[Freeipa-devel] [PATCH] 6 Sort password policy by priority

Rob Crittenden rcritten at redhat.com
Fri Dec 2 16:15:35 UTC 2011 

Ondrej Hamada wrote:
> On 11/29/2011 08:43 PM, Rob Crittenden wrote:
>> Ondrej Hamada wrote:
>>> On 11/29/2011 03:46 PM, Ondrej Hamada wrote:
>>>> https://fedorahosted.org/freeipa/ticket/2045
>>>>
>>>> 'ipa pwpolicy-find' output is now sorted by priority of the policies.
>>>> Lower position means lower priority. Global policy is then at the
>>>> bottom.
>>>>
>>>> The changes has also affected LDAPSearch class in baseldap.py:
>>>> LDAPSearch class sorts the search results by primary key be default
>>>> (which is usually 'cn'). Therefor a function pointer entries_sortfn
>>>> was added. If no sorting function exists, default sorting by primary
>>>> key
>>>> is used.
>>>>
>>>> Sorting function had to be introduced due to the fact that pwpolicy's
>>>> primary
>>>> key is also it's 'cn' and global policy is not allowed to have any
>>>> priority.
>>>>
>>> forget to attach the patch, sorry :-[
>>>
>>
>>
>> Doesn't work with the lite-server due to changing a ReadOnly value. I
>> think you have the right idea you just need to assign the sorting
>> statically instead of dynamically (it won't change after finalization).
>>
>> $ ./ipa pwpolicy-add editors --minlife=2 --priority=9
>>
>> ipa: DEBUG: Created connection context.ldap2
>> ipa: DEBUG: raw: pwpolicy_add(u'editors', krbminpwdlife=2,
>> cospriority=9, all=False, raw=False, version=u'2.15')
>> ipa: DEBUG: pwpolicy_add(u'editors', krbminpwdlife=2, cospriority=9,
>> all=False, raw=False, version=u'2.15')
>> ipa: DEBUG: raw: cosentry_add(u'editors',
>> krbpwdpolicyreference=u'cn=editors,cn=GREYOAK.COM,cn=kerberos,dc=greyoak,dc=com',
>> cospriority=9)
>> ipa: DEBUG: cosentry_add(u'editors',
>> krbpwdpolicyreference=u'cn=editors,cn=GREYOAK.COM,cn=kerberos,dc=greyoak,dc=com',
>> cospriority=9, all=False, raw=False)
>> ipa: DEBUG: raw: group_show(u'editors', all=True)
>> ipa: DEBUG: group_show(u'editors', rights=False, all=True, raw=False)
>> ipa: DEBUG: raw: cosentry_find(None, cospriority=9)
>> ipa: DEBUG: cosentry_find(None, cospriority=9, all=False, raw=False,
>> pkey_only=False)
>> ipa: ERROR: non-public: AttributeError: locked: cannot set
>> cosentry_find.entries_sortfn to <function <lambda> at 0x7f7abc33ec80>
>> Traceback (most recent call last):
>> File "/home/rcrit/redhat/freeipa-review/ipaserver/rpcserver.py", line
>> 223, in wsgi_execute
>> result = self.Command[name](*args, **options)
>> File "/home/rcrit/redhat/freeipa-review/ipalib/frontend.py", line 438,
>> in __call__
>> ret = self.run(*args, **options)
>> File "/home/rcrit/redhat/freeipa-review/ipalib/frontend.py", line 756,
>> in run
>> return self.execute(*args, **options)
>> File "/home/rcrit/redhat/freeipa-review/ipalib/plugins/baseldap.py",
>> line 700, in execute
>> ldap, dn, entry_attrs, attrs_list, *keys, **options
>> File "/home/rcrit/redhat/freeipa-review/ipalib/plugins/pwpolicy.py",
>> line 346, in pre_callback
>> cospriority=options.get('cospriority')
>> File "/home/rcrit/redhat/freeipa-review/ipalib/frontend.py", line 438,
>> in __call__
>> ret = self.run(*args, **options)
>> File "/home/rcrit/redhat/freeipa-review/ipalib/frontend.py", line 756,
>> in run
>> return self.execute(*args, **options)
>> File "/home/rcrit/redhat/freeipa-review/ipalib/plugins/baseldap.py",
>> line 700, in execute
>> ldap, dn, entry_attrs, attrs_list, *keys, **options
>> File "/home/rcrit/redhat/freeipa-review/ipalib/plugins/pwpolicy.py",
>> line 127, in pre_callback
>> self.obj.check_priority_uniqueness(*keys, **options)
>> File "/home/rcrit/redhat/freeipa-review/ipalib/plugins/pwpolicy.py",
>> line 101, in check_priority_uniqueness
>> cospriority=options['cospriority']
>> File "/home/rcrit/redhat/freeipa-review/ipalib/frontend.py", line 438,
>> in __call__
>> ret = self.run(*args, **options)
>> File "/home/rcrit/redhat/freeipa-review/ipalib/frontend.py", line 756,
>> in run
>> return self.execute(*args, **options)
>> File "/home/rcrit/redhat/freeipa-review/ipalib/plugins/baseldap.py",
>> line 1620, in execute
>> self.entries_sortfn=lambda x,y:
>> cmp(x[1][self.obj.primary_key.name][0].lower(),
>> y[1][self.obj.primary_key.name][0].lower())
>> File "/home/rcrit/redhat/freeipa-review/ipalib/base.py", line 131, in
>> __setattr__
>> SET_ERROR % (self.__class__.__name__, name, value)
>> AttributeError: locked: cannot set cosentry_find.entries_sortfn to
>> <function <lambda> at 0x7f7abc33ec80>
>> ipa: INFO: admin at GREYOAK.COM: pwpolicy_add(u'editors',
>> krbminpwdlife=2, cospriority=9, all=False, raw=False,
>> version=u'2.15'): AttributeError
>> ipa: DEBUG: response: InternalError: an internal error has occurred
>> ipa: DEBUG: Destroyed connection context.ldap2
>>
> corrected, patch attached
>

ACK, pushed to master.

I slightly modified one comment and limited the commit message to 75 
chars per line.

Nice work.

rob

More information about the Freeipa-devel mailing list