Re: [Freeipa-devel] [PATCH 0251] Fix uniqueness: exclude compat tree from uid uniquness plugin
On 05/21/2015 11:07 AM, thierry bordaz wrote: Enforcing uniqueness for uid attribute prevent to move users to delete users subtree. snip So is this patch ACKed? Sorry, yes the fix is good. ACK master: * 98e4c6d6de130a0e94cd1705acc5418bdbda1eb1 Uid uniqueness: fix: exclude compat tree from uniqueness -- Petr Vobornik -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0251] Fix uniqueness: exclude compat tree from uid uniquness plugin
On 05/20/2015 03:03 PM, Martin Basti wrote: Enforcing uniqueness for uid attribute prevent to move users to delete users subtree. Patch attached. Hello Martin, The fix looks good. Don't we need to do the same in install/share/unique-attributes.ldif for fresh install ? thanks thierry -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0251] Fix uniqueness: exclude compat tree from uid uniquness plugin
On 05/21/2015 11:06 AM, Martin Basti wrote: On 21/05/15 10:59, thierry bordaz wrote: On 05/21/2015 10:53 AM, Martin Basti wrote: On 21/05/15 10:14, thierry bordaz wrote: On 05/20/2015 03:03 PM, Martin Basti wrote: Enforcing uniqueness for uid attribute prevent to move users to delete users subtree. Patch attached. Hello Martin, The fix looks good. Don't we need to do the same in install/share/unique-attributes.ldif for fresh install ? thanks thierry Thanks for review. I don think so. In 10-uniqueness.update files, there are specified default values, which will be used for new installations. I would like to keep configuration of plugin just at one place. Yes that is a good idea. Does that mean that eventually files like unique-attributes.ldif will disappear ? Maybe in future. So is this patch ACKed? Sorry, yes the fix is good. ACK thanks thierry Martin^2 -- Martin Basti -- Martin Basti -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0251] Fix uniqueness: exclude compat tree from uid uniquness plugin
On 21/05/15 10:59, thierry bordaz wrote: On 05/21/2015 10:53 AM, Martin Basti wrote: On 21/05/15 10:14, thierry bordaz wrote: On 05/20/2015 03:03 PM, Martin Basti wrote: Enforcing uniqueness for uid attribute prevent to move users to delete users subtree. Patch attached. Hello Martin, The fix looks good. Don't we need to do the same in install/share/unique-attributes.ldif for fresh install ? thanks thierry Thanks for review. I don think so. In 10-uniqueness.update files, there are specified default values, which will be used for new installations. I would like to keep configuration of plugin just at one place. Yes that is a good idea. Does that mean that eventually files like unique-attributes.ldif will disappear ? Maybe in future. So is this patch ACKed? thanks thierry Martin^2 -- Martin Basti -- Martin Basti -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0251] Fix uniqueness: exclude compat tree from uid uniquness plugin
On 05/21/2015 10:53 AM, Martin Basti wrote: On 21/05/15 10:14, thierry bordaz wrote: On 05/20/2015 03:03 PM, Martin Basti wrote: Enforcing uniqueness for uid attribute prevent to move users to delete users subtree. Patch attached. Hello Martin, The fix looks good. Don't we need to do the same in install/share/unique-attributes.ldif for fresh install ? thanks thierry Thanks for review. I don think so. In 10-uniqueness.update files, there are specified default values, which will be used for new installations. I would like to keep configuration of plugin just at one place. Yes that is a good idea. Does that mean that eventually files like unique-attributes.ldif will disappear ? thanks thierry Martin^2 -- Martin Basti -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [PATCH 0251] Fix uniqueness: exclude compat tree from uid uniquness plugin
Enforcing uniqueness for uid attribute prevent to move users to delete users subtree. Patch attached. -- Martin Basti From 1445d6adaae9844c6f7f51e46e357dc9bfd8741b Mon Sep 17 00:00:00 2001 From: Martin Basti mba...@redhat.com Date: Wed, 20 May 2015 14:51:09 +0200 Subject: [PATCH] Uid uniqueness: fix: exclude compat tree from uniqueness Without this commit it is not possible to move user to staged area. --- install/updates/10-uniqueness.update | 2 ++ 1 file changed, 2 insertions(+) diff --git a/install/updates/10-uniqueness.update b/install/updates/10-uniqueness.update index dd8ec3a752f857cecc4e1b71cc3893a7497c4338..050bfd55ec2e6a09c44700ae40757ee1d72c136f 100644 --- a/install/updates/10-uniqueness.update +++ b/install/updates/10-uniqueness.update @@ -60,6 +60,7 @@ default:nsslapd-pluginType: preoperation default:nsslapd-pluginEnabled: on default:uniqueness-attribute-name: uid default:uniqueness-subtrees: $SUFFIX +default:uniqueness-exclude-subtrees: cn=compat,$SUFFIX default:uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,$SUFFIX default:uniqueness-across-all-subtrees: on default:uniqueness-subtree-entries-oc: posixAccount @@ -71,6 +72,7 @@ default:nsslapd-pluginDescription: Enforce unique attribute values # uid uniqueness scopes Active/Delete containers dn: cn=uid uniqueness,cn=plugins,cn=config +add:uniqueness-exclude-subtrees: cn=compat,$SUFFIX add:uniqueness-exclude-subtrees: cn=staged users,cn=accounts,cn=provisioning,$SUFFIX remove:uniqueness-across-all-subtrees: off add:uniqueness-across-all-subtrees: on -- 2.1.0 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code