On Wed, 2012-02-08 at 08:22 -0500, Rob Crittenden wrote:
> Martin Kosek wrote:
> > On Tue, 2012-02-07 at 16:31 -0500, Rob Crittenden wrote:
> >> Petr Viktorin wrote:
> >>> On 02/07/2012 01:52 PM, Petr Viktorin wrote:
> >>>> Honor the default home directory base when creating a new user. Test
> >>>> included. I also cleaned up the way home directory was created.
> >>>>
> >>>> This patch removes the default from the --homedirectory option, letting
> >>>> the server fill it in pre_callback. If I'm reading this correctly,
> >>>> default_from and create_default run on the client-side, so they can't
> >>>> get to the config without round-tripping to the server.
> >>>>
> >>>> https://fedorahosted.org/freeipa/ticket/2332
> >>>>
> >>>> Also, I've cleaned up the home directory generation to use
> >>>> posixpath.join instead of '%s/%s' and ad-hoc cleanup. This should be
> >>>> more robust. (It will also behave differently if the username starts
> >>>> with '/' or maybe similar cases of the user asking for trouble.)
> >>>>
> >>>> A question: Do we want to use posixpath here, or os.path? Put another
> >>>> way, should the home directories separated by '\' if the server runs on
> >>>> Windows?
> >>>>
> >>>>
> >>>> _______________________________________________
> >>>> Freeipa-devel mailing list
> >>>> Freeipa-devel@redhat.com
> >>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> >>>
> >>> Martin told me I need to make two changes: remove autofill along with
> >>> default_from, and since I have touched the API, update API.txt.
> >>>
> >>> Attaching the updated patch.
> >>
> >> This works well. I noticed that the default shell has the same problem.
> >>
> >> I wonder if we should roll that similar change in or open a separate 
> >> ticket.
> >>
> >> rob
> >
> > Hm, default shell works for me:
> >
> > # ipa config-mod --defaultshell=/bin/bash
> > # ipa user-add --first=Foo --last=Bar fbar2
> > ------------------
> > Added user "fbar2"
> > ------------------
> >    User login: fbar2
> >    First name: Foo
> >    Last name: Bar
> >    Full name: Foo Bar
> >    Display name: Foo Bar
> >    Initials: FB
> >    Home directory: /home/fbar2
> >    GECOS field: Foo Bar
> >    Login shell: /bin/bash<<<<  config is honored
> >    Kerberos principal: fb...@idm.lab.bos.redhat.com
> >    UID: 480800097
> >    GID: 480800097
> >    Password: False
> >    Member of groups: ipausers
> >    Kerberos keys available: False
> 
> Odd, I did exactly the same thing and got the wrong shell.
> 
> > Oh, one more thing that came up to my mind when testing config plugin.
> > Rob, why do we have config params as optional? We don't expect that the
> > config attribute is missing in LDAP and IPA crashes in such cases (as in
> > ticket 2159). IMO they should all be required.
> 
> So that on a mod you don't have to provide all values. I think we need a 
> non-empty option.
> 
> rob

mod operation does not require all required options to be passed. You
can simply update just one (required) attribute, it just must not be set
to None - which is exactly what we want:

# ipa config-mod --searchrecordslimit=
ipa: ERROR: 'ipasearchrecordslimit' is required
# ipa config-mod --searchrecordslimit=150
  Maximum username length: 32
  Home directory base: /home
  Default shell: /bin/bash
  Default users group: ipausers
  Default e-mail domain: idm.lab.bos.redhat.com
  Search time limit: 2
  Search size limit: 150
  User search fields: uid,givenname,sn,telephonenumber,ou,title
  Group search fields: cn,description
  Enable migration mode: FALSE
  Certificate Subject base: O=IDM.LAB.BOS.REDHAT.COM
  Password Expiration Notification (days): 4
  SELinux user map order: guest_u:s0$xguest_u:s0$user_u:s0-s0:c0.c1023
$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023
  Default SELinux user: guest_u:s0

You can verify it with the attached testing patch. If you agree, I will
create a new ticket to do this change and send a proper official patch
for that.

Martin
diff --git a/ipalib/plugins/config.py b/ipalib/plugins/config.py
index 0c238ac..85b975f 100644
--- a/ipalib/plugins/config.py
+++ b/ipalib/plugins/config.py
@@ -96,93 +96,93 @@ class config(LDAPObject):
     label_singular = _('Configuration')
 
     takes_params = (
-        Int('ipamaxusernamelength?',
+        Int('ipamaxusernamelength',
             cli_name='maxusername',
             label=_('Maximum username length'),
             minvalue=1,
         ),
-        IA5Str('ipahomesrootdir?',
+        IA5Str('ipahomesrootdir',
             cli_name='homedirectory',
             label=_('Home directory base'),
             doc=_('Default location of home directories'),
         ),
-        Str('ipadefaultloginshell?',
+        Str('ipadefaultloginshell',
             cli_name='defaultshell',
             label=_('Default shell'),
             doc=_('Default shell for new users'),
         ),
-        Str('ipadefaultprimarygroup?',
+        Str('ipadefaultprimarygroup',
             cli_name='defaultgroup',
             label=_('Default users group'),
             doc=_('Default group for new users'),
         ),
-        Str('ipadefaultemaildomain?',
+        Str('ipadefaultemaildomain',
             cli_name='emaildomain',
             label=_('Default e-mail domain'),
             doc=_('Default e-mail domain'),
         ),
-        Int('ipasearchtimelimit?', validate_searchtimelimit,
+        Int('ipasearchtimelimit', validate_searchtimelimit,
             cli_name='searchtimelimit',
             label=_('Search time limit'),
             doc=_('Maximum amount of time (seconds) for a search (> 0, or -1 for unlimited)'),
             minvalue=-1,
         ),
-        Int('ipasearchrecordslimit?',
+        Int('ipasearchrecordslimit',
             cli_name='searchrecordslimit',
             label=_('Search size limit'),
             doc=_('Maximum number of records to search (-1 is unlimited)'),
             minvalue=-1,
         ),
-        IA5Str('ipausersearchfields?',
+        IA5Str('ipausersearchfields',
             cli_name='usersearch',
             label=_('User search fields'),
             doc=_('A comma-separated list of fields to search in when searching for users'),
         ),
-        IA5Str('ipagroupsearchfields?',
+        IA5Str('ipagroupsearchfields',
             cli_name='groupsearch',
             label='Group search fields',
             doc=_('A comma-separated list of fields to search in when searching for groups'),
         ),
-        Bool('ipamigrationenabled?',
+        Bool('ipamigrationenabled',
             cli_name='enable_migration',
             label=_('Enable migration mode'),
             doc=_('Enable migration mode'),
         ),
-        Str('ipacertificatesubjectbase?',
+        Str('ipacertificatesubjectbase',
             cli_name='subject',
             label=_('Certificate Subject base'),
             doc=_('Base for certificate subjects (OU=Test,O=Example)'),
             flags=['no_update'],
         ),
-        Str('ipagroupobjectclasses*',
+        Str('ipagroupobjectclasses+',
             cli_name='groupobjectclasses',
             label=_('Default group objectclasses'),
             doc=_('Default group objectclasses (comma-separated list)'),
             csv=True,
         ),
-        Str('ipauserobjectclasses*',
+        Str('ipauserobjectclasses+',
             cli_name='userobjectclasses',
             label=_('Default user objectclasses'),
             doc=_('Default user objectclasses (comma-separated list)'),
             csv=True,
         ),
-        Int('ipapwdexpadvnotify?',
+        Int('ipapwdexpadvnotify',
             cli_name='pwdexpnotify',
             label=_('Password Expiration Notification (days)'),
             doc=_('Number of days\'s notice of impending password expiration'),
             minvalue=0,
         ),
-        Str('ipaconfigstring?',
+        Str('ipaconfigstring',
             cli_name='ipaconfigstring',
             label=_('Password plugin features'),
             doc=_('Extra hashes to generate in password plug-in'),
             flags=['no_update'],
         ),
-        Str('ipaselinuxusermaporder?',
+        Str('ipaselinuxusermaporder',
             label=_('SELinux user map order'),
             doc=_('Order in increasing priority of SELinux users, delimited by $'),
         ),
-        Str('ipaselinuxusermapdefault?',
+        Str('ipaselinuxusermapdefault',
             label=_('Default SELinux user'),
             doc=_('Default SELinux user when no match is found in SELinux map rule'),
         ),
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to