[Freeipa-devel] [PATCH] 142 Improve default user/group object class validation
Alexander Bokovoy
abokovoy at redhat.com
Tue Oct 11 09:01:22 UTC 2011
On Tue, 11 Oct 2011, Martin Kosek wrote:
> @@ -212,6 +216,24 @@ class config_mod(LDAPUpdate):
> raise errors.ValidationError(
> name=k, error='attribute "%s" not allowed' % a
> )
Could you please also (in a separate patch) fix the above and others
by adding translations? Other exception messages in
plugins/config.py are designed to be used for user interactions but
this one is not localized.
> +
> + for (attr, obj) in (('ipauserobjectclasses', 'user'),
> + ('ipagroupobjectclasses', 'group')):
> + if attr in entry_attrs:
> + objectclasses = entry_attrs[attr] + self.api.Object[obj].possible_objectclasses
would it make sense to do sort(set(objectclasses)) to get unique list
before using it further? Just a thought. get_allowed_attributes() will
go to LDAP's schema to consult about the attributes and it seems to me
we'd better not to do this multiple times for the same.
> + new_allowed_attrs = ldap.get_allowed_attributes(objectclasses,
> + raise_on_unknown=True)
> + checked_attrs = self.api.Object[obj].default_attributes
> + if self.api.Object[obj].uuid_attribute:
> + checked_attrs.append(self.api.Object[obj].uuid_attribute)
> + for obj_attr in self.api.Object[obj].default_attributes:
Shouldn't this be checked_attrs?
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list