[Freeipa-devel] [PATCH] Add new pwpolicy plugin based on baseldap classes.
Pavel Zuna
pzuna at redhat.com
Fri Mar 19 15:34:55 UTC 2010
Last week, I spent a good amount of time investigating about the way we
build/normalize DNs. Most issues, that came up recently originated in the
password policy plugin as it needed specially crafted DNs for class of service
(CoS) entries. As I was playing around with it, I decided to rewrite it, so that
it blends with all the other "baseldap plugins" we have.
I didn't want to override Rob's original pwpolicy plugin right away, so I named
it pwpolicy2, so that we can have both plugins available for now.
pwpolicy2 includes all functionality the original plugin had including the
latest changes like priority uniqueness etc. There is a small interface change -
group names are entered as the first positional argument. If no group is
specified, the plugin assumes the global password policy. It supports
--all/--raw and has fine grained searching capabilities (the original plugin was
only able to return all policies). It also shows priority when displaying policies.
There is a lot of technical changes. It's a complete rewrite. Everything is
based on baseldap classes, so the code should be a bit simpler and commands
behavior more consistent with other plugins. CoS objects are modeled separately
and have their own CRUD commands. I flagged the CoS commands as INTERNAL (see my
recent patch), so that users aren't able to access CoS entries directly, but
pwpolicy2 can take advantage of our plugin infrastructure to manage them. I
think this is a good example of how internal plugin are useful. It's also very
handy for testing, you can just remove the INTERNAL flag and use `ipa
cosentry-find --all --raw` to check if the entries were
created/modified/whatever correctly.
Unit test included.
Pavel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0005-Add-new-pwpolicy-plugin-based-on-baseldap-classes.patch
Type: application/mbox
Size: 18724 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20100319/f6980c97/attachment.mbox>
More information about the Freeipa-devel
mailing list