[Freeipa-devel] DN patch and documentation

Rob Crittenden rcritten at redhat.com
Thu Aug 9 18:08:51 UTC 2012 

Martin Kosek wrote:
> On 08/08/2012 11:02 PM, John Dennis wrote:
>> All the issues Martin discovered (except for the ip-address parameter) are now
>> fixed and pushed to the dn repo. Also now the dn repo is fully rebased against
>> master (except for one commit for ticket 2954 which I had to revert, see ticket
>> for details).
>>
>> Thank you for the continued testing.
>>
>> FYI: to use the dn repo:
>>
>> git clone git://fedorapeople.org/~jdennis/freeipa.dn.git
>> git checkout dn
>>
>
> Good. I see that all issues except the ipa-replica-prepare are now fixed. I
> verified that this is indeed an issue caused by the DN refactoring, I am
> attaching a patch fixing the issue. With this patch, ipa-replica-prepare issue
> disappears.
>
> Petr Vobornik also noticed an issue with trust-show command. I am attaching a
> patch with fix as well. We push the patches when we are pushing your work.
>
> I have not found any more show-stopping issues, so I will just continue my
> testing, and also give space to other testers in case they discover something else.
>
> Martin

I've been going through the diffs and have some questions in ldap2.py, 
these are primarily pedantic:

What is the significance of L here:

'2.16.840.1.113730.3.8.L.8'      : DN,  # ipaTemplateRef

There are quite a few assert isinstance(dn, DN). I assume this is mainly 
meant for developers, we aren't expecting to handle that gracefully at 
runtime?

It seems to me that allowing a DN passed in as a string would be nice in 
some cases. Calling bind, for example, looks very awkward and isn't as 
readable as cn=directory manager, IMHO. What is the downside of having a 
converter for these?

search_ext() has an extra embedded line which makes the function a bit 
confusing to read.

Do we need to keep _debug_log_ldap?

In search_ext_s() (and a few others) should we just return 
self.convert_result() directly?

In ldap2::__init__ what would raise an AttributeError and would we want 
to hide that fact with an empty base_dn? Is this attempting to allow the 
use of ldap2.ldap2 in cases where the api is not initialized?

In ipaserver/ipaldap.py there is a continuance of the assertions, some 
of which don't seem to be needed. For example, in toDict() it shouldn't 
be possible to create an Entry object without having self.dn be a DN 
object, so is this assertion necessary?

rob

More information about the Freeipa-devel mailing list