Re: [Freeipa-devel] [PATCH] 19 Cleanup for netgroup search
Jan Zeleny wrote: JR Aquinojr.aqu...@citrix.com wrote: On 2/17/11 3:23 AM, Jan Zelenýjzel...@redhat.com wrote: JR Aquinojr.aqu...@citrix.com wrote: This patch fixes the netgroup plugin's behavior of adding duplicate entries when the managed entry plugin creates a netgroup with a mepManagedEntry This problem is documented in ticket: https://fedorahosted.org/freeipa/ticket/963 As noted by Endi for issue #3 in the History: 3. Just out of curiosity, I tried adding a netgroup with the same name as the hostgroup. I expected it to conflict with the managed netgroup, but it actually worked. Searching the directory will return 2 netgroups with the same name: Historically the netgroup plugin had inappropriately defined: rdn_attribute = 'ipauniqueid' This caused the ability of duplication with the creation of native netgroups using the ipaUniqueId as the DN and as the Managed Entry netgroups utilizing the cn as the DN. Patch includes adjustments for the netgroup plugin and corresponding test_netgroup_plugin Please verify that the items requested in #963 are now complete and please confirm that the corresponding tests all pass. One test fails: FAIL: test_netgroup[30]: netgroup_remove_member: Remove netgroup u'netgroup2' from netgroup u'netgroup1' Command ipa host-show still shows: Member of netgroups: testhostgroup Also a little bit of nitpicking, I think the changed code in chunk 2 would better look something like this: search_kw = {} search_kw['objectclass'] = ['mepManagedEntry'] if not options['private']: local_filter = ldap.make_filter(search_kw, rules=ldap.MATCH_NONE) else: local_filter = ldap.make_filter(search_kw, rules=ldap.MATCH_ALL) filter = ldap.combine_filters((local_filter, filter), rules=ldap.MATCH_ALL) -- Jan It was determined that the ipauniqueid is required for the DN on these objects. It's an ipaAssociation which uses it as the rdn, if we change the problems cascade This patch has now changed to reflect the optimization in the netgroup search instead. It provides a cleaner method of performing a netgroup search for native netgroups and allows for the --private search to only display the mepManagedEntry netgroups, rather than ALL netgroups. Previously --private would return ALL netgroups. This means there is no need to modify test_netgroup_plugin. Please verify that the optimization / bugfix passes the standard test_netgroup_plugin. Ack Jan pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 19 Cleanup for netgroup search
On 2/17/11 3:23 AM, Jan Zelený jzel...@redhat.com wrote: JR Aquino jr.aqu...@citrix.com wrote: This patch fixes the netgroup plugin's behavior of adding duplicate entries when the managed entry plugin creates a netgroup with a mepManagedEntry This problem is documented in ticket: https://fedorahosted.org/freeipa/ticket/963 As noted by Endi for issue #3 in the History: 3. Just out of curiosity, I tried adding a netgroup with the same name as the hostgroup. I expected it to conflict with the managed netgroup, but it actually worked. Searching the directory will return 2 netgroups with the same name: Historically the netgroup plugin had inappropriately defined: rdn_attribute = 'ipauniqueid' This caused the ability of duplication with the creation of native netgroups using the ipaUniqueId as the DN and as the Managed Entry netgroups utilizing the cn as the DN. Patch includes adjustments for the netgroup plugin and corresponding test_netgroup_plugin Please verify that the items requested in #963 are now complete and please confirm that the corresponding tests all pass. One test fails: FAIL: test_netgroup[30]: netgroup_remove_member: Remove netgroup u'netgroup2' from netgroup u'netgroup1' Command ipa host-show still shows: Member of netgroups: testhostgroup Also a little bit of nitpicking, I think the changed code in chunk 2 would better look something like this: search_kw = {} search_kw['objectclass'] = ['mepManagedEntry'] if not options['private']: local_filter = ldap.make_filter(search_kw, rules=ldap.MATCH_NONE) else: local_filter = ldap.make_filter(search_kw, rules=ldap.MATCH_ALL) filter = ldap.combine_filters((local_filter, filter), rules=ldap.MATCH_ALL) -- Jan It was determined that the ipauniqueid is required for the DN on these objects. It's an ipaAssociation which uses it as the rdn, if we change the problems cascade This patch has now changed to reflect the optimization in the netgroup search instead. It provides a cleaner method of performing a netgroup search for native netgroups and allows for the --private search to only display the mepManagedEntry netgroups, rather than ALL netgroups. Previously --private would return ALL netgroups. This means there is no need to modify test_netgroup_plugin. Please verify that the optimization / bugfix passes the standard test_netgroup_plugin. freeipa-jraquino-0019-Cleanup-for-netgroup-search.patch Description: freeipa-jraquino-0019-Cleanup-for-netgroup-search.patch ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 19 Cleanup for netgroup search
JR Aquino jr.aqu...@citrix.com wrote: On 2/17/11 3:23 AM, Jan Zelený jzel...@redhat.com wrote: JR Aquino jr.aqu...@citrix.com wrote: This patch fixes the netgroup plugin's behavior of adding duplicate entries when the managed entry plugin creates a netgroup with a mepManagedEntry This problem is documented in ticket: https://fedorahosted.org/freeipa/ticket/963 As noted by Endi for issue #3 in the History: 3. Just out of curiosity, I tried adding a netgroup with the same name as the hostgroup. I expected it to conflict with the managed netgroup, but it actually worked. Searching the directory will return 2 netgroups with the same name: Historically the netgroup plugin had inappropriately defined: rdn_attribute = 'ipauniqueid' This caused the ability of duplication with the creation of native netgroups using the ipaUniqueId as the DN and as the Managed Entry netgroups utilizing the cn as the DN. Patch includes adjustments for the netgroup plugin and corresponding test_netgroup_plugin Please verify that the items requested in #963 are now complete and please confirm that the corresponding tests all pass. One test fails: FAIL: test_netgroup[30]: netgroup_remove_member: Remove netgroup u'netgroup2' from netgroup u'netgroup1' Command ipa host-show still shows: Member of netgroups: testhostgroup Also a little bit of nitpicking, I think the changed code in chunk 2 would better look something like this: search_kw = {} search_kw['objectclass'] = ['mepManagedEntry'] if not options['private']: local_filter = ldap.make_filter(search_kw, rules=ldap.MATCH_NONE) else: local_filter = ldap.make_filter(search_kw, rules=ldap.MATCH_ALL) filter = ldap.combine_filters((local_filter, filter), rules=ldap.MATCH_ALL) -- Jan It was determined that the ipauniqueid is required for the DN on these objects. It's an ipaAssociation which uses it as the rdn, if we change the problems cascade This patch has now changed to reflect the optimization in the netgroup search instead. It provides a cleaner method of performing a netgroup search for native netgroups and allows for the --private search to only display the mepManagedEntry netgroups, rather than ALL netgroups. Previously --private would return ALL netgroups. This means there is no need to modify test_netgroup_plugin. Please verify that the optimization / bugfix passes the standard test_netgroup_plugin. Ack Jan ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel