On 6.3.2013 16:29, Petr Viktorin wrote:
Hello,
These patches move ipaldap to ipapython, and make the client installer
use it. Also password migration web-app is made to use ipaldap; they
both called a shared a utility function that is converted to use ipaldap.
This should fix https://fedorahosted.org/freeipa/ticket/3446
(freeipa-client-install KeyError in 'namingcontexts') and similar errors.
https://fedorahosted.org/freeipa/ticket/3487
Patch 191:
The patch is missing the ipapython/ipaldap.py file.
I think it should go into ipalib instead of ipapython. <rant> It doesn't
make sense to keep ipapython and ipalib separate if they depend on each
other. We should either merge them or clean up the mess by removing
ipalib imports from ipapython. I'm not saying we should do it now, just
please don't add new modules to ipapython which import from ipalib. </rant>
Also I am not very fond of the "ipa" prefix in "ipaldap". The module
lives in the namespace of our own package, so there's no need for it to
have such a prefix, is there?
Patch 193:
+ scope=conn.SCOPE_BASE,
+ filter='objectclass=pkiCA',
+ attrs_list=[ca_cert_attr],
Can we use a proper filter here please?
+ :param conn: Bound LDAPConnection that will be used for searching
LDAPClient
Patch 194:
- ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, True)
and
- lh.set_option(ldap.OPT_X_TLS_DEMAND, True)
Is removing these options safe?
Honza
--
Jan Cholasta
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel