[Da-tools-discuss] Some ud-ldap patches

Peter Palfrader weasel at debian.org
Sat May 9 08:32:25 UTC 2009


On Sat, 09 May 2009, Stephen Gran wrote:
> +
> +   status = GetAttr(DnRecord,"accountStatus", None)
> +   if status is None:
> +      return False
> +
> +   if status.find("inactive") != -1:
> +      return True
> +
> +   if status.find("memorial") != -1:
> +      return True
> +
> +   if status.find("retiring") != -1:
> +      line = status.split()
> +      # We'll give them a few extra days over what we said

Substring matches probably are not the best thing to use here.  Can we
just split the status into two strings, "status" and "date" like you
did for the retiring case anyway and use that?


> +      if IsRetired(x):
> +         continue
> +

> +      if IsRetired(x):
> +         continue
> +

> +      if IsRetired(x):
> +         continue
> +

>     for x in PasswdAttrs:
> +      if IsRetired(x):
> +         continue
> +

...
...
..

Somehow this seems wrong.  Just like the thing were we check if a
password is locked a gazillian times.  Or the thing where we check if
the uid is root.  Or the thing where we check if lengths are above a
certain boundary.

This isn't your fault of course, but while we're it we should fix this.
Mabye filtering them all in one place, and one place only.

Without looking at the code all too closely, or at all, I can see a few
lists we would want to end up with:

- all users, with the exception of uid=0 and too long values for some
  things.  This sanitizing step should be applied to the password list
  immediately when we fetch it from ldap, and should be the basis for
  all other lists.
- everybody who should get listed in the email forward.  That's
  basically everyone who is not IsRetired().
- everybody whose account is not locked.

-- 
                           |  .''`.  ** Debian GNU/Linux **
      Peter Palfrader      | : :' :      The  universal
 http://www.palfrader.org/ | `. `'      Operating System
                           |   `-    http://www.debian.org/



More information about the Da-tools-discuss mailing list