[Freeipa-devel] [PATCH] Add group plugin port to new LDAP backend.
Simo Sorce
ssorce at redhat.com
Fri May 15 14:12:59 UTC 2009
On Fri, 2009-05-15 at 09:40 -0400, Rob Crittenden wrote:
> > In this context, we need only the 'objectClass' attribute that
> > group_show doesn't return normally unless we pass it the '--all'
> option
> > and then we get a lot of attributes we don't need as side effect.
>
> The biggest downside is that you'd get the members which really could
> be
> quite large. I think a better solution is to be able to pass into
> group-show (and really any/all of the plugins) the attributes you
> want
> to see, with a reasonable default and the --all options available too.
This actually crucial, we have requests to store the user picture in a
user attribute. The picture can even be megabytes, you really do *not*
want to downloads megabytes per entry unless you really really want the
picture.
It is bad practice in LDAP queries not to request the specific
attributes you are interested in.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list