On 03/01/2013 10:30 PM, John Dennis wrote:
On 03/01/2013 04:01 PM, John Dennis wrote:
On 03/01/2013 03:17 PM, KodaK wrote:
On Thu, Feb 28, 2013 at 5:01 PM, John Dennis <jden...@redhat.com> wrote:
On 02/28/2013 05:34 PM, KodaK wrote:

BTW, why are you parsing diagnostic output?

I haven't actually started yet, I was just getting my bearings.

I was going to wrap the commands in some scripts so I can do things
like allow an auditor to view the results of an HBAC test without
being able to modify them.  Among other things.  Is there a way to
turn off the diagnostic messages?  They appear to be on by default.

INFO messages are output when the verbose flag is enabled
DEBUG messages are output when the debug flag is enabled

Those flags can either be set in a config file (/etc/ipa/default.conf or
~/.ipa/default.con) or via a command line argument.

If you haven't passed the verbose flag to the command then it must be
set in one of the config files.

Petr Viktorin <pvikt...@redhat.com> recently cleaned up how messages are
managed in the command line tools (I don't think this has made it out
into a public release yet). So there may be changes coming you'll want
to be aware of, perhaps Petr might fill us in on what's different.

I think we had some client tools that forced verbose to be enabled when
it should have respected a command line option and/or config option. I
think that's some of what Petr fixed.

Here is the design document for the work Petr did, HTH


I don't think it's too relevant here. Those changes are mainly for install/management tools, and they're only in ipa-ldap-updater and ipa-replica-prepare commands so far.

As for future changes: no, we don't have any guarantees on diagnostic messages, and I don't think catering to parsers should prevent us from improving them.

Anyway, do you really need to parse debug messages to get HBAC test results? I think I don't understand your use case enough to suggest something better.


Freeipa-users mailing list

Reply via email to