[Freeipa-devel] [PATCH 0116] Refactoring of service autobind

Jan Cholasta jcholast at redhat.com
Fri Sep 19 12:30:03 UTC 2014 

Dne 19.9.2014 v 13:32 Martin Basti napsal(a):
> On 01/09/14 16:26, Martin Basti wrote:
>> On 28/08/14 14:01, Jan Cholasta wrote:
>>> Hi,
>>>
>>> Dne 27.8.2014 v 15:22 Martin Basti napsal(a):
>>>> Patch attached.
>>>>
>>>
>>> 1) Please rename object_exists to entry_exists.
>>>
>>>
>>> 2) Use empty attribute list in get_entry() in
>>> object_exists/entry_exists.
>>>
>>>
>>> 3) Please update LDAPObject.get_dn_if_exists() to use
>>> object_exists/entry_exists.
>>>
>>>
>>> 4) I'm not a fan of how do_bind() is laid out, IMHO something like
>>> this would be better (untested):
>>>
>>> +    def do_bind(self, dm_password=None, autobind=AUTOBIND_AUTO,
>>> timeout=DEFAULT_TIMEOUT):
>>> +        if dm_password:
>>> +            self.do_simple_bind(bindpw=dm_password, timeout=timeout)
>>> +            return
>>> +
>>> +        if autobind != AUTOBIND_DISABLED and os.getegid() == 0 and
>>> self.ldapi:
>>> +            try:
>>> +                # autobind
>>> +                pw_name = pwd.getpwuid(os.geteuid()).pw_name
>>> +                self.do_external_bind(pw_name, timeout=timeout)
>>> +                return
>>> +            except errors.NotFound:
>>> +                if autobind == AUTOBIND_ENABLED:
>>> +                    # autobind was required and failed, raise
>>> +                    # exception that it failed
>>> +                    raise
>>> +
>>> +        # Fall back
>>> +        self.do_sasl_gssapi_bind(timeout=timeout)
>>>
>>>
>>> Honza
>>>
>> 3) skipped as we discuss on IRC
>>
>> Updated patch attached
>>
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> Please review, this should be in 4.1

1) The patch need a rebase on top of current ipa-4-1.


2) You can remove import pwd from service.py, it is no longer used there.


3) Are named constants for the autobind argument the right thing to do? 
It is a tri-state which can be expressed with None/True/False. (I'm just 
asking, I don't have a strong opinion on this.)

-- 
Jan Cholasta

More information about the Freeipa-devel mailing list