#50717 Issue 50644 - fix regression with creating sample entries
Closed 2 years ago by spichugi. Opened 2 years ago by mreynolds.
mreynolds/389-ds-base fixSampleEntries  into  master

@@ -24,14 +24,7 @@ 

  

      # All checks done, apply!

      def _apply(self):

-         suffix_obj = self._configure_base()

-         # Create the base object

-         suffix_obj.add('aci', [

-             # Allow reading the base domain object

-             '(targetattr="' + aci_vals[0] + ' || description || objectClass")(targetfilter="(objectClass=' + aci_vals[1] + ')")(version 3.0; acl "Enable anyone domain read"; allow (read, search, compare)(userdn="ldap:///anyone");)',

-             # Allow reading the ou

-             '(targetattr="ou || objectClass")(targetfilter="(objectClass=organizationalUnit)")(version 3.0; acl "Enable anyone ou read"; allow (read, search, compare)(userdn="ldap:///anyone");)'

-         ])

+         self._configure_base()

  

          # Create the 389 service container

          # This could also move to be part of core later ....

@@ -25,14 +25,7 @@ 

  

      # All checks done, apply!

      def _apply(self):

-         suffix_obj = self._configure_base()

-         # Create the base domain object

-         suffix_obj.add('aci', [

-             # Allow reading the base domain object

-             '(targetattr="dc || description || objectClass")(targetfilter="(objectClass=domain)")(version 3.0; acl "Enable anyone domain read"; allow (read, search, compare)(userdn="ldap:///anyone");)',

-             # Allow reading the ou

-             '(targetattr="ou || objectClass")(targetfilter="(objectClass=organizationalUnit)")(version 3.0; acl "Enable anyone ou read"; allow (read, search, compare)(userdn="ldap:///anyone");)'

-         ])

+         self._configure_base()

  

          # Create the 389 service container

          # This could also move to be part of core later ....

@@ -78,7 +78,6 @@ 

      cn.create(properties={

          # I think in python 2 this forces unicode return ...

          'cn': cn_ava,

-         'description': basedn,

      })

  

      return cn
@@ -94,7 +93,7 @@ 

      def apply(self):

          self._apply()

  

-     def _configure_base(self):

+     def _configure_base(self, add_acis=True):

          suffix_rdn_attr = self._basedn.split('=')[0].lower()

          suffix_obj = None

          if suffix_rdn_attr == 'dc':
@@ -113,6 +112,13 @@ 

              # Unsupported rdn

              raise ValueError("Suffix RDN is not supported for creating sample entries.  Only 'dc', 'o', 'ou', and 'cn' are supported.")

  

+         if add_acis:

+             suffix_obj.add('aci', [

+                 # Allow reading the base domain object

+                 '(targetattr="' + aci_vals[0] + ' || description || objectClass")(targetfilter="(objectClass=' + aci_vals[1] + ')")(version 3.0; acl "Enable anyone ' + aci_vals[1] + ' read"; allow (read, search, compare)(userdn="ldap:///anyone");)',

+                 # Allow reading the ou

+                 '(targetattr="ou || objectClass")(targetfilter="(objectClass=organizationalUnit)")(version 3.0; acl "Enable anyone ou read"; allow (read, search, compare)(userdn="ldap:///anyone");)'

+             ])

          return suffix_obj

  

      def _apply(self):

Bug Description:

The previous commit for this issue missed how the aci's were were being adjusted for each type of different suffix rdn.

Fix Description:

I just moved the aci creation into the base object creation code where all the info needed was readily available.

relates: https://pagure.io/389-ds-base/issue/50644

Thanks @mreynolds I have no idea how we trod on each other here as I tried to be careful of your changes :( ack from me.

rebased onto f90077f

2 years ago

Thanks @mreynolds I have no idea how we trod on each other here as I tried to be careful of your changes :( ack from me.

No worries, I mean I reviewed the patch and missed it too

Pull-Request has been merged by mreynolds

2 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This pull request has been cloned to Github as issue and is available here:
- https://github.com/389ds/389-ds-base/issues/3772

If you want to continue to work on the PR, please navigate to the github issue,
download the patch from the attachments and file a new pull request.

Thank you for understanding. We apologize for all inconvenience.

Pull-Request has been closed by spichugi

2 years ago