[Freeipa-devel] [PATCHES] 0191-0195 Use ipaldap in the client installer & password migration

Petr Viktorin pviktori at redhat.com
Fri Mar 8 13:14:02 UTC 2013 

On 03/07/2013 05:42 PM, Jan Cholasta wrote:
> On 6.3.2013 16:29, Petr Viktorin wrote:
>> Hello,
>> These patches move ipaldap to ipapython, and make the client installer
>> use it. Also password migration web-app is made to use ipaldap; they
>> both called a shared a utility function that is converted to use ipaldap.
>>
>> This should fix https://fedorahosted.org/freeipa/ticket/3446
>> (freeipa-client-install KeyError in 'namingcontexts') and similar errors.
>>
>> https://fedorahosted.org/freeipa/ticket/3487
>>
>
> Patch 191:
>
> The patch is missing the ipapython/ipaldap.py file.
>
> I think it should go into ipalib instead of ipapython. <rant> It doesn't
> make sense to keep ipapython and ipalib separate if they depend on each
> other. We should either merge them or clean up the mess by removing
> ipalib imports from ipapython. I'm not saying we should do it now, just
> please don't add new modules to ipapython which import from ipalib. </rant>

This is a bigger problem.
Conceptually ipaldap should be in ipapython, it just needs the 
problematic errors and text modules. I think we should move those rather 
than ipaldap.

> Also I am not very fond of the "ipa" prefix in "ipaldap". The module
> lives in the namespace of our own package, so there's no need for it to
> have such a prefix, is there?

It's nice to have a unique name for talking about it.
Since "ldap" is already a package we use, having another "ldap" would be 
confusing, even if it is properly namespaced.

> Patch 193:
>
> +            scope=conn.SCOPE_BASE,
> +            filter='objectclass=pkiCA',
> +            attrs_list=[ca_cert_attr],
>
> Can we use a proper filter here please?
>
> +    :param conn: Bound LDAPConnection that will be used for searching

Fixed, thanks

> LDAPClient
>
> Patch 194:
>
> -                ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, True)
>
> and
>
> -                lh.set_option(ldap.OPT_X_TLS_DEMAND, True)
>
> Is removing these options safe?

I re-added them.

I also removed the forgotten debugging `raise`s Martin found.

Adding patch 0196, which disables downloading the schema for discovery.

Updated patches attached. They now depend on Honza's patches 116-119

-- 
Petr³

-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0191.2-Move-ipaldap-to-ipapython.patch
Type: text/x-patch
Size: 71924 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130308/cd3e98da/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0192.2-Remove-ipaserver-ipaldap.py.patch
Type: text/x-patch
Size: 12182 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130308/cd3e98da/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0193.2-Use-IPAdmin-rather-than-raw-python-ldap-in-ipa-clien.patch
Type: text/x-patch
Size: 6690 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130308/cd3e98da/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0194.2-Use-IPAdmin-rather-than-raw-python-ldap-in-migration.patch
Type: text/x-patch
Size: 18320 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130308/cd3e98da/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0195.2-Remove-unneeded-python-ldap-imports.patch
Type: text/x-patch
Size: 11302 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130308/cd3e98da/attachment-0004.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0196.2-Don-t-download-the-schema-in-ipadiscovery.patch
Type: text/x-patch
Size: 1257 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130308/cd3e98da/attachment-0005.bin>

More information about the Freeipa-devel mailing list