[Freeipa-devel] [PATCH] 0002 User Life Cycle: Exclude subtree for ipaUniqueID generation

Fri, 08 Aug 2014 03:16:30 -0700 

Hi,
The attached patch is the second patch related to 'User Life Cycle' (https://fedorahosted.org/freeipa/ticket/3813) 


It allows to prevent IPA UUID DS plugin to generate ipaUniqueID for 
'Stage' users 
(http://www.freeipa.org/page/V4/User_Life-Cycle_Management#IPA_UUID_plugin)


Thanks
thierry

From 1a93acc98fdd584514d65751a7058b6395d58494 Mon Sep 17 00:00:00 2001
From: "Thierry bordaz (tbordaz)" <tbor...@redhat.com>
Date: Fri, 8 Aug 2014 09:37:23 +0200
Subject: [PATCH] User Life Cycle: Exclude subtree for ipaUniqueID generation

Bug Description:
	IPA UUID should not generate ipaUniqueID for entries under 'cn=provisioning,SUFFIX'

Fix Description:
	Add in the configuration the ability to set (optional) 'ipaUuidExcludeSubtree'

Reviewed by: ?

Platforms tested: F20

Flag Day: no

Doc impact: no

https://fedorahosted.org/freeipa/ticket/3813
---
 daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
index 2b07de45b63dab36a0b7167e3583e88ebd07f6f7..9a1eaede84426397387ef66e80b22b6e8dea88ed 100644
--- a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
+++ b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
@@ -64,6 +64,7 @@
 #define IPAUUID_GENERATE         "ipaUuidMagicRegen"
 #define IPAUUID_FILTER           "ipaUuidFilter"
 #define IPAUUID_SCOPE            "ipaUuidScope"
+#define IPAUUID_EXCLUDE_SUBTREE  "ipaUuidExcludeSubtree"
 #define IPAUUID_ENFORCE          "ipaUuidEnforce"
 
 #define IPAUUID_FEATURE_DESC      "IPA UUID"
@@ -91,6 +92,7 @@ struct configEntry {
     Slapi_Filter *slapi_filter;
     char *generate;
     char *scope;
+    char *exclude_subtree;
     bool enforce;
 };
 
@@ -536,6 +538,10 @@ ipauuid_parse_config_entry(Slapi_Entry * e, bool apply)
         goto bail;
     }
     LOG_CONFIG("----------> %s [%s]\n", IPAUUID_SCOPE, entry->scope);
+    
+    value = slapi_entry_attr_get_charptr(e, IPAUUID_EXCLUDE_SUBTREE);
+    entry->exclude_subtree = value;
+    LOG_CONFIG("----------> %s [%s]\n", IPAUUID_EXCLUDE_SUBTREE, entry->exclude_subtree);
 
     entry->enforce = slapi_entry_attr_get_bool(e, IPAUUID_ENFORCE);
     LOG_CONFIG("----------> %s [%s]\n",
@@ -639,6 +645,10 @@ ipauuid_free_config_entry(struct configEntry **entry)
     if (e->scope) {
         slapi_ch_free_string(&e->scope);
     }
+    
+    if (e->exclude_subtree) {
+        slapi_ch_free_string(&e->exclude_subtree);
+    }
 
     slapi_ch_free((void **)entry);
 }
@@ -917,6 +927,12 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
                 continue;
             }
         }
+        
+        if (cfgentry->exclude_subtree) {
+                if (slapi_dn_issuffix(dn, cfgentry->exclude_subtree)) {
+                        continue;
+                }
+        }
 
         /* does the entry match the filter? */
         if (cfgentry->slapi_filter) {
-- 
1.7.11.7


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel













    











					Reply via email to