commit 8d00d7c on 5/23/2012 added a new test for enforcing sizelimits. The expect value for memberindirect in the 'Search for permissions by attr with a limit of 1 (truncated)' test is incorrect. The HBAC Administrator should not be an indirect member, it's a direct member.
'memberindirect': [u'cn=hbac administrator,cn=privileges,cn=pbac,%s' % api.env.basedn, u'cn=it security specialist,cn=roles,cn=accounts,%s' % api.env.basedn],
It's failing because of this logic in ldap2 get_members
for e in results: if unicode(e[0]) not in real_members and unicode(e[0]) not in entries: if membertype == MEMBERS_INDIRECT: entries.append(e[0])
because real_members (i.e. direct members) is
cn=HBAC Administrator,cn=privileges,cn=pbac
and results contains:
'cn=hbac administrator,cn=privileges,cn=pbac
Note this is only a difference in case. It should have seen the real_member was already present and not added it, but the test failed because of case sensitivity.
This showed up after the DN conversion work which is case-preserving but uses case-insenstive comparison which correctly prevented adding a direct member to an indirect member list. The fix is to remove the extraneous indirect member from the expected result.
attachment freeipa-rcrit-1035-member.patch
commit 94d457e
Metadata Update from @jdennis: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 3.0 Beta 2
Login to comment on this ticket.