On 26.7.2013 11:29, Tomas Babej wrote:
After some investigation I decided the correct approach here is to
scream at the debug level only, when referral is being ignored.
We cannot guide ourselves by the ldap.OPT_REFFERALS option of the underlying
connection simply because even if referral chasing is turned on (and therefore
we should not get any referrals from python-ldap, since they should have been
resolved), queries for AD can return referrals (AD returns them often as a way
to
provide additional information AFAIU). This can also happen if we are not able
to authenticate to the referred server, or resolve the LDAP uri.
In case ignoring referrals ever breaks something, we can find the information
in the log at the debug level. Doing otherwise would be unnecessarily spamming
the log now.
Updated patch attached.
Nitpick: I would prefer a shorter message without unnecessary
implementation details - something like "Ignoring referral entry {ref}".
Also use str(original_attrs) as ref.
Honza
--
Jan Cholasta
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
