Pavel Zuna wrote:
This is the first in a series of patches, that replace all the legacy code from v1 related to LDAP. I did some limited testing of the installer after this patch and nothing seems to break, but I didn't do replicas etc...


A couple of comments:

- We return ACIError when a bind fails? Seems like we should throw some other exception in this case.

- In ipa-fix-CVE-2008-3274 (which as an aside I'm not sure we need to carry to IPAv2) you may need to change the reference to ipapython.config.config.default_server[0]. I'm not sure this is going to do the right thin.

- Is the mod from ipa-fix-CVE-2008-3274 going to do a delete/add or a replace? I think it needs to be a replace so this attribute may need to be added to the replace exception list. I think it might be covered because we are doing just one operation on it.

- In ipa-server-install you added an import for ipalib.util but it doesn't seem to be used anywhere.

None of these are show stoppers. I'll continue looking at the patch, this one is going to take a while to test out.


Freeipa-devel mailing list

Reply via email to