Petr Viktorin wrote:
> On 06/19/2014 02:19 PM, Martin Kosek wrote:
>> On 06/19/2014 01:39 PM, Petr Viktorin wrote:
>>> See commit message.
>>> This was found in the review of host write permissions (my patches
>> Wouldn't it be better to filter based on objectclass? I.e.:
>> instead of DN based target filter? It seems to me that it is more
>> resilient to
>> changes in LDAP structure, in case we change RDN or make one more
>> level like
>> (just example):
> Sure, fixed patch attached.
Are you sure you need read access and not just search/compare? The
purpose is to see "is that thing there" and not "what is in that thing"
right? Sure someone could fish for masters if they really wanted to.
Freeipa-devel mailing list