On Thu, 2012-04-05 at 21:26 -0400, John Dennis wrote: > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel
1) We still crash when the parameter is empty. We may want to make it required (the same fix Rob did for cert rejection reason): # echo "secret123" | ipa migrate-ds ldap://vm-054.idm.lab.bos.redhat.com --with-compat --base-dn="dc=greyoak,dc=com" --user-container= ipa: ERROR: cannot connect to u'http://vm-022.idm.lab.bos.redhat.com/ipa/xml': Internal Server Error 2) Do you think it would make sense to create a special Param for DN? Its quite general type and I bet there are other Params that could use DN instead of Str. It could look like that: DN('binddn?', cli_name='bind_dn', label=_('Bind DN'), default=u'cn=directory manager', autofill=True, ), DN('usercontainer?', rdn=True, <<<< can be RDN, not DN cli_name='user_container', label=_('User container'), doc=_('RDN of container for users in DS relative to base DN'), default=u'ou=people', autofill=True, ), Then, we wouldn't need to import special validators from ipalib.util whenever DN parameter is used. 3) We should not restrict users from passing a user/group container with more than one RDN: # echo "secret123" | ipa migrate-ds ldap://vm-054.idm.lab.bos.redhat.com --with-compat --base-dn="dc=greyoak,dc=com" --user-container ou=Admins,ou=People ipa: ERROR: invalid 'user_container': multiple RDN's specified by "ou=Admins,ou=People" Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel