[Freeipa-devel] [PATCHES] All-around improvements to baseldap.py classes.
Pavel Zuna
pzuna at redhat.com
Tue Aug 4 14:22:27 UTC 2009
Rob Crittenden wrote:
> Pavel Zůna wrote:
>> 0001: Enable attribute re-mapping and ordering when printing entries.
>>
>> Also print multiple values on one line separated by commas.
>
> Ok, though we'll have to see what that looks like on very large values.
>
> One thing I'm thinking is memberOf. In v1 when showing a user you'd also
> get the list of groups they are a member of. All one one line would be
> really hard to grok.
>
Actually I made the change because of attributes like 'member' and 'memberOf'.
For 100 users in a groups, we had a 100 lines of output. On the other hand, if
the users don't fit on one line, the output isn't very nice. Anyway I made
another patch that improves this - it word wraps and indents the values like this:
Password policy
maximum lifetime (in days): 90
minimum lifetime (in hours): 1
history size: 0
minimum number of characters classes: 0
minimum length: 8
test: a, a, aa, aaa, aaaa, aaaaa, aaaaaa, aaaaaaa, aaaaaaaa,
aaaaaaaaa, aaaaaaaaaa, aaaaaaaaaaa, aaaaaaaaaaaa,
aaaaaaaaaaaaa, aaaaaaaaaaaaaa, aaaaaaaaaaaaaaa,
Since this patch was already pushed, I'll submit the improvement in a separate one.
>> -----------------------------------------------------------------------
>> 0002: Prevent double encoding/decoding when processing compound types.
>>
>
> ack
>
>> -----------------------------------------------------------------------
>> 0003: Fix bug in _get_syntax (it was always returning None).
>>
>> Also prevent a few cases of double processing of arguments.
>
> ack
>
>>
>> -----------------------------------------------------------------------
>> 0004: All-around improvements to baseldap.py classes.
>>
>> - attribute re-mapping, ordering and hiding
>> (Enables plugins to completely hide LDAP internals from users
>> and full localization of command output.)
>> - translation of member DNs into object names
>> (No more DNs when listing group members etc.)
>> - support for "singleton" LDAP objects
>> (Objects like "pwpolicy"; not accessed by primary key.)
>> - new base classes for commands: LDAPModMember, LDAPAddMember
>> and LDAPRemoveMember
>> (Providing support for objects with 'member'-like attributes.)
>> - LDAPSearch implicit exit code changed to 1 when nothing is found
>
> Why the switch to ONELEVEL as the scope? Otherwise looks ok.
I don't remember the situation exactly, but I had the parent (container) entry
returned by some search commands. Normally, it should never happen since the
search filter includes object classes, but I accidentally left it there and it
doesn't hurt anything (at least for now).
>
> rob
>
Pavel
More information about the Freeipa-devel
mailing list