On 6.8.2015 21:43, Gabe Alford wrote:
Hello,

Updated patch attached.

- Time limit is -1 for unlimited. I found this
https://www.redhat.com/archives/freeipa-devel/2011-January/msg00330.html
in reference to keeping the time limit as -1 for unlimited.

This patch does two conflicting things: it coerces time limit of 0 to -1 and at the same time prohibits the user to use 0 for time limit. We should do just one of these and IMHO it should be the coercion of 0 to -1.

Sure enough, testing time limit at 0 did not work for unlimited as well
as appeared to have negative effects on IPA.

This is because the time limit read from ipa config is not converted to int in ldap2.find_entries(), so the coercion does not work. Fix this and 0 will work just fine.

Also, I believe that
http://www.python-ldap.org/doc/html/ldap.html#ldap.LDAPObject.search_ext_s
specifies unlimited for time limit as -1. (Please correct me if I am wrong.)

python-ldap is layers below our API and should not determine what we use for unlimited time limit. I would prefer if we were self-consistent and use 0 for both time limit and size limit.


- Size limit is 0 for unlimited per Jan's comment including a conversion
from -1 to 0 if -1 is entered for unlimited size limit.

           Actually, 0 means unlimited for size limit, see
           
<http://www.python-ldap.org/doc/html/ldap.html#ldap.LDAPObject.search_ext_s>

Thanks,

Gabe

On Tue, Aug 4, 2015 at 3:28 AM, Jan Cholasta <jchol...@redhat.com
<mailto:jchol...@redhat.com>> wrote:

    Dne 31.7.2015 v 17:08 Gabe Alford napsal(a):

        Updated patch attached.

        Thanks,

        Gabe

        On Thu, Jul 30, 2015 at 7:15 AM, Gabe Alford
        <redhatri...@gmail.com <mailto:redhatri...@gmail.com>
        <mailto:redhatri...@gmail.com <mailto:redhatri...@gmail.com>>>
        wrote:

             On Thu, Jul 30, 2015 at 1:32 AM, Jan Cholasta
        <jchol...@redhat.com <mailto:jchol...@redhat.com>
             <mailto:jchol...@redhat.com <mailto:jchol...@redhat.com>>>
        wrote:

                 Dne 30.7.2015 v 09:23 Jan Cholasta napsal(a):

                     Hi,

                     Dne 29.7.2015 v 17:23 Gabe Alford napsal(a):

                         Hello,

                         Fix for
        https://fedorahosted.org/freeipa/ticket/4023


                     Actually, 0 means unlimited for size limit, see

        
<http://www.python-ldap.org/doc/html/ldap.html#ldap.LDAPObject.search_ext_s>.


                 After reading the ticket I think this should be fixed
        the other
                 way around: make 0 mean unlimited for both time and
        size limit
                 and fix the config plugin and LDAPClient to respect that.


             Thanks for the review. Updated patch attached.


    We still need to accept -1 in config-mod for backward compatibility
    - when received, it should be converted to 0.

    --
    Jan Cholasta




--
Jan Cholasta

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to