Dne 23.1.2012 16:24, Martin Kosek napsal(a):
On Mon, 2012-01-23 at 11:14 +0100, Jan Cholasta wrote:
Dne 20.1.2012 21:15, Rob Crittenden napsal(a):
macaddress is a multi-valued attribute and we allow multiple entries.
This is from the objectclass ieee802device. This is added manually when
doing a mod or add and not as a default to support existing host entries
that do not have this objectclass. If this were added to the defaults
then existing hosts missing this objectclass would not be found by
host-find.

It is possible to get ethers data out of nss by configuring
nsswitch.conf to use ldap for ethers and running getent ethers<hostname>

I tested nslcd and it only returned one macaddress value. I don't know
if this is a deficiency in nslcd or expected behavior.

https://fedorahosted.org/freeipa/ticket/1132

rob


@@ -442,6 +448,7 @@ class host_add(LDAPCreate):
               x509.verify_cert_subject(ldap, keys[-1], cert)
               entry_attrs['usercertificate'] = cert
           entry_attrs['managedby'] = dn
+        entry_attrs['objectclass'].append('ieee802device')
           return dn

       def post_callback(self, ldap, dn, entry_attrs, *keys, **options):

Why do you add the objectclass here instead of adding it to host
plugin's object_class attribute?

Honza


As Rob pointed out, old host records without ieee802device objectclass
wouldn't then be matched in host-find command.

Whoops, I have missed that. Anyway, it's good to know that, I might have to fix my SSH patches.


I checked the patch and it looks ok. I have just 3 minor issues:

1) As you didn't specify the param with csv=True its values cannot be
entered in a comma-separated list. I think we can enable this feature
for MAC Address

2) I would fix capitalization of label of macaddress. A second word in a
label is lowercase in other params.

3) I think we may want to implement a normalizer for MAC address which
would make it either lowercase or uppercase so that we provide results
with consistent case.

Martin


Honza

--
Jan Cholasta

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to