On Tue, 2014-09-02 at 13:49 +0200, Petr Vobornik wrote: > On 28.8.2014 20:14, Nathaniel McCallum wrote: > > On Tue, 2014-08-19 at 16:46 -0400, Nathaniel McCallum wrote: > >> Also, remove the attempt to load the objectClasses when absent. This > >> never makes sense during an add operation. > >> > >> https://fedorahosted.org/freeipa/ticket/4455 > > > > I still need a review for this. We are trying to get this in 4.0.2. > > > > Nathaniel > > > > ACK if comment below doesn't need any change: > > Maybe I'm missing something, but why do we do following check: `if > 'objectclass' in entry_attrs:`? Shouldn't it be always True? Since > the objectclass is set in LDAPCreate.execute. A pre-callback in an third > party plugin can remove it, but I don't think we should care.
I also thought that was odd, but I cargo-culted it to retain backwards compatibility. Attached is a version of the patch which doesn't retain this. I don't care which gets merged. Nathaniel
From 258be9ea67b6e06b8dcf775e53eabfe081a91594 Mon Sep 17 00:00:00 2001 From: Nathaniel McCallum <[email protected]> Date: Tue, 19 Aug 2014 16:32:33 -0400 Subject: [PATCH] Ensure ipaUserAuthTypeClass when needed on user creation Also, remove the attempt to load the objectClasses when absent. This never makes sense during an add operation. https://fedorahosted.org/freeipa/ticket/4455 --- ipalib/plugins/user.py | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index f646e85827bba4544f962c36f5f15c2a89cb2d75..454d219725cbb2803ea4f5ead3ba76672f3fd02f 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -780,23 +780,21 @@ class user_add(LDAPCreate): if 'manager' in entry_attrs: entry_attrs['manager'] = self.obj._normalize_manager(entry_attrs['manager']) - if ('objectclass' in entry_attrs - and 'userclass' in entry_attrs - and 'ipauser' not in entry_attrs['objectclass']): + if 'userclass' in entry_attrs and \ + 'ipauser' not in entry_attrs['objectclass']: entry_attrs['objectclass'].append('ipauser') - if 'ipatokenradiusconfiglink' in entry_attrs: - cl = entry_attrs['ipatokenradiusconfiglink'] - if cl: - if 'objectclass' not in entry_attrs: - _entry = ldap.get_entry(dn, ['objectclass']) - entry_attrs['objectclass'] = _entry['objectclass'] + if 'ipauserauthtype' in entry_attrs and \ + 'ipauserauthtypeclass' not in entry_attrs['objectclass']: + entry_attrs['objectclass'].append('ipauserauthtypeclass') - if 'ipatokenradiusproxyuser' not in entry_attrs['objectclass']: - entry_attrs['objectclass'].append('ipatokenradiusproxyuser') + rcl = entry_attrs.get('ipatokenradiusconfiglink', None) + if rcl: + if 'ipatokenradiusproxyuser' not in entry_attrs['objectclass']: + entry_attrs['objectclass'].append('ipatokenradiusproxyuser') - answer = self.api.Object['radiusproxy'].get_dn_if_exists(cl) - entry_attrs['ipatokenradiusconfiglink'] = answer + answer = self.api.Object['radiusproxy'].get_dn_if_exists(rcl) + entry_attrs['ipatokenradiusconfiglink'] = answer return dn -- 2.1.0
_______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
