Bug 504659 - ipa CLI find, show and show --all commands are inconsistent for different objects
ipa CLI find, show and show --all commands are inconsistent for different obj...
Status: CLOSED CURRENTRELEASE
Product: freeIPA
Classification: Community
Component: ipa-admintools (Show other bugs)
2.0
All Linux
high Severity medium
: v2 release
: ---
Assigned To: Rob Crittenden
Chandrasekar Kannan
:
Depends On:
Blocks: 431020
  Show dependency treegraph
 
Reported: 2009-06-08 13:53 EDT by Jenny Galipeau
Modified: 2015-01-04 18:38 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-09-17 09:36:22 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jenny Galipeau 2009-06-08 13:53:49 EDT
Description of problem:

The ipa CLI find and show commands are inconsistent across the different objects. 

What is expected:

<object>-find command would simply return CN and DN, right now some are return certain defined attributes.

<object>-show command would return all necessary defined attributes.

<object>-show --all command would return all defined attributes and objectclass

Some find commands return defined attributes and some include objectclasses

EXAMPLE:
[root@jennyv2 jenny]# ipa group-find group1
  dn: cn=group1,cn=groups,cn=accounts,dc=bos,dc=redhat,dc=com
  cn: group1
  description: description
  objectclass: top
  objectclass: groupofnames
  objectclass: nestedGroup
  objectclass: ipaUserGroup


It is not documented anywhere as to what attributes (per object type) should be returned with the show command.  
Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Pavel Zuna 2009-11-23 08:37:17 EST
Right now, both *-show and *-find:

Without --all, return the most significant attributes for the object(s) being looked for (default_attributes).

With --all, return all attributes except those explicitly hidden (all, but those in hidden_attributes). objectClass is hidden by default. Why? Because the goal was to hide LDAP internals from the user, who doesn't care about the underlying protocols. This behaviour can be overridden by using --raw: return the entry AS IS - no aliases, no explicitly hidden attributes, no DN conversions.

Does that make sense? Or should we go back to --all means ALL (no explicitly hidden attributes)?

Example of how it works now:

# ./ipa user-show admin
----------
user-show:
----------
User: admin
  user id: admin
  last name: Administrator
  home directory: /home/admin
  login shell: /bin/bash

# ./ipa user-show admin --raw
----------
user-show:
----------
  dn: uid=admin,cn=users,cn=accounts,dc=pzuna
  uid: admin
  sn: Administrator
  homedirectory: /home/admin
  loginshell: /bin/bash

# ./ipa user-show admin --all
----------
user-show:
----------
User: admin
  user id: admin
  full name: Administrator
  last name: Administrator
  home directory: /home/admin
  login shell: /bin/bash
  uid number: 999
  gid number: 1001
  gecos: Administrator
  kerberos principal: admin@PZUNA
  last password change: 20090904122852Z
  password expiration: 20091203122852Z
  member of groups: admins, group1
  member of netgroups: ahojnet
  member of taskgroups: ahojtask

# ./ipa user-show admin --all --raw
----------
user-show:
----------
  dn: uid=admin,cn=users,cn=accounts,dc=pzuna
  uid: admin
  cn: Administrator
  sn: Administrator
  homedirectory: /home/admin
  loginshell: /bin/bash
  uidnumber: 999
  gidnumber: 1001
  gecos: Administrator
  krbprincipalname: admin@PZUNA
  krblastpwdchange: 20090904122852Z
  krbpasswordexpiration: 20091203122852Z
  memberof: cn=admins,cn=groups,cn=accounts,dc=pzuna
  memberof: ipauniqueid=e6f27dde-a416-11de-b3b5-54520012e7cb,cn=ng,cn=alt,dc=pzuna
  memberof: cn=ahojtask,cn=taskgroups,cn=accounts,dc=pzuna
  memberof: cn=group1,cn=groups,cn=accounts,dc=pzuna
  objectclass: top
  objectclass: person
  objectclass: posixaccount
  objectclass: krbprincipalaux
  objectclass: inetuser
Comment 2 Dmitri Pal 2009-11-23 09:00:57 EST
Current approach seems reasonable if it is consistent across all objects. I think the bug is more about consistency. Pavel, are there any violations to the rules described above? If not and everything consistent I think we can close this bug. But if there is inconsistency to the described rule we need to fix it. Jenny do you agree?
Comment 4 Jenny Galipeau 2010-09-17 09:25:08 EDT
I see this is modified, but no changes made?  Should we just close this current release?  I just double checked and the output now seems to be consistent.  If there are any specific issues found, we can open bugs to address them.
Comment 5 Rob Crittenden 2010-09-17 09:30:07 EDT
I set it to modified so that you'd take another look at it to be sure it was working as expected. I suppose I could have left a message to that effect...
Comment 6 Jenny Galipeau 2010-09-17 09:36:22 EDT
okay .. closing current release :)

Note You need to log in before you can comment on or make changes to this bug.