On 10/22/2014 07:39 PM, Tomas Babej wrote: > Hi, > > thank you for the patches, comments inline. > > > On 10/15/2014 02:20 PM, Petr Vobornik wrote: >> ticket: https://fedorahosted.org/freeipa/ticket/4221 >> >> == [PATCH] 773 ranges: prohibit setting --rid-base with >> ipa-trust-ad-posix type == >> >> We should not allow setting --rid-base for ranges of >> ipa-trust-ad-posix since we do not perform any RID -> UID/GID mappings >> for these ranges (objects have UID/GID set in AD). Thus, setting RID >> base makes no sense. >> >> Since ipaBaseRID is a MUST in ipaTrustedADDomainRange object class, >> value '0' is allowed and used internally for 'ipa-trust-ad-posix' >> range type. > > We probably don't want to display the first RID if it is 0 and the type > is ad-posix. This occurs in idrange-find: > > [tbabej@vm-043 labtool]$ ipa idrange-find > > ---------------- > 2 ranges matched > ---------------- > Range name: DOM043.TBAD.IDM.LAB.ENG.BRQ.REDHAT.COM_id_range > First Posix ID of the range: 514800000 > Number of IDs in the range: 200000 > First RID of the corresponding RID range: 1000 > First RID of the secondary RID range: 100000000 > Range type: local domain range > > Range name: TBAD.IDM.LAB.ENG.BRQ.REDHAT.COM_id_range > First Posix ID of the range: 10000 > Number of IDs in the range: 200000 > First RID of the corresponding RID range: 0 > Domain SID of the trusted domain: S-1-5-21-2997650941-1802118864-3094776726 > Range type: Active Directory trust range with POSIX attributes > > ---------------------------- > Number of entries returned 2 > ---------------------------- > > And also idrange-show: > > [tbabej@vm-043 labtool]$ ipa idrange-show > TBAD.IDM.LAB.ENG.BRQ.REDHAT.COM_id_range > Range name: TBAD.IDM.LAB.ENG.BRQ.REDHAT.COM_id_range > First Posix ID of the range: 10000 > Number of IDs in the range: 200000 > First RID of the corresponding RID range: 0 > Domain SID of the trusted domain: S-1-5-21-2997650941-1802118864-3094776726 > Range type: Active Directory trust range with POSIX attributes > > >> >> No schema change is done. >> >> == [PATCH] 774 unittests: baserid for ipa-ad-trust-posix idranges == > > Looks good. > >> >> == [PATCH] 775 ldapupdater: set baserid to 0 for ipa-ad-trust-posix >> ranges == > > Can you use the paged_search=True in find_entries instead of having a > infinite loop? It would make this code quite cleaner.
I also saw you did not update Makefile.am. > > >> >> New updater plugin which sets baserid to 0 for ranges with type >> ipa-ad-trust-posix >> >> https://fedorahosted.org/freeipa/ticket/4221 >> >> == [PATCH] 776 idrange: include raw range type in output == >> >> iparangetype output is a localized human-readable value which is not >> suitable for machine-based API consumers >> >> Solved by new iparangetyperaw output attribute which contains >> iparangetype's raw value >> >> Note: I don't like this approach. It would be better to return just >> the raw value a do the transformation in clients. But we do have a >> precedent: >> http://www.redhat.com/archives/freeipa-devel/2012-January/msg00190.html > > I am not happy about it either.. I guess we could create a capability > for this, but it would probably be a overkill. > > > >> >> == [PATCH] 777 webui: prohibit setting rid base with >> ipa-trust-ad-posix type == >> >> Base RID is no longer editable for ipa-trust-ad-posix range type >> >> Adder dialog: >> - Range type selector was moved up because it affects a field above it >> >> Details page: >> - Only fields relevant to range's type are visible >> >> > Looks fine. > > On a related note, I added a new ticket > https://fedorahosted.org/freeipa/ticket/4661 > > > > > _______________________________________________ > Freeipa-devel mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-devel > _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
