On Fri, 23 May 2014, Jan Cholasta wrote:
On 22.5.2014 16:21, Nathaniel McCallum wrote:
I still need a review on this.

On Wed, 2014-05-07 at 10:06 -0400, Nathaniel McCallum wrote:
On Wed, 2014-05-07 at 15:54 +0200, Petr Vobornik wrote:
On 6.5.2014 17:07, Nathaniel McCallum wrote:
On Tue, 2014-05-06 at 16:11 +0200, Jan Cholasta wrote:
On 6.5.2014 15:16, Nathaniel McCallum wrote:
On Tue, 2014-05-06 at 13:46 +0200, Jan Cholasta wrote:
Hi,

On 5.5.2014 18:40, Nathaniel McCallum wrote:
Creating tokens for yourself is the most common operation. Making this
the default optimizes for the common case.

The user-find call should be inside the if statement.

This is actually for a reason. See my patch 0049 for further context.

IMO something like this would be better:

      if 'ipatokenowner' not in entry_attrs or 'ipatokenprotected' not in
entry_attrs:
          result = self.api.Command.user_find(whoami=True)['result']
          if result:
              cur_uid = result[0]['uid'][0]
              prev_uid = entry_attrs.setdefault('ipatokenowner', cur_uid)
              if cur_uid != prev_uid:
                  entry_attrs.setdefault('ipatokenprotected', True)

Fixed (see also my new revision of patch 0049).

Nathaniel


I assume that this won't allow to create a token without an owner. Do we
want to have this restriction?

Usecase: import a batch of hw tokens

This case is currently very much on my radar (I'm finishing the import
script now). To set no owner, just use --owner="". We are testing for
key presence here, not the value of the key. So if the key is present
with an empty value, no owner will be set.

FYI, the import format (RFC 6030) also permits a mechanism for declaring
ownership in DN format.

Nathaniel

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


ACK.

Pushed to master
* db7d0219bac72daa270ee28d5db5c18ea41fb8b1 Default the token owner to the 
person adding the token


--
/ Alexander Bokovoy

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to