[Freeipa-devel] [PATCH] 329 Use common encoding in modlist generation

[Martin Kosek]

ldap2 server plugin generates a modlist for every IPA command entry
modification. However, encoding of attributes entry_attrs generated
by our framework still does not  match entry read from LDAP (until
ticket #2265 is addressed), convert compared values to common ground
so that the comparison does not report false positives when encoding
do not match (e.g. 'int' and 'unicode').

https://fedorahosted.org/freeipa/ticket/3220

From 58660bd000e55d113772ebe6b7552518e5cabc25 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mko...@redhat.com>
Date: Mon, 29 Oct 2012 10:32:39 +0100
Subject: [PATCH] Use common encoding in modlist generation

ldap2 server plugin generates a modlist for every IPA command entry
modification. However, encoding of attributes entry_attrs generated
by our framework still does not  match entry read from LDAP (until
ticket #2265 is addressed), convert compared values to common ground
so that the comparison does not report false positives when encoding
do not match (e.g. 'int' and 'unicode').

https://fedorahosted.org/freeipa/ticket/3220
---
 ipaserver/plugins/ldap2.py | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index caf35096c981363927f8471e2567476954f664e5..c0107c1c62de0c26c78c5cc9164b15690de568f5 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -1341,6 +1341,22 @@ class ldap2(CrudBackend):
                 v = set(filter(lambda value: value is not None, v))
                 old_v = set(entry_attrs_old.get(k.lower(), []))
 
+                # FIXME: Convert all values to either unicode, DN or str
+                # before detecting value changes (see IPASimpleLDAPObject for
+                # supported types).
+                # This conversion will set a common ground for the comparison.
+                #
+                # This fix can be removed when ticket 2265 is fixed and our
+                # encoded entry_attrs' types will match get_entry result
+                try:
+                    v = set(unicode(value)
+                        if not isinstance(value, (DN, str, unicode))
+                        else value for value in v)
+                except Exception, e:
+                    # Rather let the value slip in modlist than let ldap2 crash
+                    self.error("Cannot convert attribute '%s' for modlist "
+                               "for modlist comparison: %s", k, e)
+
                 adds = list(v.difference(old_v))
                 rems = list(old_v.difference(v))
 
-- 
1.7.11.7


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel