[Freeipa-devel] [PATCH 72] Validate DN & RDN parameters for migrate command
Martin Kosek
mkosek at redhat.com
Thu Apr 12 08:17:50 UTC 2012
On Wed, 2012-04-11 at 22:05 -0400, John Dennis wrote:
> Revised patch attached. We'll leave the DN parameter changes till later.
> This is essentially the same as the original patch with the addition of
> the fixes necessary to support passing an empty container arg, an issue
> Martin discovered in his review. FWIW the answer was not to make the
> param required (actually it would have been adding the flag 'nonempty')
> because you should be able to say you don't want to introduce a
> container into the search bases (see commit comment)
>
I don't agree with the removal of default values for the containers and
allowing an empty value for them. Please, see my reasoning:
1) I don't think its unlikely to have ou=People and ou=groups as
containers for users/groups as they are default containers in fresh LDAP
installs. I think most of the small LDAP deployments will use these
values.
2) I am also not sure if somebody would want to pass empty user and
group container. Users and groups won't be shared in the same container
and since we search with _ldap.SCOPE_ONELEVEL the migration would not
find users or groups in containers nested under the search base anyway.
Martin
More information about the Freeipa-devel
mailing list