[Freeipa-devel] [PATCH] admiyo-freeipa-0024-user-whoami.patch
Rob Crittenden
rcritten at redhat.com
Wed Sep 15 18:14:41 UTC 2010
Adam Young wrote:
> On 09/15/2010 11:31 AM, Adam Young wrote:
>> On 09/15/2010 09:42 AM, Rob Crittenden wrote:
>>> Adam Young wrote:
>>>> On 09/14/2010 05:57 PM, Rob Crittenden wrote:
>>>>> Adam Young wrote:
>>>>>> admiyo-freeipa-0024-user-whoami.patch broke the user-find, due to a
>>>>>> missing return statement. It has been reverted. Here is the corrected
>>>>>> one.
>>>>>
>>>>> NACK.
>>>>>
>>>>> I think you want to use false for options.get:
>>>>> if options.get('whoami', False):
>>>>>
>>>>> Otherwise it will always return the whoami version.
>>>>
>>>> Doesn't seem to be working that way.
>>>>
>>>> If I kinit as kfrog:
>>>>
>>>> ipa user-find pdawn
>>>> --------------
>>>> 1 user matched
>>>> --------------
>>>> User login: pdawn
>>>> First name: Prairie
>>>> Last name: Dawn
>>>> Home directory: /home/pdawn
>>>> Login shell: /bin/sh
>>>> Groups: ipausers, muppets
>>>> ----------------------------
>>>> Number of entries returned 1
>>>>
>>>> [ayoung at ipa ~]$ ipa user-find
>>>> ---------------
>>>> 7 users matched
>>>> ---------------
>>>> ...
>>>>
>>>
>>> You're relying on the fact that the CLI always includes whoami in the
>>> options list. If whoami isn't sent it will default to True and return
>>> the wrong thing.
>> Setting it to false does not work:
>>
>> [root at ipa ~]# ipa user-find --whoami
>> ---------------
>> 0 users matched
>> ---------------
>> ----------------------------
>> Number of entries returned 0
>> ----------------------------
>>
>>>
>>>>>
>>>>> I'm not sure which is most efficient when building a string but it is
>>>>> easier to read the filter this way IMHO:
>>>>>
>>>>> return "(&(objectclass=posixaccount)(krbprincipalname=%s))"%\
>>>>> util.get_current_principal()
>>>>
>>>> If you still NACK after the previous comment, I'll do the printf style.
>>>>
>>>>
>>>>>
>>>>> rob
>>>>
>>>
>>> rob
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
> Fixed. Problem was a typo in the filter.
ack
More information about the Freeipa-devel
mailing list