Pavel Zuna wrote:
This is the first in a series of patches, that replace all the legacy
code from v1 related to LDAP. I did some limited testing of the
installer after this patch and nothing seems to break, but I didn't do
A couple of comments:
- We return ACIError when a bind fails? Seems like we should throw some
other exception in this case.
- In ipa-fix-CVE-2008-3274 (which as an aside I'm not sure we need to
carry to IPAv2) you may need to change the reference to
ipapython.config.config.default_server. I'm not sure this is going to
do the right thin.
- Is the mod from ipa-fix-CVE-2008-3274 going to do a delete/add or a
replace? I think it needs to be a replace so this attribute may need to
be added to the replace exception list. I think it might be covered
because we are doing just one operation on it.
- In ipa-server-install you added an import for ipalib.util but it
doesn't seem to be used anywhere.
None of these are show stoppers. I'll continue looking at the patch,
this one is going to take a while to test out.
Freeipa-devel mailing list