Rob Crittenden wrote:
Jakub Hrozek wrote:
On Sat, Feb 19, 2011 at 11:47:45PM -0500, Rob Crittenden wrote:
This creates a new custom attribute, memberofindirect_[plugin].
Using this you can tell the difference between being an actual
memberof another entry and being a memberof as the result if
inheritence. This is particularly useful when trying to remove
members of an entry, you can only remove direct members.

I had to add a couple of short sleep calls to make things work a
little better. The memberof plugin runs as a postop and we have no
way of knowing when it has done its work. If we don't pause we may
show some stale data that memberof hasn't updated yet. .3 seconds is
an arbitrary choice.


I don't know the DS plugin architecture good enough but there's no
callback or anything we can hook to? If the machine swaps or something,
we might get incorrect data with the sleep anyway..

The ticket has an excellent test case for this. Similar tests can be
done for users/groups and hosts/hostgroups.

ticket 966

rob


The testcase is failing for me:
test_group[13]: hostgroup_add: Create u'testhostgroup1' ... FAIL
test_group[14]: hostgroup_add: Create u'testhostgroup2' ... FAIL

It seems that the objectlasses should be updated:
expected = [u'ipaobject', u'ipahostgroup', u'nestedGroup',
u'groupOfNames', u'top']
got = [u'ipaobject', u'ipahostgroup', u'nestedGroup', u'groupOfNames',
u'top', u'mepOriginEntry']

Oh, that's because we create the netgroup now. Strange that I didn't see
that, I just redid my base install on Thursday. I'll update that and
give it another go.

rob

Updated patch

rob

Attachment: freeipa-rcrit-734-2-indirect.patch
Description: application/mbox

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to