[IPA] SID allocation using DNA plugin
Andrew Bartlett
abartlet at samba.org
Wed Nov 4 15:30:51 MST 2009
On Wed, 2009-11-04 at 17:07 -0500, Endi Sukma Dewata wrote:
> Andrew,
>
> Attach is another patch for the other problem I found during
> provisioning. The relax control wasn't defined in the list
> so the ldap_encode() failed and the request was never sent
> to FDS.
OK. The patch's comment is incorrect however - it does have a network
representation - it is a well-known and well-defined OID for LDAP
network operations.
> I also found another problem in the provisioning tool. The script
> invokes post_setup() to execute additional backend-specific tasks:
>
> provision_backend.post_setup()
>
> For FDS, the post_setup is configured as follows:
>
> result.post_setup = fds_post_setup
>
> The fds_post_setup() is defined within provision_fds_backend()
> as follows:
>
> def fds_post_setup(self):
>
> The provision_fds_backend() itself is not a member function, so
> the self parameter is considered a regular parameter, not a pointer
> to the object, so this invocation fails because it's missing an
> argument:
>
> provision_backend.post_setup()
Ahh, oops :-)
(Clearly I've not tested this. Sorry).
> I think ideally this problem should be addressed using polymorphism
> instead of function pointer. So we need to create 2 subclasses of
> the ProvisionBackend called OpenLDAPBackend and FDSBackend. The
> base class should include an empty post_setup() and this should be
> overriden in the FDSBackend. In the main code the code should
> instantiate the class as follows:
>
> if backend_type == "fedora-ds":
> provision_backend = FDSBackend(...)
>
> if backend_type == "openldap":
> provision_backend = OpenLDAPBackend(...)
>
> provision_backend.post_setup()
>
> We could also do this on other parts of the code to cleanly separate
> FDS and OpenLDAP code. What do you think?
Yes, this is the approach I was trying to head towards. Just make sure
we don't run the LDB specific functions when we are trying to use
OpenLDAP or Fedora DS.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20091105/a79462e3/attachment.pgp>
More information about the samba-technical
mailing list