[Freeipa-devel] [PATCH 0116] Refactoring of service autobind
Martin Kosek
mkosek at redhat.com
Fri Sep 26 11:31:06 UTC 2014
On 09/25/2014 03:06 PM, Martin Basti wrote:
> On 25/09/14 14:47, Jan Cholasta wrote:
>> Dne 25.9.2014 v 10:51 Martin Basti napsal(a):
>>> On 19/09/14 14:30, Jan Cholasta wrote:
>>>> Dne 19.9.2014 v 13:32 Martin Basti napsal(a):
>>>>> On 01/09/14 16:26, Martin Basti wrote:
>>>>>> On 28/08/14 14:01, Jan Cholasta wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> Dne 27.8.2014 v 15:22 Martin Basti napsal(a):
>>>>>>>> Patch attached.
>>>>>>>>
>>>>>>>
>>>>>>> 1) Please rename object_exists to entry_exists.
>>>>>>>
>>>>>>>
>>>>>>> 2) Use empty attribute list in get_entry() in
>>>>>>> object_exists/entry_exists.
>>>>>>>
>>>>>>>
>>>>>>> 3) Please update LDAPObject.get_dn_if_exists() to use
>>>>>>> object_exists/entry_exists.
>>>>>>>
>>>>>>>
>>>>>>> 4) I'm not a fan of how do_bind() is laid out, IMHO something like
>>>>>>> this would be better (untested):
>>>>>>>
>>>>>>> + def do_bind(self, dm_password=None, autobind=AUTOBIND_AUTO,
>>>>>>> timeout=DEFAULT_TIMEOUT):
>>>>>>> + if dm_password:
>>>>>>> + self.do_simple_bind(bindpw=dm_password, timeout=timeout)
>>>>>>> + return
>>>>>>> +
>>>>>>> + if autobind != AUTOBIND_DISABLED and os.getegid() == 0 and
>>>>>>> self.ldapi:
>>>>>>> + try:
>>>>>>> + # autobind
>>>>>>> + pw_name = pwd.getpwuid(os.geteuid()).pw_name
>>>>>>> + self.do_external_bind(pw_name, timeout=timeout)
>>>>>>> + return
>>>>>>> + except errors.NotFound:
>>>>>>> + if autobind == AUTOBIND_ENABLED:
>>>>>>> + # autobind was required and failed, raise
>>>>>>> + # exception that it failed
>>>>>>> + raise
>>>>>>> +
>>>>>>> + # Fall back
>>>>>>> + self.do_sasl_gssapi_bind(timeout=timeout)
>>>>>>>
>>>>>>>
>>>>>>> Honza
>>>>>>>
>>>>>> 3) skipped as we discuss on IRC
>>>>>>
>>>>>> Updated patch attached
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Freeipa-devel mailing list
>>>>>> Freeipa-devel at redhat.com
>>>>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>>>> Please review, this should be in 4.1
>>>>
>>>> 1) The patch need a rebase on top of current ipa-4-1.
>>> I can apply it (Am I doing something wrong?)
>>>>
>>>>
>>>> 2) You can remove import pwd from service.py, it is no longer used there.
>>>>
>>>>
>>>> 3) Are named constants for the autobind argument the right thing to
>>>> do? It is a tri-state which can be expressed with None/True/False.
>>>> (I'm just asking, I don't have a strong opinion on this.)
>>>>
>>> As we discussed on IRC, using None/True/False, is not good approach.
>>> Updated patch attached
>>>
>>
>> ACK, but the patch still does not apply cleanly on ipa-4-1:
>>
>> $ git apply freeipa-mbasti-0116.3-Refactoring-of-autobind-object_exists.patch
>> error: patch failed: ipaserver/install/service.py:20
>> error: ipaserver/install/service.py: patch does not apply
>>
> Rebased patches attached
Pushed to:
master: 29ba9d9d26b92498902d40d71adae193308b5c92
ipa-4-1: 8e0f8bc7ad8e91bcf9e30e3cc8159838977348e6
Martin
More information about the Freeipa-devel
mailing list