On 03/13/2014 01:01 PM, Alexander Bokovoy wrote: > On Thu, 13 Mar 2014, Martin Kosek wrote: >> On 03/13/2014 12:45 PM, Tomas Babej wrote: >>> Hi, >>> >>> Changes the code in the idrange_del method to not only check for >>> the root domains that match the SID in the IDRange, but for the >>> SIDs of subdomains of trusts as well. >>> >>> https://fedorahosted.org/freeipa/ticket/4247 >> >> This is a very complicated validation procedure IMO. Lot of subcommands, lot >> of >> LDAP searches. >> >> Why can't we do just one LDAP search with >> - base api.env.container_trusts >> - scope SUB >> - filter (&(objectclass=ipaNTTrustedDomain)(ipanttrusteddomainsid=range_sid)) >> >> When errors.NotFound is raised, we are OK. When it is not raised, we have a >> problem. >> >> Wouldn't it be simpler? > > No. Please do not do optimization here. It is a code that is called very > rarely and expressiveness is more important here than optimizing access > to couple of entries in LDAP. >
I am not optimizing - I am actually making the validation much simpler. What is more simple and straightforward? A) One ldap.find_entries call B) A loop, numerous subcommands and LDAP searches Martin _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
