[Freeipa-devel] [freeipa PR#359][comment] dogtag: search past the first 100 certificates
stlaz
freeipa-github-notification at redhat.com
Wed Jan 4 09:27:29 UTC 2017
URL: https://github.com/freeipa/freeipa/pull/359
Title: #359: dogtag: search past the first 100 certificates
stlaz commented:
"""
@frasertweedale if `_ldap_search` is performed with correct filters, `sizelimit=0` is not the correct solution at least for CLI which should either follow the `sizelimit` argument if set or the records size limit in ipa config. It is only correct for WebUI which I believe should be setting `sizelimit=0` and if it's not, I'd be looking for the bug there.
I tried to briefly go through the cert plugin code but it's a bit messy so my only hope is that the correct filter is indeed used there. On the way through it, though, I found something that seems like another size limit bug: https://github.com/freeipa/freeipa/blob/master/ipaserver/plugins/cert.py#L1306 -> which will not set our "unlimited" if `sizelimit` is set to 0. Also from there, if `sizelimit` is not set, we should go with ipa config sizelimit rather than having the magic do its trick somewhere else, right? Then the proposed value in options.get() could go away (be set in the cert.py module instead).
"""
See the full comment at https://github.com/freeipa/freeipa/pull/359#issuecomment-270328738
More information about the Freeipa-devel
mailing list