On 11/01/2013 03:26 PM, Petr Viktorin wrote: > On 09/13/2013 06:44 PM, Petr Viktorin wrote: >> On 08/01/2013 04:52 PM, Petr Viktorin wrote: >>> Hello, >>> With these patches, schema updates will be based on the ldif files we >>> use for installation. >>> >>> https://fedorahosted.org/freeipa/ticket/3454 >>> >>> This is a RFE, here is the design doc: >>> http://www.freeipa.org/page/V3/Improved_schema_updater >>> >> >> I found and filed a bug in python-ldap[0]: it sometimes ignores parts of >> schema LDIFs when parsing them. >> Patch 0275 works around the bug. Please apply on top of 0258-0265 (they >> still apply cleanly). >> >> >> [0] https://bugzilla.redhat.com/show_bug.cgi?id=1007820 >> > > The recent ipaldap patches resulted in a small conflict. Attaching rebased > patches. > > > > _______________________________________________ > Freeipa-devel mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-devel
I have tested the patches and overall they seem to work fine. Some questions/comments are below. Patch 258: You catch `ldap.LOCAL_ERROR` in the `connect()` function, which is called from `__init__()`, so no need to catch it again in `__init__()`. Patch 259: ACK Patch 260: > # Usually the modlist order does not matter. > # However, for schema updates, we want 'attributetypes' before > # 'objectclasses'. > # A simple sort will ensure this. > modlist.sort() Since `modlist` is a list of tuples, it is sorted by the first elements in the tuples, then by the seconds elements, etc. Which means the resulting list will be sorted by the modification type first (`MOD_ADD`, `MOD_DELETE`, etc), and by `attributetypes`/`objectclasses` second. Was this the desired effect? Patch 261: Man page updates look good, but several options in the man page have 3 dashes in the long form instead of 2. I have attached a mini-patch that fixes this along with a couple of typos in the man page. Feel free to squash it to your patch 261. Patch 262: Whitespace warnings. In `60-trusts.update` there are still some `replace:attributeTypes:` lines. Can those be removed safely? Patch 263: + if not force_replace: + modlist.append((ldap.MOD_DELETE, key, removes)) + elif new_values == []: # delete an empty value + modlist.append((ldap.MOD_DELETE, key, removes)) can be combined into one: + if not force_replace or not new_values: + modlist.append((ldap.MOD_DELETE, key, removes)) Patch 264: ACK Patch 265: ACK Patch 275: ACK -- Regards, Ana Krivokapic Associate Software Engineer FreeIPA team Red Hat Inc.
From 217dcf77de67150e255a9abde07ea080168ac311 Mon Sep 17 00:00:00 2001 From: Ana Krivokapic <[email protected]> Date: Wed, 6 Nov 2013 18:33:33 +0100 Subject: [PATCH] ipa-ldap-updater man page fixes --- install/tools/man/ipa-ldap-updater.1 | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/install/tools/man/ipa-ldap-updater.1 b/install/tools/man/ipa-ldap-updater.1 index c79721f1925f4c52ef4b41da7a540e9f0a8d5743..79cc316501512879fa39ba4c15fd898b976eb25e 100644 --- a/install/tools/man/ipa-ldap-updater.1 +++ b/install/tools/man/ipa-ldap-updater.1 @@ -47,7 +47,7 @@ Values is a comma\-separated field so multi\-values may be added at one time. Do The difference between the default and add keywords is if the DN of the entry exists then default is ignored. So for updating something like schema, which will be under cn=schema, you must always use add (because cn=schema is guaranteed to exist). It will not re\-add the same information again and again. -It alsos provide some things that can be templated such as architecture (for plugin paths), realm and domain name. +It also provides some things that can be templated such as architecture (for plugin paths), realm and domain name. The available template variables are: @@ -63,8 +63,8 @@ A few rules: 1. Only one rule per line 2. Each line stands alone (e.g. an only followed by an only results in the last only being used) - 3. adding a value that exists is ok. The request is ignored, duplicate values are not added - 4. removing a value that doesn't exist is ok. It is simply ignored. + 3. Adding a value that exists is ok. The request is ignored, duplicate values are not added + 4. Removing a value that doesn't exist is ok. It is simply ignored. 5. If a DN doesn't exist it is created from the 'default' entry and all updates are applied 6. If a DN does exist the default values are skipped 7. Only the first rule on a line is respected @@ -90,19 +90,19 @@ File containing the Directory Manager password \fB\-l\fR, \fB\-\-ldapi\fR Connect to the LDAP server using the ldapi socket .TP -\fB\-p\fR, \fB\-\-\-plugins\fR +\fB\-p\fR, \fB\-\-plugins\fR Execute update plugins as well as any update files. There is no way to execute only the plugins. .TP -\fB\-u\fR, \fB\-\-\-upgrade\fR +\fB\-u\fR, \fB\-\-upgrade\fR Upgrade an installed server in offline mode (implies \-\-ldapi, \-\-plugins, and \-\-schema) .TP -\fB\-W\fR, \fB\-\-\-password\fR +\fB\-W\fR, \fB\-\-password\fR Prompt for the Directory Manager password .TP -\fB\-s\fR, \fB\-\-\-schema\fR +\fB\-s\fR, \fB\-\-schema\fR Also update the LDAP schema. If no \-\-schema-file is specified, update to the built-in IPA schema. .TP -\fB\-S\fR, \fB\-\-\-schema\-file\fR +\fB\-S\fR, \fB\-\-schema\-file\fR Specify a schema file. May be used multiple times. Implies \-\-schema. .SH "EXIT STATUS" 0 if the command was successful -- 1.8.3.1
_______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
