First Last Prev Next    This bug is not in your last search results.
Bug 32581 - Hook support for ldap-group-to-file.py
Hook support for ldap-group-to-file.py
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: PAM
UCS 3.1
Other Linux
: P5 enhancement (vote)
: UCS 3.2
Assigned To: Stefan Gohmann
Philipp Hahn
: interim-2
Depends on:
Blocks: 32683
  Show dependency treegraph
 
Reported: 2013-09-13 09:04 CEST by Stefan Gohmann
Modified: 2013-11-19 06:42 CET (History)
0 users

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
ldap-group-to-file.py (4.83 KB, text/plain)
2013-09-24 11:58 CEST, Philipp Hahn 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Gohmann univentionstaff 2013-09-13 09:04:18 CEST 
We should add a simple hook mechanism for ldap-group-to-file.py. We have often the problem that we need all members of a group including groups in groups.

With such a mechanism we could simple add a script which reads all group members with 'getent group grp'.
Comment 1 Stefan Gohmann univentionstaff 2013-09-13 09:04:42 CEST 
Needed for Bug #29710
Comment 2 Stefan Gohmann univentionstaff 2013-09-13 16:31:32 CEST 
fixed

root@master151:~# echo -e '#!/bin/sh\necho "TEST"' >/var/lib/ldap-group-to-file-hooks.d/test
root@master151:~# chmod +x /var/lib/ldap-group-to-file-hooks.d/test
root@master151:~# /usr/lib/univention-pam/ldap-group-to-file.py --verbose
Found 39 ldap groups
The file /var/lib/extrausers/group was created.
run-parts: executing /var/lib/ldap-group-to-file-hooks.d/admingrp-user-passwordreset
run-parts: executing /var/lib/ldap-group-to-file-hooks.d/test
TEST
root@master151:~# 


Code: r43995
Test Case: r44042
Changelog: r44041
Comment 3 Philipp Hahn univentionstaff 2013-09-24 11:56:40 CEST 
FAIL: r43995
+                       stdout_pipe = subprocess.PIPE
+                       stderr_pipe = subprocess.PIPE
+               p = subprocess.Popen(... stdout=stdout_pipe, stderr=stderr_pipe)
+               returncode = p.wait()

<http://docs.python.org/2.6/library/subprocess.html#subprocess.Popen.wait>

Either use os.path.devnull or communicate(); first one is preferred.

And please move the whole addition into a separate function and call it from the __main__ CLOB.


OK: Otherwise works as expected.
OK: ChangeLog

FYI: The recursion prevention looks fishy; see attached version for some cleanups.
Comment 4 Philipp Hahn univentionstaff 2013-09-24 11:58:56 CEST 
Created attachment 5465 [details]
ldap-group-to-file.py

1. Use /dev/null instead of PIPE
2. Don't use deprecated string module
3. Split into smaller functions
4. Log to STDERR
5. Really prevent recursively double resolving the same group
Comment 5 Stefan Gohmann univentionstaff 2013-09-24 13:29:38 CEST 
With r44423 I changed the code to use os.path.devnull and a separate function for the hook handling.

(In reply to Philipp Hahn from comment #3)
> FYI: The recursion prevention looks fishy; see attached version for some
> cleanups.

If we have a problem please create a new bug. I won't change it with this bug.
Comment 6 Philipp Hahn univentionstaff 2013-09-24 17:18:38 CEST 
OK: r44423,44436
OK: /usr/lib/univention-pam/ldap-group-to-file.py --file /tmp/tmp
OK: /usr/lib/univention-pam/ldap-group-to-file.py --file /tmp/tmp --verbose
OK: 7.0.3-2.221.201309241707
Comment 7 Stefan Gohmann univentionstaff 2013-11-19 06:42:50 CET 
UCS 3.2 has been released:
 http://docs.univention.de/release-notes-3.2-en.html
 http://docs.univention.de/release-notes-3.2-de.html

If this error occurs again, please use "Clone This Bug".
First Last Prev Next    This bug is not in your last search results.