On 10/26/2010 11:21 PM, Simo Sorce wrote:
So, I have been working on this ipa_uuid plugin as of late and one of
the last tasks was to let it modify the RDN if ipaUniqueID is part of
the DN of an entry we want to create.

dn: ipauniqueid=autogenerate,cn=hbac,dc=...
cn: foo rule
hbactype: allow

'autogenerate' is the magic value that makes the ipa_uuid plugin
generate a uuid and set it on the entry.

The problem is that LDAPCreate, after adding the entry will try to
search it back immediately using the DN we passed in. This search will
fail as the DN that is stored in LDAP is different (it has the
generated uuid instead of 'autogenerate').

So ideas on how to gracefully handle this are welcome.

I discussed of 2 with Rob on IRC but we'd like more inputs (Pavel, that
would be directed at you :-).

1. Ignore the error in calls that pass in a DN containing ipauniqueid
as the RDN and perform a new search.

2. modify LDAPCreate so that we can pass in a filter. If the caller
passes in a filter we use that instead of the DN to search the entry


I'm not up to speed on this code. Why do a find right  after create?

