[Freeipa-devel] [PATCH] Add fail-safe defaults to time and size limits in ldap2 searches.
Rob Crittenden
rcritten at redhat.com
Wed Oct 20 21:42:58 UTC 2010
Pavel Zuna wrote:
> On 10/14/2010 03:30 PM, Rob Crittenden wrote:
>> Pavel Zuna wrote:
>>> There was no default value set even though we were using config.get and
>>> it was throwing exceptions if someone deleted one of the related config
>>> values.
>>>
>>> Pavel
>>
>> Is this needed since get_ipa_config() will always return something for
>> time and search limits?
>>
>> rob
>
> Yes, because get_ipa_config will return defaults for time and search
> limits only when the whole ipaConfig entry isn't found.
>
> I reworked the patch, so that defaults are always returned by
> get_ipa_config, but I left changes from the previous version, because it
> doesn't hurt anything and is a (very little) bit safer.
>
> New version attached.
>
> Pavel
I see your point. One can do 'ipa config-mod --searchtimelimit=` and
blam, everything stops working. This still seems like a bit of a
cover-up fix for that. Should we prevent these attributes from being
removed?
rob
More information about the Freeipa-devel
mailing list