[Freeipa-devel] [PATCH 72] Validate DN & RDN parameters for migrate command

[Martin Kosek]

On Wed, 2012-04-11 at 22:05 -0400, John Dennis wrote:
> Revised patch attached. We'll leave the DN parameter changes till later. 
> This is essentially the same as the original patch with the addition of 
> the fixes necessary to support passing an empty container arg, an issue 
> Martin discovered in his review. FWIW the answer was not to make the 
> param required (actually it would have been adding the flag 'nonempty') 
> because you should be able to say you don't want to introduce a 
> container into the search bases (see commit comment)
> 

I don't agree with the removal of default values for the containers and
allowing an empty value for them. Please, see my reasoning:

1) I don't think its unlikely to have ou=People and ou=groups as
containers for users/groups as they are default containers in fresh LDAP
installs. I think most of the small LDAP deployments will use these
values.

2) I am also not sure if somebody would want to pass empty user and
group container. Users and groups won't be shared in the same container
and since we search with _ldap.SCOPE_ONELEVEL the migration would not
find users or groups in containers nested under the search base anyway.

Martin