[Freeipa-devel] Use ldap2 instead of legacy LDAP code from v1 in installer scripts.
Rob Crittenden
rcritten at redhat.com
Tue Mar 16 20:04:22 UTC 2010
Pavel Zuna wrote:
> This is the first in a series of patches, that replace all the legacy
> code from v1 related to LDAP. I did some limited testing of the
> installer after this patch and nothing seems to break, but I didn't do
> replicas etc...
>
> Pavel
A couple of comments:
- We return ACIError when a bind fails? Seems like we should throw some
other exception in this case.
- In ipa-fix-CVE-2008-3274 (which as an aside I'm not sure we need to
carry to IPAv2) you may need to change the reference to
ipapython.config.config.default_server[0]. I'm not sure this is going to
do the right thin.
- Is the mod from ipa-fix-CVE-2008-3274 going to do a delete/add or a
replace? I think it needs to be a replace so this attribute may need to
be added to the replace exception list. I think it might be covered
because we are doing just one operation on it.
- In ipa-server-install you added an import for ipalib.util but it
doesn't seem to be used anywhere.
None of these are show stoppers. I'll continue looking at the patch,
this one is going to take a while to test out.
rob
More information about the Freeipa-devel
mailing list