[Freeipa-devel] RFC wrt little snag in LDAPCreate when ipa_uuid manipulates the DN on entry add
Adam Young
ayoung at redhat.com
Wed Oct 27 13:35:17 UTC 2010
On 10/26/2010 11:21 PM, Simo Sorce wrote:
> So, I have been working on this ipa_uuid plugin as of late and one of
> the last tasks was to let it modify the RDN if ipaUniqueID is part of
> the DN of an entry we want to create.
>
> Example:
> dn: ipauniqueid=autogenerate,cn=hbac,dc=...
> cn: foo rule
> hbactype: allow
> ...
>
> 'autogenerate' is the magic value that makes the ipa_uuid plugin
> generate a uuid and set it on the entry.
>
> The problem is that LDAPCreate, after adding the entry will try to
> search it back immediately using the DN we passed in. This search will
> fail as the DN that is stored in LDAP is different (it has the
> generated uuid instead of 'autogenerate').
>
> So ideas on how to gracefully handle this are welcome.
>
> I discussed of 2 with Rob on IRC but we'd like more inputs (Pavel, that
> would be directed at you :-).
>
> 1. Ignore the error in calls that pass in a DN containing ipauniqueid
> as the RDN and perform a new search.
>
> 2. modify LDAPCreate so that we can pass in a filter. If the caller
> passes in a filter we use that instead of the DN to search the entry
> back.
>
> Simo.
>
>
I'm not up to speed on this code. Why do a find right after create?
More information about the Freeipa-devel
mailing list