[Freeipa-devel] [PATCH 0064] Create ipa-otp-decrement 389DS plugin
thierry bordaz
tbordaz at redhat.com
Tue Sep 16 19:56:30 UTC 2014
On 09/16/2014 07:25 PM, Nathaniel McCallum wrote:
> On Tue, 2014-09-16 at 19:24 +0200, thierry bordaz wrote:
>> On 09/15/2014 09:05 PM, Nathaniel McCallum wrote:
>>
>>> This plugin ensures that all counter/watermark operations are atomic
>>> and never decrement. Also, deletion is not permitted.
>>>
>>> https://fedorahosted.org/freeipa/ticket/4494
>>>
>>>
>>> _______________________________________________
>>> Freeipa-devel mailing list
>>> Freeipa-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>> Hello Nathaniel,
>>
>> Starting looking at it, I have just a question about
>> sanitize_input.
>> If the modification (replace) is related to counter/watermark,
>> it triggers an internal search on the target entry itself.
>> The original/modified entry is also present in the pblock. The
>> internal search will check the filter but except that what is
>> the benefit vs
>> taking the entry directly in the pblock.
> I didn't know the entry was already in the pblock. What loads it? And
> when? How do I access it?
>
> Nathaniel
>
Hello Nathaniel,
You may retrieve the entry with slapi_pblock_get(pb,
SLAPI_ENTRY_PRE_OP, &e) [Slapi_Entry *e;].
This is the original entry, before the other be-preop plugin are
called and modifications occured.
If you need to check that the entry match a filter you may also do:
filter_str =
slapi_ch_strdup("(|(objectClass=ipatokenHOTP)(objectClass=ipatokenTOTP))");
filter = slapi_str2filter(filter_str);
if (slapi_filter_test_simple(e, filter) != 0) {
/* do not match */
}
or directly checking the objectclass values
slapi_entry_attr_find/slapi_attr_value_find
thanks
thierry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140916/72413b96/attachment.htm>
More information about the Freeipa-devel
mailing list