Cloned Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=766097
ipalib/dn.py was recently introduced to improve handing of LDAP DN's by introducing the DN, RDN & AVA object classes. The majority of the code still utilizes simple string handling to define and manipulate dn's. There are known problems with using simple string handling with dn's the new classes are meant to correct. We need to go through the code and start to use the new classes.
An excellent starting point would be to redefine the LDAP containers defined in constants.py and basedn to be DN objects instead of strings.
Then the entire tree should be searched for each reference to the modified constant and verify the dn's are being used properly. This will likely mean assuring DN object operators are being utilized instead of raw string handling.
FYI: ticket #1112 already introduced DN object usage in certain select locations in the code to allow privileges to have a comma in the privilege name. The patches for that fix did not include all the other dn references because that would have been too many unrelated changes for one ticket. That's why this ticket was opened.
This is a rather broad topic. We should try to somehow split this into more digestible bites.
Some existing uses of the DN class were cleaned up in 442973e
Pushing to 2.1.1 for now.
Moving the ticket to the next month iteration.
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=766097
Moving to next month iteration.
Moving into beta 2 directly.
commit 94d457e
Metadata Update from @jdennis: - Issue assigned to jdennis - Issue set to the milestone: FreeIPA 3.0 Beta 2
Login to comment on this ticket.