On 01/14/2014 11:31 AM, Jan Cholasta wrote:
On 10.1.2014 16:02, Petr Viktorin wrote:
On 01/07/2014 01:54 PM, Jan Cholasta wrote:
On 16.12.2013 14:45, Petr Viktorin wrote:
On 12/16/2013 10:22 AM, Jan Cholasta wrote:
On 13.12.2013 15:16, Petr Viktorin wrote:
On 12/10/2013 04:05 PM, Jan Cholasta wrote:
Hi,

I believe the time has come to drop support for the legacy (dn,
entry_attrs) tuple API and move to the new LDAPEntry API
exclusively.
The attached patches convert existing code which uses the old API to
the
new API and remove backward compatibility code from the ipaldap
module.

Note that there are still some functions/methods which accept
separate
dn and entry_attrs arguments, they will be adapted to LDAPEntry
later.

Honza

The first N-1 patches can be tested,acked,pushed independently,
right?

Yes.

If that's the case, ACK for 225

Pushed that one to master, 5 more to go.
bc3f3381c6bf0b4941889b775025a60f56318551


226 needs a rebase.

227: in install/tools/ipa-adtrust-install:

+        entry_attrs = conn.make_entry(
+            dn,
+            objectclass=['top', 'pkiuser', 'nscontainer'],
+            usercertificate=cert)
+        conn.add_entry(entry_attrs)

Shouldn't it be `usercertificate=[cert]` now?  Similarly in ra_cert, and
in ipa-server-install with ipacertificatesubjectbase

Otherwise this looks good.

228: in ipaserver/install/plugins/update_idranges.py, again we should
use lists

Otherwise it looks good

229: ACK


Rebased and fixed everything, updated patches attached.

Here, patch 226 breaks tests for selinuxusermap_enable/disable, at least. The EmptyModlist and AlreadyActive/AlreadyInactive error is no longer raised, since the previous entry state is no longer retrieved.

--
PetrĀ³

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to