JR Aquino <jr.aqu...@citrix.com> wrote:
> This patch fixes the netgroup plugin's behavior of adding duplicate entries
> when the managed entry plugin creates a netgroup with a mepManagedEntry
> This problem is documented in ticket:
> https://fedorahosted.org/freeipa/ticket/963
>
> As noted by Endi for issue #3 in the History:
> "3. Just out of curiosity, I tried adding a netgroup with the same name as
> the hostgroup. I expected it to conflict with the managed netgroup, but it
> actually worked. Searching the directory will return 2 netgroups with the
> same name:"
>
> Historically the netgroup plugin had inappropriately defined: rdn_attribute
> = 'ipauniqueid' This caused the ability of duplication with the creation
> of native netgroups using the ipaUniqueId as the DN and as the Managed
> Entry netgroups utilizing the cn as the DN.
>
> Patch includes adjustments for the netgroup plugin and corresponding
> test_netgroup_plugin
>
> Please verify that the items requested in #963 are now complete and please
> confirm that the corresponding tests all pass.
One test fails:
FAIL: test_netgroup[30]: netgroup_remove_member: Remove netgroup u'netgroup2'
from netgroup u'netgroup1'
Command ipa host-show still shows:
Member of netgroups: testhostgroup
Also a little bit of nitpicking, I think the changed code in chunk 2 would
better look something like this:
search_kw = {}
search_kw['objectclass'] = ['mepManagedEntry']
if not options['private']:
local_filter = ldap.make_filter(search_kw, rules=ldap.MATCH_NONE)
else:
local_filter = ldap.make_filter(search_kw, rules=ldap.MATCH_ALL)
filter = ldap.combine_filters((local_filter, filter), rules=ldap.MATCH_ALL)
--
Jan
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
