Hi, thank you for the patches, comments inline.
On 10/15/2014 02:20 PM, Petr Vobornik wrote: > ticket: https://fedorahosted.org/freeipa/ticket/4221 > > == [PATCH] 773 ranges: prohibit setting --rid-base with > ipa-trust-ad-posix type == > > We should not allow setting --rid-base for ranges of > ipa-trust-ad-posix since we do not perform any RID -> UID/GID mappings > for these ranges (objects have UID/GID set in AD). Thus, setting RID > base makes no sense. > > Since ipaBaseRID is a MUST in ipaTrustedADDomainRange object class, > value '0' is allowed and used internally for 'ipa-trust-ad-posix' > range type. We probably don't want to display the first RID if it is 0 and the type is ad-posix. This occurs in idrange-find: [tbabej@vm-043 labtool]$ ipa idrange-find ---------------- 2 ranges matched ---------------- Range name: DOM043.TBAD.IDM.LAB.ENG.BRQ.REDHAT.COM_id_range First Posix ID of the range: 514800000 Number of IDs in the range: 200000 First RID of the corresponding RID range: 1000 First RID of the secondary RID range: 100000000 Range type: local domain range Range name: TBAD.IDM.LAB.ENG.BRQ.REDHAT.COM_id_range First Posix ID of the range: 10000 Number of IDs in the range: 200000 First RID of the corresponding RID range: 0 Domain SID of the trusted domain: S-1-5-21-2997650941-1802118864-3094776726 Range type: Active Directory trust range with POSIX attributes ---------------------------- Number of entries returned 2 ---------------------------- And also idrange-show: [tbabej@vm-043 labtool]$ ipa idrange-show TBAD.IDM.LAB.ENG.BRQ.REDHAT.COM_id_range Range name: TBAD.IDM.LAB.ENG.BRQ.REDHAT.COM_id_range First Posix ID of the range: 10000 Number of IDs in the range: 200000 First RID of the corresponding RID range: 0 Domain SID of the trusted domain: S-1-5-21-2997650941-1802118864-3094776726 Range type: Active Directory trust range with POSIX attributes > > No schema change is done. > > == [PATCH] 774 unittests: baserid for ipa-ad-trust-posix idranges == Looks good. > > == [PATCH] 775 ldapupdater: set baserid to 0 for ipa-ad-trust-posix > ranges == Can you use the paged_search=True in find_entries instead of having a infinite loop? It would make this code quite cleaner. > > New updater plugin which sets baserid to 0 for ranges with type > ipa-ad-trust-posix > > https://fedorahosted.org/freeipa/ticket/4221 > > == [PATCH] 776 idrange: include raw range type in output == > > iparangetype output is a localized human-readable value which is not > suitable for machine-based API consumers > > Solved by new iparangetyperaw output attribute which contains > iparangetype's raw value > > Note: I don't like this approach. It would be better to return just > the raw value a do the transformation in clients. But we do have a > precedent: > http://www.redhat.com/archives/freeipa-devel/2012-January/msg00190.html I am not happy about it either.. I guess we could create a capability for this, but it would probably be a overkill. > > == [PATCH] 777 webui: prohibit setting rid base with > ipa-trust-ad-posix type == > > Base RID is no longer editable for ipa-trust-ad-posix range type > > Adder dialog: > - Range type selector was moved up because it affects a field above it > > Details page: > - Only fields relevant to range's type are visible > > Looks fine. On a related note, I added a new ticket https://fedorahosted.org/freeipa/ticket/4661 -- Tomas Babej Associate Software Engineer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel