[Freeipa-devel] [PATCH] 0003 - User Life Cycle (prevent ipaUniqueID generation in provisioning)

Mon, 30 Jun 2014 00:21:07 -0700

This fix is to prevent IPA UUID DS plugin to generate a ipaUniqueID for users in provisioning container (Stage/Delete). 

thanks
thierry

>From c06af590b11a3692dcd1afc4a52e724aab59173d Mon Sep 17 00:00:00 2001
From: "Thierry bordaz (tbordaz)" <tbor...@redhat.com>
Date: Wed, 25 Jun 2014 12:49:45 +0200
Subject: [PATCH 2/2] Ticket 3813 - User Life Cycle: Exclude subtree for
 ipaUniqueID generation

Bug Description:
	IPA UUID should not generate ipaUniqueID for entries under 'cn=provisioning,SUFFIX'

Fix Description:
	Add in the configuration the ability to set (optional) 'ipaUuidExcludeSubtree'

Reviewed by: ?

Platforms tested: F20

Flag Day: no

Doc impact: no

https://fedorahosted.org/freeipa/ticket/3813
---
 daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
index 2b07de4..9a1eaed 100644
--- a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
+++ b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
@@ -64,6 +64,7 @@
 #define IPAUUID_GENERATE         "ipaUuidMagicRegen"
 #define IPAUUID_FILTER           "ipaUuidFilter"
 #define IPAUUID_SCOPE            "ipaUuidScope"
+#define IPAUUID_EXCLUDE_SUBTREE  "ipaUuidExcludeSubtree"
 #define IPAUUID_ENFORCE          "ipaUuidEnforce"
 
 #define IPAUUID_FEATURE_DESC      "IPA UUID"
@@ -91,6 +92,7 @@ struct configEntry {
     Slapi_Filter *slapi_filter;
     char *generate;
     char *scope;
+    char *exclude_subtree;
     bool enforce;
 };
 
@@ -536,6 +538,10 @@ ipauuid_parse_config_entry(Slapi_Entry * e, bool apply)
         goto bail;
     }
     LOG_CONFIG("----------> %s [%s]\n", IPAUUID_SCOPE, entry->scope);
+    
+    value = slapi_entry_attr_get_charptr(e, IPAUUID_EXCLUDE_SUBTREE);
+    entry->exclude_subtree = value;
+    LOG_CONFIG("----------> %s [%s]\n", IPAUUID_EXCLUDE_SUBTREE, entry->exclude_subtree);
 
     entry->enforce = slapi_entry_attr_get_bool(e, IPAUUID_ENFORCE);
     LOG_CONFIG("----------> %s [%s]\n",
@@ -639,6 +645,10 @@ ipauuid_free_config_entry(struct configEntry **entry)
     if (e->scope) {
         slapi_ch_free_string(&e->scope);
     }
+    
+    if (e->exclude_subtree) {
+        slapi_ch_free_string(&e->exclude_subtree);
+    }
 
     slapi_ch_free((void **)entry);
 }
@@ -917,6 +927,12 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
                 continue;
             }
         }
+        
+        if (cfgentry->exclude_subtree) {
+                if (slapi_dn_issuffix(dn, cfgentry->exclude_subtree)) {
+                        continue;
+                }
+        }
 
         /* does the entry match the filter? */
         if (cfgentry->slapi_filter) {
-- 
1.7.11.7


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to