[Freeipa-devel] [PATCH 0286] baseldap: Handle missing parent objects properly in *-find
Martin Kosek
mkosek at redhat.com
Wed Nov 19 11:24:41 UTC 2014
On 11/19/2014 12:03 PM, Tomas Babej wrote:
> Hi,
>
> When constructing a parent DN in LDAPSearch, we should always
> check that the parent object exists (hence use get_dn_if_exists),
> rather than search on unexistant containers (which can happen
> with get_dn).
>
> Replaces get_dn calls with get_dn_if_exists in *-find commands
> and makes sure proper error message is raised.
>
> https://fedorahosted.org/freeipa/ticket/4659
Doesn't it produce extra LDAP search thus making all our search commands
slower? Is that what we want? Wouldn't it be better to distinguish between LDAP
search with no results and LDAP search with missing parent DN? The reply looks
different, at least in CLI:
# search result
search: 4
result: 0 Success
# search result
search: 4
result: 32 No such object
matchedDN: cn=accounts,dc=mkosek-f20,dc=test
Also, I do not think you can just stop using get_dn(), some commands override
this call to get more complex searches (like host-find searching for shortname).
More information about the Freeipa-devel
mailing list