On 10/10/2014 03:12 PM, Petr Vobornik wrote:
On 10.10.2014 10:39, Alexander Bokovoy wrote:

I'm resending patches 0159 and 0160, and adding two more:

0161 -- support user SSH public keys in ID view user overrides
0162 -- support gidNumber in ID view user override

SSH public keys to work require support from SSSD and that one is
currently missing. At least, one add/remove the keys to/from the
override objects.

Compat tree does not support exporting SSH keys. When accessing the tree
anonymously, the entry will be filtered out by ACIs but for
authenticated users we need to explicitly ignore ipaSshPubKey attribute
in the override, so I'm resending updated slapi-nis patch that only
adds one more attribute to filter out.

I'm going to prepare Web UI for, 160, 161, 162.

Q: ipaUserOverride object class contains also 'gecos' attribute. Will it be
handled be CLI and Web UI as well?

Comments for these 3 patches:

1. VERSION was not bumped

Patch 160:
Apart form #1, is OK (not sure if #1 is needed for ACK)

Patch 161:

2. idoverrideuser_show and _find should have post_callback with
convert_sshpubkey_post as well - to be consistent.

3. Add blank line before new methods - both post_callbacks

4. I have created a helper method for adding object classes in patch 761
(currently on review) - add_missing_object_class. Would be nice fit, but also I
don't want to block this patch with mine.

Patch 162:

Is it good to have different CLI option name in this and user plugin for the
same attribute: --gid vs --gidnumber ? That said, it's sad that --gid was not
used in user plugin since the beginning.

Also, we will need to have slapi-nis version in the spec file bumped. I already fired a build of slapi-nis to FreeIPA Copr.


Freeipa-devel mailing list

Reply via email to