[Freeipa-devel] [PATCH 0143-0144] different errors/warnings for different LDAP limit type exceeded
Martin Babinsky
mbabinsk at redhat.com
Tue Mar 22 15:11:06 UTC 2016
On 03/21/2016 12:25 PM, Jan Cholasta wrote:
> On 21.3.2016 10:17, Petr Spacek wrote:
>> On 18.3.2016 13:49, Rob Crittenden wrote:
>>> Martin Babinsky wrote:
>>>> These patches implement behavior agreed upon during discussion of
>>>> https://fedorahosted.org/freeipa/ticket/5677
>>>>
>>>> However I'm not sure if we want to push them into 4-3 branch (the
>>>> ticket
>>>> is triaged into 4.3.2 milestone) since they modify the framework
>>>> behavior quite a bit.
>>>>
>>>> If there is no need to have it there (CC'ing Milan since he is the
>>>> reporter), I would retriage it into 4.4 milestone.
>>>
>>>
>>> + desc="while getting entries (search base: '{}',"
>>> + "filter: {})".format(base_dn, filter))
>>>
>>> This is going to expose parts of the DIT in an error message to
>>> users. We have
>>> tried in the past to hide the implementation. I'd propose logging the
>>> error
>>> and making the exception less verbose.
>
> I agree with Rob here, we shouldn't expose internal stuff in error
> messages for users.
>
> In this particular case, even if we included internal stuff in the error
> message, it should be the error message returned by the server rather
> than this ad-hoc message.
>
>>
>> IMHO it actually helps to print the DN. At very least the user can see
>> if the
>> error is happening always with the same DN or if it keeps changing.
>>
>> In other words, for user it is not that important to understand
>> meaning of the
>> DN but it might be important to see if it is the same or not.
>
> I can't imagine a situation where it would actually be useful for the
> user (as opposed to the admin, who has access to logs) to know the base
> DN of some arbitrary LDAP search operation. Could you give an example?
>
Right, attaching updated patches.
--
Martin^3 Babinsky
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbabinsk-0143.1-differentiate-between-limit-types-when-LDAP-search-e.patch
Type: text/x-patch
Size: 12808 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160322/2c88f866/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbabinsk-0144.1-specify-type-of-exceeded-limit-when-warning-about-tr.patch
Type: text/x-patch
Size: 4901 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160322/2c88f866/attachment-0001.bin>
More information about the Freeipa-devel
mailing list