[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Freeipa-devel] [PATCH] use groupOfNames not groupOfUniqueNames



UniqueMember has a syntax that many regards as really bad.
Most instead agrees on using groupOfNames, with the only caveat (present
in groupOfUniqueNames as well) that you can't have an empty group
(except that in FDS it seem we use a non-standard schema that make
member a MAY attribute not a MUST attribute as rfc4519 mandates...
sigh!).

Simo.
# HG changeset patch
# User Simo Sorce <ssorce redhat com>
# Date 1195572163 18000
# Node ID 504f44cd4c0789e010941f50b476fe4e39071972
# Parent  8ac4557bef2bcee046498f5e4088169130598148
Use groupOfNames and member, not groupOfUniqueNames and uniqueMember

diff -r 8ac4557bef2b -r 504f44cd4c07 ipa-server/ipa-install/share/bootstrap-template.ldif
--- a/ipa-server/ipa-install/share/bootstrap-template.ldif	Mon Nov 19 19:34:27 2007 -0500
+++ b/ipa-server/ipa-install/share/bootstrap-template.ldif	Tue Nov 20 10:22:43 2007 -0500
@@ -77,17 +77,17 @@ dn: cn=admins,cn=groups,cn=accounts,$SUF
 dn: cn=admins,cn=groups,cn=accounts,$SUFFIX
 changetype: add
 objectClass: top
-objectClass: groupofuniquenames
+objectClass: groupofnames
 objectClass: posixGroup
 cn: admins
 description: Account administrators group
 gidNumber: 1001
-uniqueMember: uid=admin,cn=sysaccounts,cn=etc,$SUFFIX
+member: uid=admin,cn=sysaccounts,cn=etc,$SUFFIX
 
 dn: cn=ipausers,cn=groups,cn=accounts,$SUFFIX
 changetype: add
 objectClass: top
-objectClass: groupofuniquenames
+objectClass: groupofnames
 objectClass: posixGroup
 gidNumber: 1002
 description: Default group for all users
@@ -96,7 +96,7 @@ dn: cn=editors,cn=groups,cn=accounts,$SU
 dn: cn=editors,cn=groups,cn=accounts,$SUFFIX
 changetype: add
 objectClass: top
-objectClass: groupofuniquenames
+objectClass: groupofnames
 objectClass: posixGroup
 gidNumber: 1003
 description: Limited admins who can edit other users
diff -r 8ac4557bef2b -r 504f44cd4c07 ipa-server/ipa-slapi-plugins/ipa-memberof/ipa-memberof.c
--- a/ipa-server/ipa-slapi-plugins/ipa-memberof/ipa-memberof.c	Mon Nov 19 19:34:27 2007 -0500
+++ b/ipa-server/ipa-slapi-plugins/ipa-memberof/ipa-memberof.c	Tue Nov 20 10:22:43 2007 -0500
@@ -70,7 +70,7 @@
 #include "string.h"
 #include "nspr.h"
 
-#define IPA_GROUP_ATTR "uniquemember"
+#define IPA_GROUP_ATTR "member"
 #define IPA_MEMBEROF_ATTR "memberof"
 #define IPA_GROUP_ATTR_IS_DN 1
 #define IPA_GROUP_ATTR_TYPE "uid"
diff -r 8ac4557bef2b -r 504f44cd4c07 ipa-server/xmlrpc-server/funcs.py
--- a/ipa-server/xmlrpc-server/funcs.py	Mon Nov 19 19:34:27 2007 -0500
+++ b/ipa-server/xmlrpc-server/funcs.py	Tue Nov 20 10:22:43 2007 -0500
@@ -751,7 +751,7 @@ class IPAServer:
         """
 
         member_dn = self.__safe_filter(member_dn)
-        filter = "(&(objectClass=posixGroup)(uniqueMember=%s))" % member_dn
+        filter = "(&(objectClass=posixGroup)(member=%s))" % member_dn
 
         try:
             return self.__get_list(self.basedn, filter, sattrs, opts)
@@ -774,7 +774,7 @@ class IPAServer:
         entry = ipaserver.ipaldap.Entry(dn)
 
         # some required objectclasses
-        entry.setValues('objectClass', 'top', 'groupofuniquenames', 'posixGroup',
+        entry.setValues('objectClass', 'top', 'groupofnames', 'posixGroup',
                         'inetUser')
 
         # No need to explicitly set gidNumber. The dna_plugin will do this
@@ -880,12 +880,12 @@ class IPAServer:
         # check to make sure member_dn exists
         member_entry = self.__get_base_entry(member_dn, "(objectClass=*)", ['dn','uid'], opts)
 
-        if new_group.get('uniquemember') is not None:
-            if ((isinstance(new_group.get('uniquemember'), str)) or (isinstance(new_group.get('uniquemember'), unicode))):
-                new_group['uniquemember'] = [new_group['uniquemember']]
-            new_group['uniquemember'].append(member_dn)
+        if new_group.get('member') is not None:
+            if ((isinstance(new_group.get('member'), str)) or (isinstance(new_group.get('member'), unicode))):
+                new_group['member'] = [new_group['member']]
+            new_group['member'].append(member_dn)
         else:
-            new_group['uniquemember'] = member_dn
+            new_group['member'] = member_dn
 
         try:
             ret = self.__update_entry(old_group, new_group, opts)
@@ -924,11 +924,11 @@ class IPAServer:
             raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)
         new_group = copy.deepcopy(old_group)
 
-        if new_group.get('uniquemember') is not None:
-            if ((isinstance(new_group.get('uniquemember'), str)) or (isinstance(new_group.get('uniquemember'), unicode))):
-                new_group['uniquemember'] = [new_group['uniquemember']]
-            try:
-                new_group['uniquemember'].remove(member_dn)
+        if new_group.get('member') is not None:
+            if ((isinstance(new_group.get('member'), str)) or (isinstance(new_group.get('member'), unicode))):
+                new_group['member'] = [new_group['member']]
+            try:
+                new_group['member'].remove(member_dn)
             except ValueError:
                 # member is not in the group
                 # FIXME: raise more specific error?
@@ -1161,12 +1161,12 @@ class IPAServer:
         if group_dn is None:
             raise ipaerror.gen_exception(ipaerror.LDAP_NOT_FOUND)
 
-        if new_group.get('uniquemember') is not None:
-            if ((isinstance(new_group.get('uniquemember'), str)) or (isinstance(new_group.get('uniquemember'), unicode))):
-                new_group['uniquemember'] = [new_group['uniquemember']]
-            new_group['uniquemember'].append(group_dn['dn'])
+        if new_group.get('member') is not None:
+            if ((isinstance(new_group.get('member'), str)) or (isinstance(new_group.get('member'), unicode))):
+                new_group['member'] = [new_group['member']]
+            new_group['member'].append(group_dn['dn'])
         else:
-            new_group['uniquemember'] = group_dn['dn']
+            new_group['member'] = group_dn['dn']
 
         try:
             ret = self.__update_entry(old_group, new_group, opts)

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]