[Freeipa-devel] [PATCH] 361 ipa-adtrust-install should ask for SID generation

[Alexander Bokovoy]

On Thu, 31 Jan 2013, Martin Kosek wrote:
>On 01/31/2013 04:29 PM, Alexander Bokovoy wrote:
>> On Thu, 31 Jan 2013, Martin Kosek wrote:
>>> When ipa-adtrust-install is run, check if there are any objects
>>> that need to have SID generated. If yes, interactively ask the user
>>> if the sidgen task should be run.
>>>
>>> https://fedorahosted.org/freeipa/ticket/3195
>>
>...
>> I would still run this check in options.unattended mode and reported
>> warning, for accounting purposes.
>>
>> Could you please make so?
>>
>
>Sure! Updated patch attached.
Thanks! I have only small addition:

>+            object_count = len(entries)
>+            if object_count > 0:
>+                print ""
>+                print "WARNING: %d existing users or groups do not have a SID identifier assigned." \
>+                    % len(entries)
>+                print "Installer can run a task to have ipa-sidgen Directory Server plugin generate"
>+                print "the SID identifier for all these users. Please note, the in case of a high"
>+                print "number of users and groups, the operation might lead to high replication"
>+                print "traffic and performance degradation. Refer to ipa-adtrust-install(1) man page"
>+                print "for details."
>+                print ""
>+                if not options.unattended:
>+                    if ipautil.user_input("Do you want to run the ipa-sidgen task?", default=False,
>+                        allow_empty=False):
>+                        options.add_sids = True
... to make the text of warning consistent it would be good to add
+                 else:
+                     print "Unattended mode was selected, installer will *not* run ipa-sidgen task!"

-- 
/ Alexander Bokovoy