On 05/27/2015 08:41 PM, Drew Erny wrote: > Hey, Freeipa-devel, > > I'm working on ticket #3226 (https://fedorahosted.org/freeipa/ticket/3226) > > I've identified the problem. The sudorules add user command adds the user > validations at the end of it's pre-callback using add_external_pre_callback. > However, the "user" plugin pattern-matches a string for the "uid" param, > because it only allows certain characters. > > I've been picking through the codebase and I think I have enough understanding > to ask this: What if we changed the user "uid" validation to a standalone > "rule" function (you can do that, right? pass in a function as a validation > rule?) that would normally just assert that the pattern matches, but could > have > that pattern matching validation overridden in some cases. I think that's the > easiest, cleanest way to change user so that sudorules and other plugins can > ignore this validation if necessary (I'm trying to figure out exactly how to > implement this without changing any APIs). > > Am I understanding the plugin params API correctly, and can I do this? Is this > the best way to do this? > > The only other solution I see is to write sudorules-specific code in some > plugin-related (either user.py or baseldap.py module, which would create > unwanted coupling. > > Most specifically, this would be a change to the object instantiated at > ipalib/plugins/user.py line 467 > > Thoughts and suggestions?
I think it would make sense to follow the example with validate_hostname and prepare a function validate_username(username, upn=False, netbios_name=False) . where upn would allow using "@." on top of current validator (i.e. u...@domain.test) and netbios_name would allow the "DOMAIN\user" style. I would just suggest making sure the standard user validation error message is still the same to avoid unnecessary QE fail positives. In add_external_pre_callback you could then just simply call validate_username(user, True, True) just like it is already done with hostname. My 2 cents. Martin  https://msdn.microsoft.com/en-us/library/windows/desktop/aa380525(v=vs.85).aspx -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code