Univention Bugzilla – Bug 38712
univention-policy-result != univention.uldap.getPolicies()
Last modified: 2015-07-03 14:10:47 CEST
Created attachment 6964 [details] Fix base/univention-python/modules/uldap.py getPolicies() The Python implementation "univention.uldap.getPolicies()" returns a different result than the C implementation "univention-policy-result". -+-- base ++- container <<< POLICY[requiredObjectClasses=object] +- object - base/univention-policy/lib/policy.c walks path from the object *up* to the root of the tree, and checks the policies against the *requested* object, e.g. POLICY(object)! - base/univention-python/modules/uldap.py walks the path from the root of the tree *down* to the object, and checks the policy against the *currently processed* object, e.g. POLICY(container)! +++ This bug was initially created as a clone of Bug #38663 +++
r61276 | Bug #38663 ucs-test: UDM CLI tests r61275 | Bug #38663 ucs-test: Copyright 2015 r61274 | Bug #38712 Python: Fix policy_result Fixed Python implementation to use same order as the C implementation. ucs-test/tests/59_udm/* shows 4 differences: 01_requiredObjectClasses: were applied to wrong tree level object 02_prohibitedObjectClasses: were applied to wrong tree level object 03_ldapFilter: was applied to wrong tree level object 04_fixedAttributes: OKAY 05_emptyAttributes: returned wrong parent policy instead of more specific policy Package: univention-python Version: 8.0.3-6.153.201506161253 Branch: ucs_4.0-0 Scope: errata4.0-2 Package: ucs-test Version: 5.0.148-18.1062.201506161256 Branch: ucs_4.0-0 Scope: errata4.0-2 r61277 | Bug #38712 univention-python: YAML 2015-06-05-univention-python.yaml
r61342 | Bug #38712 Python: Fix python2.7 set() syntax Package: univention-python Version: 8.0.3-7.154.201506171812 Branch: ucs_4.0-0 Scope: errata4.0-2 r61346 | Bug #38712 Python: Fix python2.7 set() syntax YAML 2015-06-05-univention-python.yaml
Please also adapt line 398 and 418.
(In reply to Florian Best from comment #3) > Please also adapt line 398 and 418. r61347 | Bug #38712 Python: Fix python2.7 set() syntax Package: univention-python Version: 8.0.3-8.155.201506172117 Branch: ucs_4.0-0 Scope: errata4.0-2 r61348 | Bug #38712 Python: Fix python2.7 set() syntax YANK 2015-06-05-univention-python.yaml
The format looks different: C implementation: root@master70:~# univention-policy-result -D cn=master70,cn=dc,cn=computers,dc=nstx,dc=local -y /etc/machine.secret cn=master70,cn=dc,cn=computers,dc=nstx,dc=local | grep Attribute | sort | uniq Attribute: univentionCronActive Attribute: univentionDhcpDomainName Attribute: univentionDhcpDomainNameServers Attribute: univentionInstallationShutdown Attribute: univentionInstallationStartup Attribute: univentionPWHistoryLen Attribute: univentionPWLength Attribute: univentionRegistry;entry-hex-626172 Attribute: univentionRegistry;entry-hex-62617a Attribute: univentionRegistry;entry-hex-666f6f Attribute: univentionUpdateActivate Before patch: root@master70:~# python -c "import univention.uldap;lo=univention.uldap.getMachineConnection(); print sorted(__import__('itertools').chain(*[x.keys() for x in lo.getPolicies('cn=master70,cn=dc,cn=computers,dc=nstx,dc=local').values()]))" ['univentionCronActive', 'univentionDhcpDomainName', 'univentionDhcpDomainNameServers', 'univentionInstallationShutdown', 'univentionInstallationStartup', 'univentionPWHistoryLen', 'univentionPWLength', 'univentionUpdateActivate'] After patch: root@master70:~# python -c "import univention.uldap;lo=univention.uldap.getMachineConnection(); print sorted(__import__('itertools').chain(*[x.keys() for x in lo.getPolicies('cn=master70,cn=dc,cn=computers,dc=nstx,dc=local').values()]))" ['univentionCronActive', 'univentionInstallationShutdown', 'univentionInstallationStartup', 'univentionUpdateActivate'] → There are some keys missing.
Patch in line 382 of uldap.py: - parent = self.get(dn, ['univentionPolicyReference']) + parent = self.get(dn) I think it should be fine after this patch?!
(In reply to Florian Best from comment #6) > Patch in line 382 of uldap.py: > - parent = self.get(dn, > ['univentionPolicyReference']) > + parent = self.get(dn) > > I think it should be fine after this patch?! Thanks for the hint/patch. Implemented differently using exception. r61500 | Bug #38663 UDM: LDAP policy inheritance ucs-test/tests/59_udm/06_inhertiance r61499 | Bug #38712 policy: Fix policy inheritance univention-python/modules/uldap.py Package: univention-python Version: 8.0.3-9.156.201506260831 Branch: ucs_4.0-0 Scope: errata4.0-2 r61501 | Bug #38712 policy: Fix policy inheritance YAML 2015-06-05-univention-python.yaml Package: ucs-test Version: 5.0.148-25.1067.201506260834 Branch: ucs_4.0-0 Scope: errata4.0-2
r61539 | Bug #38663 test: Use udm-test for != DC_Master/Backup r61541 | Bug #38712 test: Use policy ihertitance tests Package: ucs-test Version: 5.0.148-27.1069.201506291010 Branch: ucs_4.0-0 Scope: errata4.0-2
OK: The python implementation seems to be equal to the C implementation now (except 'break' instead of 'continue' if the parent object was not found). OK: YAML OK: ucs-test
<http://errata.univention.de/ucs/4.0/222.html>