[Freeipa-devel] Re: [PATCH] Fix bug in HBAC and netgroup plugin get_primary_key_from_dn methods.
Pavel Zuna
pzuna at redhat.com
Thu Oct 8 11:05:14 UTC 2009
Rob Crittenden wrote:
> Pavel Zuna wrote:
>> The method was returning tuples instead of strings in both plugins
>> causing a mess in other plugins, when displaying netgroup/HBAC
>> information.
>>
>> Pavel
>
> Assuming that the primary key doesn't exist, what meaning does returning
> '' have? For these 2 plugins shouldn't it always have a primary key?
>
> rob
In most plugins, retrieving the primary key from DN is easy, because it is part
of the DN (RDN attribute == primary key attribute). With netgroups and HBAC it
is a bit more complicated, because the RDN attribute is 'ipauniqueid' and the
primary key is 'cn' - we have to do a search to retrieve it. If the search fails
for some reason (someone deletes the entry in parallel for example), we return
an empty string, which is fail-safe.
Pavel
More information about the Freeipa-devel
mailing list