Re: [Freeipa-devel] Re: [PATCH] Add --all to LDAPCreate and make LDAP commands always display default attributes.
Rob Crittenden wrote:
Pavel Zuna wrote:
Rob Crittenden wrote:
Pavel Zuna wrote:
And here's the actual patch. :)
Pavel Zuna wrote:
This should fix the issue:
Rob Crittenden wrote:
Michael Gregg wrote:
Rob, did the support for posix groups change?
If I create a group specifying "--posix" the cli does create the
group.
Then, using ipa group-find, I do not see any way to determine if
that group is a posixgroup or not.
group-find -all used to reveal a PosixGroup field.
How do I determine if a group is a posix group or not?
Michael-
Ok, I suppose I could have looked at this before firing off an
e-mail :-)
I do see the group number when showing a group:
$ ./ipa group-show g9
---
group-show:
---
Group: g9
name: g9
description: test posix group
group id: 1117
But when adding it this doesn't appear. Oddly enough we show the
ipquniqueid when adding a group but not when showing it!
Pavel, do you have time to investigate this inconsistency?
rob
Pavel
I'm not sure how this addresses the issue that when adding a group
different values are returned than when you show one.
When an entry is created, we show the default attributes and all
attributes that were created explicitly. Before this patch, it was
just all attributes, that were created explicitly, so for example gid
didn't show up on groups, because it was created by the DNA plugin.
When showing an entry, we return the default attributes.
Should I change LDAPCreate to only return default attributes?
No. I understand the problem now. I think in earlier versions we were
actually doing a lookup of the entry after creation and returning that.
This would resolve the problem.
We're still doing it the same way. Add, then lookup the entry we just created,
but when we lookup an entry, we have to specify a list of attributes we are
interested in.
Currently:
In *-show, we request LDAPObject.default_attributes.
In *-add, we request LDAPObject.default_attributes + attributes passed to
add_entry.
Or all attributes in both, if --all was present.
This also causes a whole ton of tests to fail. I think in baseldap.oy
instead of:
if options['all']:
You want:
if options.get('all', False):
Some of the tests were failing before this patch. I submitted a fix
for most of them.
if options['all'] is fine, because --all is a Flag parameters and is
required.
The service plugin overrides takes_options() in some cases, hence no
'all. Probably something to fix but we still should handle this case
(all not in options).
Okey, I'll go the fail-safe way and assume 'all' might not be there.
takes_options in the service plugin need fixing.
rob
Pavel
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] Re: [PATCH] Add --all to LDAPCreate and make LDAP commands always display default attributes.
Pavel Zuna wrote:
Rob Crittenden wrote:
Pavel Zuna wrote:
And here's the actual patch. :)
Pavel Zuna wrote:
This should fix the issue:
Rob Crittenden wrote:
Michael Gregg wrote:
Rob, did the support for posix groups change?
If I create a group specifying "--posix" the cli does create the
group.
Then, using ipa group-find, I do not see any way to determine if
that group is a posixgroup or not.
group-find -all used to reveal a PosixGroup field.
How do I determine if a group is a posix group or not?
Michael-
Ok, I suppose I could have looked at this before firing off an
e-mail :-)
I do see the group number when showing a group:
$ ./ipa group-show g9
---
group-show:
---
Group: g9
name: g9
description: test posix group
group id: 1117
But when adding it this doesn't appear. Oddly enough we show the
ipquniqueid when adding a group but not when showing it!
Pavel, do you have time to investigate this inconsistency?
rob
Pavel
I'm not sure how this addresses the issue that when adding a group
different values are returned than when you show one.
When an entry is created, we show the default attributes and all
attributes that were created explicitly. Before this patch, it was just
all attributes, that were created explicitly, so for example gid didn't
show up on groups, because it was created by the DNA plugin.
When showing an entry, we return the default attributes.
Should I change LDAPCreate to only return default attributes?
No. I understand the problem now. I think in earlier versions we were
actually doing a lookup of the entry after creation and returning that.
This would resolve the problem.
This also causes a whole ton of tests to fail. I think in baseldap.oy
instead of:
if options['all']:
You want:
if options.get('all', False):
Some of the tests were failing before this patch. I submitted a fix for
most of them.
if options['all'] is fine, because --all is a Flag parameters and is
required.
The service plugin overrides takes_options() in some cases, hence no
'all. Probably something to fix but we still should handle this case
(all not in options).
rob
smime.p7s
Description: S/MIME Cryptographic Signature
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] Re: [PATCH] Add --all to LDAPCreate and make LDAP commands always display default attributes.
Rob Crittenden wrote:
Pavel Zuna wrote:
And here's the actual patch. :)
Pavel Zuna wrote:
This should fix the issue:
Rob Crittenden wrote:
Michael Gregg wrote:
Rob, did the support for posix groups change?
If I create a group specifying "--posix" the cli does create the
group.
Then, using ipa group-find, I do not see any way to determine if
that group is a posixgroup or not.
group-find -all used to reveal a PosixGroup field.
How do I determine if a group is a posix group or not?
Michael-
Ok, I suppose I could have looked at this before firing off an
e-mail :-)
I do see the group number when showing a group:
$ ./ipa group-show g9
---
group-show:
---
Group: g9
name: g9
description: test posix group
group id: 1117
But when adding it this doesn't appear. Oddly enough we show the
ipquniqueid when adding a group but not when showing it!
Pavel, do you have time to investigate this inconsistency?
rob
Pavel
I'm not sure how this addresses the issue that when adding a group
different values are returned than when you show one.
When an entry is created, we show the default attributes and all attributes that
were created explicitly. Before this patch, it was just all attributes, that
were created explicitly, so for example gid didn't show up on groups, because it
was created by the DNA plugin.
When showing an entry, we return the default attributes.
Should I change LDAPCreate to only return default attributes?
This also causes a whole ton of tests to fail. I think in baseldap.oy
instead of:
if options['all']:
You want:
if options.get('all', False):
Some of the tests were failing before this patch. I submitted a fix for most of
them.
if options['all'] is fine, because --all is a Flag parameters and is required.
rob
Pavel
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] Re: [PATCH] Add --all to LDAPCreate and make LDAP commands always display default attributes.
Pavel Zuna wrote:
And here's the actual patch. :)
Pavel Zuna wrote:
This should fix the issue:
Rob Crittenden wrote:
Michael Gregg wrote:
Rob, did the support for posix groups change?
If I create a group specifying "--posix" the cli does create the group.
Then, using ipa group-find, I do not see any way to determine if
that group is a posixgroup or not.
group-find -all used to reveal a PosixGroup field.
How do I determine if a group is a posix group or not?
Michael-
Ok, I suppose I could have looked at this before firing off an e-mail
:-)
I do see the group number when showing a group:
$ ./ipa group-show g9
---
group-show:
---
Group: g9
name: g9
description: test posix group
group id: 1117
But when adding it this doesn't appear. Oddly enough we show the
ipquniqueid when adding a group but not when showing it!
Pavel, do you have time to investigate this inconsistency?
rob
Pavel
I'm not sure how this addresses the issue that when adding a group
different values are returned than when you show one.
This also causes a whole ton of tests to fail. I think in baseldap.oy
instead of:
if options['all']:
You want:
if options.get('all', False):
rob
smime.p7s
Description: S/MIME Cryptographic Signature
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
