[Freeipa-devel] new ldap backend

Jason Gerard DeRose jderose at redhat.com
Thu Mar 26 06:21:31 UTC 2009 

On Tue, 2009-03-24 at 18:24 +0100, Pavel Zuna wrote:
> Dear freeipa-devel,
> here's the current state of the new LDAP backend, that will hopefully replace 
> the old one someday. If you find something wrong with the functionality or 
> interface, please tell me. Even if you spot a typo, or just don't like my coding 
> style - anything that helps me make it better is welcome.
> 
> I also included a (dirty) testing module for reference. It might give you a 
> better understanding of how the code should actually work in action.
> 
> Thanks,
> Pavel

This code is really looking good, Pavel!  A lot of it is beyond my LDAP
knowledge, so I can't comment on many of the particulars, but I do have
some overall comments.

1. Make sure consumers of the API don't need to import the python-ldap
bindings... I see a few places where the you're using constants from
_ldap (like in find_entries() line 382).  I think it might be better to
have these constants be specified with a str like 'subtree' instead of
_ldap.SCOPE_SUBTREE (using a private dict to map to the python-ldap
constant).  If you don't like this idea, feel free to argue the point,
but that's my gut feeling.

2. Look for places where you can write tests that don't required
connecting to a live LDAP server, and put these in the unit-tests in
tests/.  The more easy-to-run (non-invasive) tests we have the better.
(Although most of your tests will necessarily be invasive, like the ones
you already have in check-ldap2.py). 

I think this code is ready for the next step: I think you should submit
a patch, we'll get this into master, and then you should port a small
number of command plugins (that talk to LDAP) to use ldap2.  I think the
user commands would probably be a good choice.  Then you can go through
a number of iterations in refining the new API, while only needing to
update several reference commands that are using ldap2.  Then once
everyone feels ldap2 is ready, we can port all the commands to use it.

I think you're on the right track and this looks like high quality code.
Thanks for all your work!

Cheers,
Jason

More information about the Freeipa-devel mailing list