On 11/29/2011 08:43 PM, Rob Crittenden wrote:
Ondrej Hamada wrote:
On 11/29/2011 03:46 PM, Ondrej Hamada wrote:
https://fedorahosted.org/freeipa/ticket/2045
'ipa pwpolicy-find' output is now sorted by priority of the policies.
Lower position means lower priority. Global policy is then at the
bottom.
The changes has also affected LDAPSearch class in baseldap.py:
LDAPSearch class sorts the search results by primary key be default
(which is usually 'cn'). Therefor a function pointer entries_sortfn
was added. If no sorting function exists, default sorting by primary
key
is used.
Sorting function had to be introduced due to the fact that pwpolicy's
primary
key is also it's 'cn' and global policy is not allowed to have any
priority.
forget to attach the patch, sorry :-[
Doesn't work with the lite-server due to changing a ReadOnly value. I
think you have the right idea you just need to assign the sorting
statically instead of dynamically (it won't change after finalization).
$ ./ipa pwpolicy-add editors --minlife=2 --priority=9
ipa: DEBUG: Created connection context.ldap2
ipa: DEBUG: raw: pwpolicy_add(u'editors', krbminpwdlife=2,
cospriority=9, all=False, raw=False, version=u'2.15')
ipa: DEBUG: pwpolicy_add(u'editors', krbminpwdlife=2, cospriority=9,
all=False, raw=False, version=u'2.15')
ipa: DEBUG: raw: cosentry_add(u'editors',
krbpwdpolicyreference=u'cn=editors,cn=GREYOAK.COM,cn=kerberos,dc=greyoak,dc=com',
cospriority=9)
ipa: DEBUG: cosentry_add(u'editors',
krbpwdpolicyreference=u'cn=editors,cn=GREYOAK.COM,cn=kerberos,dc=greyoak,dc=com',
cospriority=9, all=False, raw=False)
ipa: DEBUG: raw: group_show(u'editors', all=True)
ipa: DEBUG: group_show(u'editors', rights=False, all=True, raw=False)
ipa: DEBUG: raw: cosentry_find(None, cospriority=9)
ipa: DEBUG: cosentry_find(None, cospriority=9, all=False, raw=False,
pkey_only=False)
ipa: ERROR: non-public: AttributeError: locked: cannot set
cosentry_find.entries_sortfn to <function <lambda> at 0x7f7abc33ec80>
Traceback (most recent call last):
File "/home/rcrit/redhat/freeipa-review/ipaserver/rpcserver.py",
line 223, in wsgi_execute
result = self.Command[name](*args, **options)
File "/home/rcrit/redhat/freeipa-review/ipalib/frontend.py", line
438, in __call__
ret = self.run(*args, **options)
File "/home/rcrit/redhat/freeipa-review/ipalib/frontend.py", line
756, in run
return self.execute(*args, **options)
File "/home/rcrit/redhat/freeipa-review/ipalib/plugins/baseldap.py",
line 700, in execute
ldap, dn, entry_attrs, attrs_list, *keys, **options
File "/home/rcrit/redhat/freeipa-review/ipalib/plugins/pwpolicy.py",
line 346, in pre_callback
cospriority=options.get('cospriority')
File "/home/rcrit/redhat/freeipa-review/ipalib/frontend.py", line
438, in __call__
ret = self.run(*args, **options)
File "/home/rcrit/redhat/freeipa-review/ipalib/frontend.py", line
756, in run
return self.execute(*args, **options)
File "/home/rcrit/redhat/freeipa-review/ipalib/plugins/baseldap.py",
line 700, in execute
ldap, dn, entry_attrs, attrs_list, *keys, **options
File "/home/rcrit/redhat/freeipa-review/ipalib/plugins/pwpolicy.py",
line 127, in pre_callback
self.obj.check_priority_uniqueness(*keys, **options)
File "/home/rcrit/redhat/freeipa-review/ipalib/plugins/pwpolicy.py",
line 101, in check_priority_uniqueness
cospriority=options['cospriority']
File "/home/rcrit/redhat/freeipa-review/ipalib/frontend.py", line
438, in __call__
ret = self.run(*args, **options)
File "/home/rcrit/redhat/freeipa-review/ipalib/frontend.py", line
756, in run
return self.execute(*args, **options)
File "/home/rcrit/redhat/freeipa-review/ipalib/plugins/baseldap.py",
line 1620, in execute
self.entries_sortfn=lambda x,y:
cmp(x[1][self.obj.primary_key.name][0].lower(),
y[1][self.obj.primary_key.name][0].lower())
File "/home/rcrit/redhat/freeipa-review/ipalib/base.py", line 131,
in __setattr__
SET_ERROR % (self.__class__.__name__, name, value)
AttributeError: locked: cannot set cosentry_find.entries_sortfn to
<function <lambda> at 0x7f7abc33ec80>
ipa: INFO: ad...@greyoak.com: pwpolicy_add(u'editors',
krbminpwdlife=2, cospriority=9, all=False, raw=False,
version=u'2.15'): AttributeError
ipa: DEBUG: response: InternalError: an internal error has occurred
ipa: DEBUG: Destroyed connection context.ldap2
corrected, patch attached
--
Regards,
Ondrej Hamada
FreeIPA team
jabber: oh...@jabbim.cz
IRC: ohamada
From 826826626e2c816dda8fa9039157e895e7bc740c Mon Sep 17 00:00:00 2001
From: Ondrej Hamada <oham...@redhat.com>
Date: Fri, 2 Dec 2011 13:51:35 +0100
Subject: [PATCH] Sort password policy by priority
'ipa pwpolicy-find' output is now sorted by priority of the policies.
Lower position means lower priority. Global policy is then at the bottom.
The changes has also affected LDAPSearch class in baseldap.py:
LDAPSearch class sorts the search results by primary key be default
(which is usually 'cn'). Therefor a function pointer entries_sortfn
was added. If no sorting function exists, default sorting by primary key
is used.
Sorting function had to be introduced due to the fact that pwpolicy's primary
key is also it's 'cn' and global policy is not allowed to have any priority.
https://fedorahosted.org/freeipa/ticket/2045
---
ipalib/plugins/baseldap.py | 13 ++++++++++---
ipalib/plugins/pwpolicy.py | 12 ++++++++++++
2 files changed, 22 insertions(+), 3 deletions(-)
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index cda0c497f28c33eb8dd15b118a28ebc7ed1fd356..391193087ca611cf374bfedfd2a191348c03394a 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -1548,6 +1548,10 @@ class LDAPSearch(BaseLDAPCommand, crud.Search):
member_param_incl_doc = _('Search for %s with these %s %s.')
member_param_excl_doc = _('Search for %s without these %s %s.')
+ # pointer to function for entries sorting
+ # if none function assigned the entries are sorted by their primary key value
+ entries_sortfn = None
+
takes_options = (
Int('timelimit?',
label=_('Time Limit'),
@@ -1726,9 +1730,12 @@ class LDAPSearch(BaseLDAPCommand, crud.Search):
else:
callback(self, ldap, entries, truncated, *args, **options)
- if self.obj.primary_key:
- sortfn=lambda x,y: cmp(x[1][self.obj.primary_key.name][0].lower(), y[1][self.obj.primary_key.name][0].lower())
- entries.sort(sortfn)
+ if not self.entries_sortfn:
+ if self.obj.primary_key:
+ sortfn=lambda x,y: cmp(x[1][self.obj.primary_key.name][0].lower(), y[1][self.obj.primary_key.name][0].lower())
+ entries.sort(sortfn)
+ else:
+ entries.sort(self.entries_sortfn)
if not options.get('raw', False):
for e in entries:
diff --git a/ipalib/plugins/pwpolicy.py b/ipalib/plugins/pwpolicy.py
index db42bca0424da34bc17b7df376d529bd60f55751..2b586ec54e3685d4b1ce74a70a755415cd92a8ee 100644
--- a/ipalib/plugins/pwpolicy.py
+++ b/ipalib/plugins/pwpolicy.py
@@ -455,6 +455,18 @@ api.register(pwpolicy_show)
class pwpolicy_find(LDAPSearch):
__doc__ = _('Search for group password policies.')
+ def sort_priority(self,x,y):
+ # global policy will be always last in the output
+ if x[1]['cn'][0] == global_policy_name:
+ return 1
+ elif y[1]['cn'][0] == global_policy_name:
+ return -1
+ else:
+ # policies with higher priority will be at the beginning of the list
+ return cmp(int(x[1]['cospriority'][0]), int(y[1]['cospriority'][0]))
+
+ entries_sortfn = sort_priority
+
def post_callback(self, ldap, entries, truncated, *args, **options):
if options.get('pkey_only', False):
return False
--
1.7.6.4
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
