[IPA] SID allocation using DNA plugin

Andrew Bartlett abartlet at samba.org
Wed Nov 4 15:30:51 MST 2009 

On Wed, 2009-11-04 at 17:07 -0500, Endi Sukma Dewata wrote:
> Andrew,
> 
> Attach is another patch for the other problem I found during
> provisioning. The relax control wasn't defined in the list
> so the ldap_encode() failed and the request was never sent
> to FDS.

OK.  The patch's comment is incorrect however - it does have a network
representation - it is a well-known and well-defined OID for LDAP
network operations. 

> I also found another problem in the provisioning tool. The script
> invokes post_setup() to execute additional backend-specific tasks:
> 
>     provision_backend.post_setup()
> 
> For FDS, the post_setup is configured as follows:
> 
>     result.post_setup = fds_post_setup
> 
> The fds_post_setup() is defined within provision_fds_backend()
> as follows:
> 
>     def fds_post_setup(self):
> 
> The provision_fds_backend() itself is not a member function, so
> the self parameter is considered a regular parameter, not a pointer
> to the object, so this invocation fails because it's missing an
> argument:
> 
>     provision_backend.post_setup()

Ahh, oops :-)

(Clearly I've not tested this.  Sorry). 

> I think ideally this problem should be addressed using polymorphism
> instead of function pointer. So we need to create 2 subclasses of
> the ProvisionBackend called OpenLDAPBackend and FDSBackend. The
> base class should include an empty post_setup() and this should be
> overriden in the FDSBackend. In the main code the code should
> instantiate the class as follows:
> 
>     if backend_type == "fedora-ds":
>         provision_backend = FDSBackend(...)
> 
>     if backend_type == "openldap":
>         provision_backend = OpenLDAPBackend(...)
> 
>     provision_backend.post_setup()
> 
> We could also do this on other parts of the code to cleanly separate
> FDS and OpenLDAP code. What do you think?

Yes, this is the approach I was trying to head towards.  Just make sure
we don't run the LDB specific functions when we are trying to use
OpenLDAP or Fedora DS. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20091105/a79462e3/attachment.pgp>

More information about the samba-technical mailing list