[Freeipa-devel] [PATCH 133] ipa-range-check: do not treat missing objects as error
thierry bordaz
tbordaz at redhat.com
Wed Feb 25 15:16:41 UTC 2015
On 02/25/2015 02:43 PM, Martin Kosek wrote:
> On 02/24/2015 06:47 PM, Sumit Bose wrote:
>> Hi,
>>
>> this patch changes a return code and should fix
>> https://fedorahosted.org/freeipa/ticket/4924 .
>>
>> bye,
>> Sumit
> I have a related question. Do I read the plugin right, that whenever any object
> is changed, this plugins loads the whole entry and tests some of it's attribute
> to see if it is ID views and then does the actual check.
>
> Is this good approach performance wise? Wouldn't it be better to decide even
> before that, based on DN and whether it is in the ID View Sub-Tree? CCing Thierry.
>
> Martin
Hello,
My understanding of this preop plugins is that it checks the defined
range (RangeID, RangeSize, RangeRid...) of a new/modified
'ipaBaseID' entry.
It checks the range by comparing the new range against all ranges
defined in objectclass=ipaIDRange entries.
As far as I understand that plugin, I tend to agree with your point
Martin.
The DN of the new entry/modified entry is not taken into
consideration. Only the fact that it contains ipaBaseID attribute.
If we know that we can ignore ADD/MOD under ID View Sub-tree, then
it could be tested early in the plugin and would accelerate the plugin.
That would require a plugin config attibute to specify which
subtrees should be ignore.
thanks
thierry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150225/78019b03/attachment.htm>
More information about the Freeipa-devel
mailing list