[Freeipa-devel] [PATCHES] 0191-0195 Use ipaldap in the client installer & password migration
Jan Cholasta
jcholast at redhat.com
Thu Mar 7 16:42:22 UTC 2013
On 6.3.2013 16:29, Petr Viktorin wrote:
> Hello,
> These patches move ipaldap to ipapython, and make the client installer
> use it. Also password migration web-app is made to use ipaldap; they
> both called a shared a utility function that is converted to use ipaldap.
>
> This should fix https://fedorahosted.org/freeipa/ticket/3446
> (freeipa-client-install KeyError in 'namingcontexts') and similar errors.
>
> https://fedorahosted.org/freeipa/ticket/3487
>
Patch 191:
The patch is missing the ipapython/ipaldap.py file.
I think it should go into ipalib instead of ipapython. <rant> It doesn't
make sense to keep ipapython and ipalib separate if they depend on each
other. We should either merge them or clean up the mess by removing
ipalib imports from ipapython. I'm not saying we should do it now, just
please don't add new modules to ipapython which import from ipalib. </rant>
Also I am not very fond of the "ipa" prefix in "ipaldap". The module
lives in the namespace of our own package, so there's no need for it to
have such a prefix, is there?
Patch 193:
+ scope=conn.SCOPE_BASE,
+ filter='objectclass=pkiCA',
+ attrs_list=[ca_cert_attr],
Can we use a proper filter here please?
+ :param conn: Bound LDAPConnection that will be used for searching
LDAPClient
Patch 194:
- ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, True)
and
- lh.set_option(ldap.OPT_X_TLS_DEMAND, True)
Is removing these options safe?
Honza
--
Jan Cholasta
More information about the Freeipa-devel
mailing list