[Freeipa-devel] [PATCH] 956 user lockout status
Martin Kosek
mkosek at redhat.com
Mon Feb 27 17:31:18 UTC 2012
On Tue, 2012-02-21 at 17:41 -0500, Rob Crittenden wrote:
> Simo Sorce wrote:
> > On Tue, 2012-02-21 at 15:57 -0500, Rob Crittenden wrote:
> >> + other_ldap = ldap2(shared_instance=False,
> >> + ldap_uri='ldap://%s' % host,
> >> + base_dn=self.api.env.basedn)
> >> + other_ldap.connect(ccache=os.environ['KRB5CCNAME'])
> >
> > Nack,
> > if a server is not reachable this will give back a traceback as no
> > exception is trapped.
> > Also in general we should not fail, some servers may have whatever
> > issues. We should just return a "N/A" result for those servers that we
> > had problem reaching or requesting values from.
> >
> > Simo.
> >
>
> fixed
>
> rob
I have found few issues:
1) Requesting an non-existent user returns a failure instead of
returning something like "user foo does not exist":
# ipa user-status foo
Server: vm-068.idm.lab.bos.redhat.com failed
Server: vm-115.idm.lab.bos.redhat.com failed
----------------------------
Number of entries returned 2
----------------------------
2) Date parsing did not work for me. Its still in raw format. I saw this
exception:
time data u'20120227171316Z' does not match format '%Y%m%d%H%M%S%Z'
# ipa user-status admin
Server: vm-068.idm.lab.bos.redhat.com
Failed logins:
Last successful authentication: 20120227171316Z
Last failed authentication:
Server: vm-115.idm.lab.bos.redhat.com
Failed logins:
Last successful authentication:
Last failed authentication:
----------------------------
Number of entries returned 2
----------------------------
3) Is it intentional to return empty strings when a user never
authenticated on given master? I wonder if we shouldn't return at least
something like this:
Server: vm-115.idm.lab.bos.redhat.com
Failed logins: 0
Last successful authentication: N/A ("never" or something like that)
Last failed authentication: N/A
4) Minor change:
- except Exception:
+ except:
Martin
More information about the Freeipa-devel
mailing list