Pavel Zůna wrote:
LDAPSearch base class has now the ability to generate additional
options for objects with member attributes. These options are
used to filter search results - search only for objects without
the specified members.
Any class that extends LDAPSearch can benefit from this functionality.
This patch enables it for the following objects:
group, netgroup, rolegroup, hostgroup, taskgroup
ipa group-find --no-users=admin
Only direct members are taken into account, but if we need indirect
members as well - it's not a problem.
This works as advertised but I wonder what would happen if a huge list
of members was passed in to ignore. Is there a limit on the search
filter size (remember that the member will be translated into a full dn
so will quickly grow in size).
Should we impose a cofigurable limit on the # of members to be excluded?
Is there a max search filter size and should we check that we haven't
exceeded that before doing a search?
Freeipa-devel mailing list