[Freeipa-devel] [PATCH] 0022 Use ipauniqueid for the RDN of sudo commands
Martin Kosek
mkosek at redhat.com
Mon Mar 12 12:26:57 UTC 2012
On Thu, 2012-03-08 at 16:57 +0100, Petr Viktorin wrote:
> Since sudo commands are case-sensitive, we can't use the CN as the RDN.
> With this patch, the UUID is used instead.
> It seems like a too easy fix. What am I missing?
>
> As far as I understand, the fact that the DN has a different structure
> now shouldn't cause problems, even if there still are commands created
> by old IPA versions.
> For testing, use an unpatched version to create a few of these.
>
> The sudo commands are no longer sorted in sudocmd-find output. Doing
> that would require the ability to use an arbitrary attribute as sort
> key. Should I file an issue for that?
I don't think that's necessary. We sort by LDAP object's primary key and
since new SUDO commands still have sudocmd as its primary key, the
sorting should just work (at least it does for me).
>
> Tests for the case sensitivity are included.
>
> https://fedorahosted.org/freeipa/ticket/2482
This works pretty fine. Both my old client tests and sudoers compat tree
tests looks good. So, cautious ACK from me.
Martin
More information about the Freeipa-devel
mailing list