On 09/15/2010 09:42 AM, Rob Crittenden wrote:
Adam Young wrote:
On 09/14/2010 05:57 PM, Rob Crittenden wrote:
Adam Young wrote:
admiyo-freeipa-0024-user-whoami.patch broke the user-find, due to a
missing return statement. It has been reverted. Here is the corrected


I think you want to use false for options.get:
if options.get('whoami', False):

Otherwise it will always return the whoami version.

Doesn't seem to be working that way.

If I kinit as kfrog:

ipa user-find pdawn
1 user matched
User login: pdawn
First name: Prairie
Last name: Dawn
Home directory: /home/pdawn
Login shell: /bin/sh
Groups: ipausers, muppets
Number of entries returned 1

[ayo...@ipa ~]$ ipa user-find
7 users matched

You're relying on the fact that the CLI always includes whoami in the options list. If whoami isn't sent it will default to True and return the wrong thing.
Setting it to false does not work:

[r...@ipa ~]# ipa user-find --whoami
0 users matched
Number of entries returned 0

I'm not sure which is most efficient when building a string but it is
easier to read the filter this way IMHO:

return "(&(objectclass=posixaccount)(krbprincipalname=%s))"%\

If you still NACK after the previous comment, I'll do the printf style.



