Not all fields are returned. Notice, for example that Title is missing.
request is {"method":"user_show","params":[["admin"],{"all":true,"rights":true}],"id":2}
fragment of response result": { "attributelevelrights": { "aci": "rscwo", "cn": "rscwo", "description": "rscwo", "gecos": "rscwo", "gidnumber": "rscwo", "homedirectory": "rscwo", "inetuserhttpurl": "rscwo", "inetuserstatus": "rscwo", "ipauniqueid": "rsc", "krbcanonicalname": "rscwo", "krbextradata": "rscwo", "krblastfailedauth": "rscwo", "krblastpwdchange": "rscwo", "krblastsuccessfulauth": "rscwo", "krbloginfailedcount": "rscwo", "krbmaxrenewableage": "rscwo", "krbmaxticketlife": "rscwo", "krbpasswordexpiration": "rscwo", "krbprincipalaliases": "rscwo", "krbprincipalexpiration": "rscwo", "krbprincipalkey": "wo", "krbprincipalname": "rscwo", "krbprincipaltype": "rscwo", "krbpwdhistory": "rscwo", "krbpwdpolicyreference": "rscwo", "krbticketflags": "rscwo", "krbticketpolicyreference": "rscwo", "krbupenabled": "rscwo", "loginshell": "rscwo", "memberof": "rsc", "mepmanagedentry": "rscwo", "nsaccountlock": "rscwo", "objectclass": "rscwo", "seealso": "rscwo", "sn": "rscwo", "telephonenumber": "rscwo", "uid": "rscwo", "uidnumber": "rscwo", "userpassword": "wo" },
We're going to need to pass the list of desired attributes to the GER call.
This is because the admin user has a slightly reduced set of objectclasses than a typical user The question is whether we want to add the missing objectclasses. I'm not sure things like title make sense for what is essentially a root user.
I'm open to suggestions.
I think we explicitly omitted the person objectlass and derivatives to avoid having "admin" show up as a contact when people attach to the ldap server to use it as a people directory.
The reason is that admin is just an administrative user and not a real user, so all the additional information that pertain to a person is meaningless here.
I think we must cope with users not having all the attributes we want, and just do our best with what is available. This is because a user may add a new plugin that adds new data to some user, but the admin may decide not to touch old existing users. So copying with users that have different sets of objectclasses/attributes should be supported.
As per my comment #1, I check the original bug reports on DS and found that I had actually requested that we get a list of all possible attributes when searching on "*" which we do, so if an attribute doesn't show up it is either operational or not available.
Metadata Update from @admiyo: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 2.0 - 2010/11
Login to comment on this ticket.