[Freeipa-devel] containers
John Dennis
jdennis at redhat.com
Fri Nov 16 15:55:38 UTC 2007
From reading the code in funcs.py I think we might have
collision/ambiguity problem. The code seems a bit schizophrenic about
specifying the container in which to search. In many instances a search
will just start at the suffix and makes the assumption the attribute it
is searching for is unique, that is probably not a good assumption if
you have more than one container in the tree.
The add_{user,group}() methods take an optional container parameter but
the __is_{user,group}_unique() methods ignore it and just search from
the root. The same holds true for the get_XXX_by_XXX() methods.
If there is more than one container in the tree we'll end up with
inconsistent results. Will we ever have more than one container for
things? Yes. For instance radius wants to have containers under
services. I'm afraid some of the root based searches could end up
finding things there instead. Whether or not this is true for specific
pieces of radius data (I have not verified this due to bad searches) it
just seems like a lurking problem and potential source of bugs,
especially as more and more data gets added to the tree and hung off of
different container nodes.
Shouldn't the functions performing searches always specify the container
they are searching under?
--
John Dennis <jdennis at redhat.com>
More information about the Freeipa-devel
mailing list