[Freeipa-devel] get_entry_by_dn() in client requires prior search

[John Dennis]

get_entry_by_dn() cannot be called from the client side unless you've 
previously done a search that returns an Entity with the dn in it.

But why have to do a search first if you already know or can compute the 
dn, why not just call get_entry_by_dn()?

The reason you can't call get_entry_by_dn() from a client is you don't 
know the suffix.

How about if IPAServer.get_entry_by_dn() checked for the suffix in the 
dn, if it were missing it would added it for you. Anybody see a problem 
with that?

This would also reduce the need to write a lot of get_entry_by_XXX() 
functions because in many cases the caller of that search knows a prioi 
what the dn would be, just not the suffix.

BTW, we could add an rpc function to return the suffix in order to build 
the dn, but that would introduce an unnecessary round trip and negating 
the advantage.
-- 
John Dennis <jdennis at redhat.com>