[Freeipa-devel] [PATCH 0081] Skip referrals when converting LDAP result to LDAPEntry
Alexander Bokovoy
abokovoy at redhat.com
Thu Jul 25 07:03:55 UTC 2013
On Thu, 25 Jul 2013, Petr Spacek wrote:
>On 24.7.2013 22:18, Tomas Babej wrote:
>>Hi,
>>
>>When converting the result obtained by python-ldap library,
>>we need to skip unresolved referral entries, since they cannot
>>be converted.
>>
>>https://fedorahosted.org/freeipa/ticket/3814
>
>I'm not sure if a simple 'skip it' approach is the right one.
>Shouldn't it print/log a warning at least? Do you know all
>implications? Are you sure that this will not break something else
>silently?
>
>(BTW isn't the right approach to fix python-ldap? Or is it a quirk in AD?)
AD DC often answers with proper result and then several referrals to
other internal resources to complement the search if you are asking for
wide-open search (default). We are not interested in these referrals for
various reasons, including the fact that we are looking at the
authoritative DC and it has all the needed info.
At best, we could define an option that forces us doing referral chasing
to fetch remaining results but this is not something really needed right
now.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list