[Freeipa-devel] Re: [PATCH] Add --all to LDAPCreate and make LDAP commands always display default attributes.
Pavel Zuna
pzuna at redhat.com
Wed Nov 18 13:03:20 UTC 2009
Rob Crittenden wrote:
> Pavel Zuna wrote:
>> Rob Crittenden wrote:
>>> Pavel Zuna wrote:
>>>> And here's the actual patch. :)
>>>>
>>>> Pavel Zuna wrote:
>>>>> This should fix the issue:
>>>>>
>>>>> Rob Crittenden wrote:
>>>>>> Michael Gregg wrote:
>>>>>>>
>>>>>>> Rob, did the support for posix groups change?
>>>>>>>
>>>>>>> If I create a group specifying "--posix" the cli does create the
>>>>>>> group.
>>>>>>> Then, using ipa group-find, I do not see any way to determine if
>>>>>>> that group is a posixgroup or not.
>>>>>>> group-find -all used to reveal a PosixGroup field.
>>>>>>>
>>>>>>> How do I determine if a group is a posix group or not?
>>>>>>>
>>>>>>> Michael-
>>>>>>
>>>>>> Ok, I suppose I could have looked at this before firing off an
>>>>>> e-mail :-)
>>>>>>
>>>>>> I do see the group number when showing a group:
>>>>>>
>>>>>> $ ./ipa group-show g9
>>>>>> -----------
>>>>>> group-show:
>>>>>> -----------
>>>>>> Group: g9
>>>>>> name: g9
>>>>>> description: test posix group
>>>>>> group id: 1117
>>>>>>
>>>>>> But when adding it this doesn't appear. Oddly enough we show the
>>>>>> ipquniqueid when adding a group but not when showing it!
>>>>>>
>>>>>> Pavel, do you have time to investigate this inconsistency?
>>>>>>
>>>>>> rob
>>>>>
>>>>> Pavel
>>>>>
>>>
>>> I'm not sure how this addresses the issue that when adding a group
>>> different values are returned than when you show one.
>> When an entry is created, we show the default attributes and all
>> attributes that were created explicitly. Before this patch, it was
>> just all attributes, that were created explicitly, so for example gid
>> didn't show up on groups, because it was created by the DNA plugin.
>>
>> When showing an entry, we return the default attributes.
>>
>> Should I change LDAPCreate to only return default attributes?
>
> No. I understand the problem now. I think in earlier versions we were
> actually doing a lookup of the entry after creation and returning that.
> This would resolve the problem.
We're still doing it the same way. Add, then lookup the entry we just created,
but when we lookup an entry, we have to specify a list of attributes we are
interested in.
Currently:
In *-show, we request LDAPObject.default_attributes.
In *-add, we request LDAPObject.default_attributes + attributes passed to add_entry.
Or all attributes in both, if --all was present.
>
>>> This also causes a whole ton of tests to fail. I think in baseldap.oy
>>> instead of:
>>>
>>> if options['all']:
>>>
>>> You want:
>>>
>>> if options.get('all', False):
>> Some of the tests were failing before this patch. I submitted a fix
>> for most of them.
>>
>> if options['all'] is fine, because --all is a Flag parameters and is
>> required.
>
> The service plugin overrides takes_options() in some cases, hence no
> 'all. Probably something to fix but we still should handle this case
> (all not in options).
Okey, I'll go the fail-safe way and assume 'all' might not be there.
takes_options in the service plugin need fixing.
>
> rob
Pavel
More information about the Freeipa-devel
mailing list