[Freeipa-devel] [PATCHES] All-around improvements to baseldap.py classes.

Pavel Zuna pzuna at redhat.com
Tue Aug 4 14:22:27 UTC 2009 

Rob Crittenden wrote:
> Pavel Zůna wrote:
>> 0001: Enable attribute re-mapping and ordering when printing entries.
>>
>> Also print multiple values on one line separated by commas.
> 
> Ok, though we'll have to see what that looks like on very large values.
> 
> One thing I'm thinking is memberOf. In v1 when showing a user you'd also 
> get the list of groups they are a member of. All one one line would be 
> really hard to grok.
>
Actually I made the change because of attributes like 'member' and 'memberOf'. 
For 100 users in a groups, we had a 100 lines of output. On the other hand, if 
the users don't fit on one line, the output isn't very nice. Anyway I made 
another patch that improves this - it word wraps and indents the values like this:

Password policy
   maximum lifetime (in days): 90
   minimum lifetime (in hours): 1
   history size: 0
   minimum number of characters classes: 0
   minimum length: 8
   test: a, a, aa, aaa, aaaa, aaaaa, aaaaaa, aaaaaaa, aaaaaaaa,
         aaaaaaaaa, aaaaaaaaaa, aaaaaaaaaaa, aaaaaaaaaaaa,
         aaaaaaaaaaaaa, aaaaaaaaaaaaaa, aaaaaaaaaaaaaaa,

Since this patch was already pushed, I'll submit the improvement in a separate one.

>> -----------------------------------------------------------------------
>> 0002: Prevent double encoding/decoding when processing compound types.
>>
> 
> ack
> 
>> -----------------------------------------------------------------------
>> 0003: Fix bug in _get_syntax (it was always returning None).
>>
>> Also prevent a few cases of double processing of arguments.
> 
> ack
> 
>>
>> -----------------------------------------------------------------------
>> 0004: All-around improvements to baseldap.py classes.
>>
>> - attribute re-mapping, ordering and hiding
>>   (Enables plugins to completely hide LDAP internals from users
>>    and full localization of command output.)
>> - translation of member DNs into object names
>>   (No more DNs when listing group members etc.)
>> - support for "singleton" LDAP objects
>>   (Objects like "pwpolicy"; not accessed by primary key.)
>> - new base classes for commands: LDAPModMember, LDAPAddMember
>>   and LDAPRemoveMember
>>   (Providing support for objects with 'member'-like attributes.)
>> - LDAPSearch implicit exit code changed to 1 when nothing is found
> 
> Why the switch to ONELEVEL as the scope? Otherwise looks ok.
I don't remember the situation exactly, but I had the parent (container) entry 
returned by some search commands. Normally, it should never happen since the 
search filter includes object classes, but I accidentally left it there and it 
doesn't hurt anything (at least for now).

> 
> rob
> 

Pavel

More information about the Freeipa-devel mailing list