[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-devel] [PATCHES] 0016-17 Fixes for{add, set, del}attr with managed attributes



Petr Viktorin wrote:
On 02/27/2012 11:03 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
Patch 16 defers validation & conversion until after {add,del,set}attr is
processed, so that we don't search for an integer in a list of strings
(this caused ticket #2405), and so that the end result of these
operations is validated (#2407).


Patch 17 makes these options honor params marked no_create and
no_update.


https://fedorahosted.org/freeipa/ticket/2405
https://fedorahosted.org/freeipa/ticket/2407
https://fedorahosted.org/freeipa/ticket/2408

NACK on Patch 17 which breaks patch 16.

How is patch 16 broken? It works for me.

My point is they rely on one another, IMHO, so without 17 the reported problem still exists.


*attr is specifically made to be powerful. We don't want to arbitrarily
block updating certain values.

Noted

Not having patch 17 means that the problem reported in 2408 still
occurs. It should probably check both the schema and the param to
determine if something can have multiple values and reject that way.

I see the problem now: the certificate subject base is defined as a
multi-value attribute in the LDAP schema. If it's changed to
single-value the existing validation should catch it.

Also, most of the config attributes should probably be required in the
schema. Am I right?

I'm a newbie here; what do I need to do when changing the schema? Is
there a patch that does something similar I could use as an example?


The framework should be able to impose its own single-value will as well. If a Param is designated as single-value the *attr should honor it.

Updating schema is a bit of a nasty business right now. See 10-selinuxusermap.update for an example.

rob


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]