[Freeipa-devel] RFC wrt little snag in LDAPCreate when ipa_uuid manipulates the DN on entry add

Simo Sorce ssorce at redhat.com
Wed Oct 27 21:28:55 UTC 2010


On Wed, 27 Oct 2010 14:52:17 -0600
Rich Megginson <rmeggins at redhat.com> wrote:

> Rob Crittenden wrote:
> > Simo Sorce wrote:
> >> On Wed, 27 Oct 2010 09:35:17 -0400
> >> Adam Young<ayoung at redhat.com>  wrote:
> >>
> >>> I'm not up to speed on this code. Why do a find right  after
> >>> create?
> >>
> >> I guess to pick up all attributes added automatically by DS, not
> >> sure why it just is.
> >>
> >> Simo.
> >>
> >
> > Yes, that's exactly it. We have other autogenerated values (uid,
> > gid) so we fetch the entry to be sure we are representing things as
> > they are.
> One enhancement we have discussed adding to 389 is a control sent
> with update operations - the control response would contain  the
> values of generated attributes, to remove the need to immediately
> perform a search to get attributes such as uniqueid, uid, gid,
> createTimestamp, etc.  Is this something IPA would be interested in?
> There has already been some discussion (a long time ago) on the 389
> lists.  afaik there is no LDAP proposed standard feature for this.

Looks like an interesting thing. It would also help esp. in the case we
change the DN under users noses. But the patch Pavel sent seem to deal
well with the current contingency. Still I would mark it as a nice to
have.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York




More information about the Freeipa-devel mailing list