On 06/19/2014 01:39 PM, Petr Viktorin wrote:
> See commit message.
> 
> This was found in the review of host write permissions (my patches 0578-0579).

Wouldn't it be better to filter based on objectclass? I.e.:

(targetfilter="(!(objectclass=ipaConfigObject))"

instead of DN based target filter? It seems to me that it is more resilient to
changes in LDAP structure, in case we change RDN or make one more level like
(just example):

cn=DNSSEC,cn=DNS,cn=ipa.master.test,...

Martin

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to