URL: https://github.com/freeipa/freeipa/pull/359
Title: #359: dogtag: search past the first 100 certificates

stlaz commented:
"""
@frasertweedale if `_ldap_search` is performed with correct filters, 
`sizelimit=0` is not the correct solution at least for CLI which should either 
follow the `sizelimit` argument if set or the records size limit in ipa config. 
It is only correct for WebUI which I believe should be setting `sizelimit=0` 
and if it's not, I'd be looking for the bug there.

I tried to briefly go through the cert plugin code but it's a bit messy so my 
only hope is that the correct filter is indeed used there. On the way through 
it, though, I found something that seems like another size limit bug: 
https://github.com/freeipa/freeipa/blob/master/ipaserver/plugins/cert.py#L1306 
-> which will not set our "unlimited" if `sizelimit` is set to 0. Also from 
there, if `sizelimit` is not set, we should go with ipa config sizelimit rather 
than having the magic do its trick somewhere else, right? Then the proposed 
value in options.get() could go away (be set in the cert.py module instead).

"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/359#issuecomment-270328738
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to