On Tue, 2014-09-02 at 13:49 +0200, Petr Vobornik wrote:
> On 28.8.2014 20:14, Nathaniel McCallum wrote:
> > On Tue, 2014-08-19 at 16:46 -0400, Nathaniel McCallum wrote:
> >> Also, remove the attempt to load the objectClasses when absent. This
> >> never makes sense during an add operation.
> >>
> >> https://fedorahosted.org/freeipa/ticket/4455
> >
> > I still need a review for this. We are trying to get this in 4.0.2.
> >
> > Nathaniel
> >
> 
> ACK if comment below doesn't need any change:
> 
> Maybe I'm missing something, but why do we do following check: `if 
> 'objectclass' in entry_attrs:`? Shouldn't it be always True? Since
> the objectclass is set in LDAPCreate.execute. A pre-callback in an third 
> party plugin can remove it, but I don't think we should care.

I also thought that was odd, but I cargo-culted it to retain backwards
compatibility. Attached is a version of the patch which doesn't retain
this. I don't care which gets merged.

Nathaniel

From 258be9ea67b6e06b8dcf775e53eabfe081a91594 Mon Sep 17 00:00:00 2001
From: Nathaniel McCallum <npmccal...@redhat.com>
Date: Tue, 19 Aug 2014 16:32:33 -0400
Subject: [PATCH] Ensure ipaUserAuthTypeClass when needed on user creation

Also, remove the attempt to load the objectClasses when absent. This
never makes sense during an add operation.

https://fedorahosted.org/freeipa/ticket/4455
---
 ipalib/plugins/user.py | 24 +++++++++++-------------
 1 file changed, 11 insertions(+), 13 deletions(-)

diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index f646e85827bba4544f962c36f5f15c2a89cb2d75..454d219725cbb2803ea4f5ead3ba76672f3fd02f 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -780,23 +780,21 @@ class user_add(LDAPCreate):
         if 'manager' in entry_attrs:
             entry_attrs['manager'] = self.obj._normalize_manager(entry_attrs['manager'])
 
-        if ('objectclass' in entry_attrs
-            and 'userclass' in entry_attrs
-            and 'ipauser' not in entry_attrs['objectclass']):
+        if 'userclass' in entry_attrs and \
+           'ipauser' not in entry_attrs['objectclass']:
             entry_attrs['objectclass'].append('ipauser')
 
-        if 'ipatokenradiusconfiglink' in entry_attrs:
-            cl = entry_attrs['ipatokenradiusconfiglink']
-            if cl:
-                if 'objectclass' not in entry_attrs:
-                    _entry = ldap.get_entry(dn, ['objectclass'])
-                    entry_attrs['objectclass'] = _entry['objectclass']
+        if 'ipauserauthtype' in entry_attrs and \
+           'ipauserauthtypeclass' not in entry_attrs['objectclass']:
+            entry_attrs['objectclass'].append('ipauserauthtypeclass')
 
-                if 'ipatokenradiusproxyuser' not in entry_attrs['objectclass']:
-                    entry_attrs['objectclass'].append('ipatokenradiusproxyuser')
+        rcl = entry_attrs.get('ipatokenradiusconfiglink', None)
+        if rcl:
+            if 'ipatokenradiusproxyuser' not in entry_attrs['objectclass']:
+                entry_attrs['objectclass'].append('ipatokenradiusproxyuser')
 
-                answer = self.api.Object['radiusproxy'].get_dn_if_exists(cl)
-                entry_attrs['ipatokenradiusconfiglink'] = answer
+            answer = self.api.Object['radiusproxy'].get_dn_if_exists(rcl)
+            entry_attrs['ipatokenradiusconfiglink'] = answer
 
         return dn
 
-- 
2.1.0

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to