Re: [Freeipa-devel] [PATCH] 20 Fix empty external member processing
On Tue, 2012-04-03 at 15:22 +0200, Ondrej Hamada wrote: > On 04/03/2012 12:22 PM, Ondrej Hamada wrote: > > https://fedorahosted.org/freeipa/ticket/2447 > > > > Validation of external member was failing for empty strings because > > of > > wrong condition. > > > > > > > > ___ > > Freeipa-devel mailing list > > Freeipa-devel@redhat.com > > https://www.redhat.com/mailman/listinfo/freeipa-devel > > Used clearer solution. Thanks to Rob for advice. ACK. Pushed to master, ipa-2-2. I just replaced: +if options.get(membertype,False): with +if options.get(membertype): as it was redundant. Validation of externalHost attribute passed via --setattr or --addattr shall be solved in ticket #2649. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 20 Fix empty external member processing
On Tue, 2012-04-03 at 15:22 +0200, Ondrej Hamada wrote: > On 04/03/2012 12:22 PM, Ondrej Hamada wrote: > > https://fedorahosted.org/freeipa/ticket/2447 > > > > Validation of external member was failing for empty strings because > > of > > wrong condition. > > > > > > > > ___ > > Freeipa-devel mailing list > > Freeipa-devel@redhat.com > > https://www.redhat.com/mailman/listinfo/freeipa-devel > > Used clearer solution. Thanks to Rob for advice. ACK for this patch fixing empty --hosts, --users, etc. options. We just need to triage the second issue found during testing - an ability to set invalid external* attribute value with --setattr or --addattr options. I see 2 ways to fix that: 1) Ugly fix: Call a similar precallback in all affected *-mod commands where --addattr or --setattr could be used (netgroup-mod, sudorule-mod, etc.) which would specifically validate external* attribute values. 2) Nice fix: - create a param for external hosts, users to the respective LDAPOobjects - netgroup, sudorule, etc. and implement proper validators for them. These params would not be visible for users or cloned for Commands. Most code from Ondra's original patch 16 could be re-used - update Ondra's precallback to use these params for validation - update --setattr and --addattr param processing to consider also these params that exist only in LDAPObject and not in Command I think it would be OK to just create a ticket for the second issue and close ticket #2447 with Ondra's patch 20-2 as is. The new ticket could be targeted for next release as there are more changes needed, including fixes in --setattr and --addattr processing. I don't think this issue has a high impact, setting external* attribute values via --setattr is not really a standard procedure. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 20 Fix empty external member processing
On 04/03/2012 12:22 PM, Ondrej Hamada wrote: https://fedorahosted.org/freeipa/ticket/2447 Validation of external member was failing for empty strings because of wrong condition. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Used clearer solution. Thanks to Rob for advice. -- Regards, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz IRC: ohamada From 837734d515b72fd10b5284b13acfdcba94deeec1 Mon Sep 17 00:00:00 2001 From: Ondrej Hamada Date: Tue, 3 Apr 2012 15:16:58 +0200 Subject: [PATCH] Fix empty external member processing Validation of external member was failing for empty strings because of wrong condition. https://fedorahosted.org/freeipa/ticket/2447 --- ipalib/plugins/baseldap.py |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 38f369a779adc53454837994bd2bec5b74d3bbd4..11ec16fe10a7ebaf1cd00214f8c6c264952d81d4 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -326,7 +326,7 @@ def add_external_pre_callback(membertype, ldap, dn, keys, options): def validate_host(hostname): validate_hostname(hostname, check_fqdn=False, allow_underscore=True) -if membertype in options: +if options.get(membertype,False): if membertype == 'host': validator = validate_host else: -- 1.7.6.5 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 20 Fix empty external member processing
https://fedorahosted.org/freeipa/ticket/2447 Validation of external member was failing for empty strings because of wrong condition. -- Regards, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz IRC: ohamada From 137c676c6c182f839cbcd9332f9d0f6d8d18b3f0 Mon Sep 17 00:00:00 2001 From: Ondrej Hamada Date: Tue, 3 Apr 2012 12:07:04 +0200 Subject: [PATCH] Fix empty external member processing Validation of external member was failing for empty strings because of wrong condition. https://fedorahosted.org/freeipa/ticket/2447 --- ipalib/plugins/baseldap.py |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 38f369a779adc53454837994bd2bec5b74d3bbd4..1c893018c6452b5979c2c721e325005cb0d676a9 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -326,7 +326,7 @@ def add_external_pre_callback(membertype, ldap, dn, keys, options): def validate_host(hostname): validate_hostname(hostname, check_fqdn=False, allow_underscore=True) -if membertype in options: +if membertype in options and options[membertype]: if membertype == 'host': validator = validate_host else: -- 1.7.6.5 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel