-nis is doing the
>> mapping in an operation (here bind) preop.
>> But with extop there is no preop call. Mapping looks to be done in
>> backend_locate, my understanding is that we need to find a way to
>> call something like backend_locate from extop and it can not be done
>> with an internal search because slapi-nis ignores them.
> May be it is time to add pre/post operations for extop? Granted, they
> are not going to be useful for most cases but this would solve our
> problem, right?
Right but it creates a dependency on DS.
An other option would be to use the broker api (to allow a plugin to
call others plugins callback), but it would require changes on slapi-nis
and IPA pwd extop.
The nicer approach is a extop - preop/postop. I will start on this.
Thanks you for all you feedback
More information about the Freeipa-devel
mailing list