On 07/26/2013 12:23 PM, Tomas Babej wrote:
> On Friday 26 of July 2013 12:16:42 Jan Cholasta wrote:
>> On 26.7.2013 11:29, Tomas Babej wrote:
>>> After some investigation I decided the correct approach here is to
>>> scream at the debug level only, when referral is being ignored.
>>>
>>> We cannot guide ourselves by the ldap.OPT_REFFERALS option of the underlying
>>> connection simply because even if referral chasing is turned on (and
>>> therefore
>>> we should not get any referrals from python-ldap, since they should have
>>> been
>>> resolved), queries for AD can return referrals (AD returns them often as a
>>> way to
>>> provide additional information AFAIU). This can also happen if we are not
>>> able
>>> to authenticate to the referred server, or resolve the LDAP uri.
>>>
>>> In case ignoring referrals ever breaks something, we can find the
>>> information
>>> in the log at the debug level. Doing otherwise would be unnecessarily
>>> spamming
>>> the log now.
>>>
>>> Updated patch attached.
>>
>> Nitpick: I would prefer a shorter message without unnecessary
>> implementation details - something like "Ignoring referral entry {ref}".
>> Also use str(original_attrs) as ref.
>>
>> Honza
>>
>> --
>> Jan Cholasta
>
> Agreed, fixed.
>
> Tomas
>
Looks OK. Another nitpick: why do you use formatting with .format()? It makes
the formatting inconsistent with rest of the code base.
I would prefer:
+ log_msg = 'Referral entry ignored: %s' % str(original_attrs)
Martin
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
