JR Aquino <jr.aqu...@citrix.com> wrote: > This patch fixes the netgroup plugin's behavior of adding duplicate entries > when the managed entry plugin creates a netgroup with a mepManagedEntry > This problem is documented in ticket: > https://fedorahosted.org/freeipa/ticket/963 > > As noted by Endi for issue #3 in the History: > "3. Just out of curiosity, I tried adding a netgroup with the same name as > the hostgroup. I expected it to conflict with the managed netgroup, but it > actually worked. Searching the directory will return 2 netgroups with the > same name:" > > Historically the netgroup plugin had inappropriately defined: rdn_attribute > = 'ipauniqueid' This caused the ability of duplication with the creation > of native netgroups using the ipaUniqueId as the DN and as the Managed > Entry netgroups utilizing the cn as the DN. > > Patch includes adjustments for the netgroup plugin and corresponding > test_netgroup_plugin > > Please verify that the items requested in #963 are now complete and please > confirm that the corresponding tests all pass.
One test fails: FAIL: test_netgroup[30]: netgroup_remove_member: Remove netgroup u'netgroup2' from netgroup u'netgroup1' Command ipa host-show still shows: Member of netgroups: testhostgroup Also a little bit of nitpicking, I think the changed code in chunk 2 would better look something like this: search_kw = {} search_kw['objectclass'] = ['mepManagedEntry'] if not options['private']: local_filter = ldap.make_filter(search_kw, rules=ldap.MATCH_NONE) else: local_filter = ldap.make_filter(search_kw, rules=ldap.MATCH_ALL) filter = ldap.combine_filters((local_filter, filter), rules=ldap.MATCH_ALL) -- Jan _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel