[Freeipa-devel] [PATCH 72] Validate DN & RDN parameters for migrate command
Martin Kosek
mkosek at redhat.com
Fri Apr 6 08:40:42 UTC 2012
On Thu, 2012-04-05 at 21:26 -0400, John Dennis wrote:
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
1) We still crash when the parameter is empty. We may want to make it
required (the same fix Rob did for cert rejection reason):
# echo "secret123" | ipa migrate-ds ldap://vm-054.idm.lab.bos.redhat.com
--with-compat --base-dn="dc=greyoak,dc=com" --user-container=
ipa: ERROR: cannot connect to
u'http://vm-022.idm.lab.bos.redhat.com/ipa/xml': Internal Server Error
2) Do you think it would make sense to create a special Param for DN?
Its quite general type and I bet there are other Params that could use
DN instead of Str. It could look like that:
DN('binddn?',
cli_name='bind_dn',
label=_('Bind DN'),
default=u'cn=directory manager',
autofill=True,
),
DN('usercontainer?',
rdn=True, <<<< can be RDN, not DN
cli_name='user_container',
label=_('User container'),
doc=_('RDN of container for users in DS relative to base
DN'),
default=u'ou=people',
autofill=True,
),
Then, we wouldn't need to import special validators from ipalib.util
whenever DN parameter is used.
3) We should not restrict users from passing a user/group container with
more than one RDN:
# echo "secret123" | ipa migrate-ds ldap://vm-054.idm.lab.bos.redhat.com
--with-compat --base-dn="dc=greyoak,dc=com" --user-container
ou=Admins,ou=People
ipa: ERROR: invalid 'user_container': multiple RDN's specified by
"ou=Admins,ou=People"
Martin
More information about the Freeipa-devel
mailing list