On Tue, 2012-04-03 at 15:22 +0200, Ondrej Hamada wrote: > On 04/03/2012 12:22 PM, Ondrej Hamada wrote: > > https://fedorahosted.org/freeipa/ticket/2447 > > > > Validation of external member was failing for empty strings because > > of > > wrong condition. > > > > > > > > _______________________________________________ > > Freeipa-devel mailing list > > Freeipa-devel@redhat.com > > https://www.redhat.com/mailman/listinfo/freeipa-devel > > Used clearer solution. Thanks to Rob for advice.
ACK for this patch fixing empty --hosts, --users, etc. options. We just need to triage the second issue found during testing - an ability to set invalid external* attribute value with --setattr or --addattr options. I see 2 ways to fix that: 1) Ugly fix: Call a similar precallback in all affected *-mod commands where --addattr or --setattr could be used (netgroup-mod, sudorule-mod, etc.) which would specifically validate external* attribute values. 2) Nice fix: - create a param for external hosts, users to the respective LDAPOobjects - netgroup, sudorule, etc. and implement proper validators for them. These params would not be visible for users or cloned for Commands. Most code from Ondra's original patch 16 could be re-used - update Ondra's precallback to use these params for validation - update --setattr and --addattr param processing to consider also these params that exist only in LDAPObject and not in Command I think it would be OK to just create a ticket for the second issue and close ticket #2447 with Ondra's patch 20-2 as is. The new ticket could be targeted for next release as there are more changes needed, including fixes in --setattr and --addattr processing. I don't think this issue has a high impact, setting external* attribute values via --setattr is not really a standard procedure. Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel