Bug 504659
| Summary: | ipa CLI find, show and show --all commands are inconsistent for different objects | ||
|---|---|---|---|
| Product: | [Retired] freeIPA | Reporter: | Jenny Severance <jgalipea> |
| Component: | ipa-admintools | Assignee: | Rob Crittenden <rcritten> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Chandrasekar Kannan <ckannan> |
| Severity: | medium | Docs Contact: | |
| Priority: | high | ||
| Version: | 2.0 | CC: | benl, dpal, jgalipea, mgregg, pzuna |
| Target Milestone: | v2 release | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2010-09-17 13:36:22 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 431020 | ||
|
Description
Jenny Severance
2009-06-08 17:53:49 UTC
Right now, both *-show and *-find: Without --all, return the most significant attributes for the object(s) being looked for (default_attributes). With --all, return all attributes except those explicitly hidden (all, but those in hidden_attributes). objectClass is hidden by default. Why? Because the goal was to hide LDAP internals from the user, who doesn't care about the underlying protocols. This behaviour can be overridden by using --raw: return the entry AS IS - no aliases, no explicitly hidden attributes, no DN conversions. Does that make sense? Or should we go back to --all means ALL (no explicitly hidden attributes)? Example of how it works now: # ./ipa user-show admin ---------- user-show: ---------- User: admin user id: admin last name: Administrator home directory: /home/admin login shell: /bin/bash # ./ipa user-show admin --raw ---------- user-show: ---------- dn: uid=admin,cn=users,cn=accounts,dc=pzuna uid: admin sn: Administrator homedirectory: /home/admin loginshell: /bin/bash # ./ipa user-show admin --all ---------- user-show: ---------- User: admin user id: admin full name: Administrator last name: Administrator home directory: /home/admin login shell: /bin/bash uid number: 999 gid number: 1001 gecos: Administrator kerberos principal: admin@PZUNA last password change: 20090904122852Z password expiration: 20091203122852Z member of groups: admins, group1 member of netgroups: ahojnet member of taskgroups: ahojtask # ./ipa user-show admin --all --raw ---------- user-show: ---------- dn: uid=admin,cn=users,cn=accounts,dc=pzuna uid: admin cn: Administrator sn: Administrator homedirectory: /home/admin loginshell: /bin/bash uidnumber: 999 gidnumber: 1001 gecos: Administrator krbprincipalname: admin@PZUNA krblastpwdchange: 20090904122852Z krbpasswordexpiration: 20091203122852Z memberof: cn=admins,cn=groups,cn=accounts,dc=pzuna memberof: ipauniqueid=e6f27dde-a416-11de-b3b5-54520012e7cb,cn=ng,cn=alt,dc=pzuna memberof: cn=ahojtask,cn=taskgroups,cn=accounts,dc=pzuna memberof: cn=group1,cn=groups,cn=accounts,dc=pzuna objectclass: top objectclass: person objectclass: posixaccount objectclass: krbprincipalaux objectclass: inetuser Current approach seems reasonable if it is consistent across all objects. I think the bug is more about consistency. Pavel, are there any violations to the rules described above? If not and everything consistent I think we can close this bug. But if there is inconsistency to the described rule we need to fix it. Jenny do you agree? I see this is modified, but no changes made? Should we just close this current release? I just double checked and the output now seems to be consistent. If there are any specific issues found, we can open bugs to address them. I set it to modified so that you'd take another look at it to be sure it was working as expected. I suppose I could have left a message to that effect... okay .. closing current release :) |