[Freeipa-devel] [PATCHES] 0558-0561 Read ACI fixes
Martin Kosek
mkosek at redhat.com
Thu May 29 08:03:34 UTC 2014
On 05/28/2014 03:40 PM, Petr Viktorin wrote:
> Hello,
> Some of IPA plugins assume that everyone has access to everything. Here are
> some fixes for that.
>
> Patch 0560 adds a new permission for the UPG Definition, which is required to
> add users correctly.
558:
Crash is now removed, though I am thinking that the output may be confusing for
users as there is no output:
# ipa krbtpolicy-show
# echo $?
0
I need to use --all to see anything:
# ipa krbtpolicy-show --all
dn: cn=MKOSEK-FEDORA20.TEST,cn=kerberos,dc=mkosek-fedora20,dc=test
cn: MKOSEK-FEDORA20.TEST
objectclass: krbrealmcontainer, top, krbticketpolicyaux
Would it make sense to raise ACIError if user cannot any Kerberos policy
attributes?
559: ACK
560: ACK
561:
functionally works fine, tested with migrate-ds. When looking at the code,
would it make sense to replace this section:
+ disable_attr = '(objectclass=disable)'
+ org_filter = upg_entries[0].single_value['originfilter']
+ return not re.search(r'%s' % disable_attr, org_filter)
with
+ origin_filter = upg_entries[0].single_value['originfilter']
+ return '(objectclass=disable)' not in origin_filter
I am not sure why RE is used in this case at all.
Martin
More information about the Freeipa-devel
mailing list