freeipa

Clone
Source Code
GIT

#1675 Missing "managing hosts" options.
Closed: Fixed None Opened 12 years ago by edewata.

Closed: Fixed
Reopen Issue

The host plugin does define a "managing" attribute, but it seems to be incomplete so the following options are missing:

  --man-hosts=LIST      Search for hosts with these managing hosts.
  --not-man-hosts=LIST  Search for hosts without these managing hosts.

These options do appear after adding "managing" into the default_attributes and host_find's member_attributes, but they don't seem to be working correctly. The --man-hosts will always return empty, and the --not-man-hosts will always return everything. So there might be some other issues.

These options would be useful for the UI when adding "Managed by Hosts". The --not-man-hosts option can be used to find hosts that have not already been managing the current host, thus avoiding duplicates.

This issue is not that straightforward. As "managing" attribute is not stored in LDAP but is generated on-the-fly in our framework, we cannot simply use it in LDAP search. I wonder if we should really fix this.

I am also lowering the priority of this ticket. I don't think it has "major" impact on FreeIPA.

Replying to [comment:4 mkosek]:

This issue is not that straightforward. As "managing" attribute is not stored in LDAP but is generated on-the-fly in our framework, we cannot simply use it in LDAP search. I wonder if we should really fix this.

I am also lowering the priority of this ticket. I don't think it has "major" impact on FreeIPA.

Those options are useful for the UI.
They are not the only ones that are created on the fly. I am fine with moving it to December but IMO this is something that we should fix as it is a valuable feature of IPA that we want to expose in the UI.

The UI already has a way to filter out the hosts that are managing the host being edited by comparing them one-by-one on the browser side with the managedby attribute. If the total number of hosts is not too big this mechanism should be sufficient. But if there is a huge number of hosts it would be better to filter it on the server side using the --not-man-hosts.

Replying to [comment:5 dpal]:

Those options are useful for the UI.
They are not the only ones that are created on the fly. I am fine with moving it to December but IMO this is something that we should fix as it is a valuable feature of IPA that we want to expose in the UI.

Ok, lets do it then! This will lead to 2 LDAP calls in host-find, but I think it should still be OK (since this is a on-demand option). This is how this should work:

  1. Search for all HOSTS passed by ipa host-find --man-hosts=HOSTS ...
  2. Read their managedBy attributes to MAN_HOSTS

  3. Do the actual LDAP search wanted by host-find and use MAN_HOSTS as a filter

  4. and 2. will be be done in pre_callback

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=783285

master:

ipa-2-2:

UI fix:

Metadata Update from @edewata:
- Issue assigned to mkosek
- Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/01
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
low
None
None
None
None
defect
None
None
IPA
None
1
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=783285
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.