[Freeipa-devel] [PATCH 0081] Skip referrals when converting LDAP result to LDAPEntry
Jan Cholasta
jcholast at redhat.com
Fri Jul 26 10:16:42 UTC 2013
On 26.7.2013 11:29, Tomas Babej wrote:
> After some investigation I decided the correct approach here is to
> scream at the debug level only, when referral is being ignored.
>
> We cannot guide ourselves by the ldap.OPT_REFFERALS option of the underlying
> connection simply because even if referral chasing is turned on (and therefore
> we should not get any referrals from python-ldap, since they should have been
> resolved), queries for AD can return referrals (AD returns them often as a way to
> provide additional information AFAIU). This can also happen if we are not able
> to authenticate to the referred server, or resolve the LDAP uri.
>
> In case ignoring referrals ever breaks something, we can find the information
> in the log at the debug level. Doing otherwise would be unnecessarily spamming
> the log now.
>
> Updated patch attached.
Nitpick: I would prefer a shorter message without unnecessary
implementation details - something like "Ignoring referral entry {ref}".
Also use str(original_attrs) as ref.
Honza
--
Jan Cholasta
More information about the Freeipa-devel
mailing list