On Wed, 2009-11-04 at 17:32 +0100, Sumit Bose wrote: > On Mon, Nov 02, 2009 at 05:28:20PM +0100, Sumit Bose wrote: > > Hi, > > > > this is the first part of the access target of the IPA provider. It is > > not complete but I thought it might be easier to review if the next > > features are coming in smaller patches. Currently the service and user > > data of the HBAC rules are evaluate. > > > > If you want to test it you need a current IPA v2 server together with > > some uncommited patches, namely > > - [PATCH] Make ldap2.convert_attr_synonyms more robust against schema > > lookup fails. > > - [Freeipa-devel] [PATCH] Handle ipaEnabledFlag as bool (TRUE/FALSE) > > instead of string (enabled/disabled). > > > > and if you use 1.9.0 > > - [Freeipa-devel] [PATCH] 303 proper syntax for fqdn > > > > bye, > > Sumit > > Hi, > > this is a new version which addresses a couple of issues which were > discussed on irc, namely > > - output variables after input variable in evaluate_ipa_hbac_rules() > - use the same context as the id provider to save the second LDAP > connection > - store the original memberOf attributes as origMemberOf in sysdb
Looks good to me. The only thing is that I have defined SYSDB_ORIG_MEMBEROF "originalMemberOf" in my recent patches. I guess you should use that one instead of IPA_HOST_ORIGMEMBEROF. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel