freeipa

Clone
Source Code
GIT

#4022 When search hits the size limit, it should explicitly say so or message like # hosts matched suggests there are not other
Closed: Fixed None Opened 10 years ago by adelton.

Closed: Fixed
Reopen Issue

There are people who might not even know that the number of listed entries with various *-find subcommands is limited. So if some admin does

# ipa config-mod --searchrecordslimit=1

and then unsuspecting user runs

# ipa host-find --raw --pkey-only
--------------
1 host matched
--------------
  fqdn: ipa.example.com
----------------------------
Number of entries returned 1
----------------------------

they have no idea that hundreds of other hosts are there, just not listed.

When the number of entried output hits the ipasearchrecordslimit limit, all *-find commands should print a note to that effect, alerting the user that there might be more data.

True. Our framework already communicates it via truncated attribute of the result, but you can only see it when using pure API and not the CLI:

# ipa -vv host-find foo
send: "POST /ipa/session/xml HTTP/1.1\r\nHost: vm-119.example.com\r\nAccept-Encoding: gzip\r\nAccept-Language: en-us\r\nReferer: https://vm-119.example.com/ipa/xml\r\nCookie: ipa_session=bfb4f6ad47f30434938ab42d25ec8c8b;\r\nUser-Agent: xmlrpclib.py/1.0.1 (by www.pythonware.com)\r\nContent-Type: text/xml\r\nContent-Length: 647\r\n\r\n<?xml version='1.0' encoding='UTF-8'?>\n<methodCall>\n<methodName>host_find</methodName>\n<params>\n<param>\n<value><array><data>\n<value><string>foo</string></value>\n</data></array></value>\n</param>\n<param>\n<value><struct>\n<member>\n<name>raw</name>\n<value><boolean>0</boolean></value>\n</member>\n<member>\n<name>all</name>\n<value><boolean>0</boolean></value>\n</member>\n<member>\n<name>version</name>\n<value><string>2.65</string></value>\n</member>\n<member>\n<name>pkey_only</name>\n<value><boolean>0</boolean></value>\n</member>\n<member>\n<name>no_members</name>\n<value><boolean>0</boolean></value>\n</member>\n</struct></value>\n</param>\n</params>\n</methodCall>\n"
reply: 'HTTP/1.1 200 Success\r\n'
header: Date: Tue, 12 Nov 2013 09:22:14 GMT
header: Server: Apache/2.4.6 (Fedora) mod_auth_kerb/5.4 mod_nss/2.4.6 NSS/3.15.2 Basic ECC mod_wsgi/3.4 Python/2.7.5
header: Set-Cookie: ipa_session=bfb4f6ad47f30434938ab42d25ec8c8b; Domain=vm-119.example.com; Path=/ipa; Expires=Tue, 12 Nov 2013 09:42:14 GMT; Secure; HttpOnly
header: Vary: Accept-Encoding
header: Content-Encoding: gzip
header: Content-Length: 379
header: Content-Type: text/xml; charset=utf-8
body: "<?xml version='1.0' encoding='UTF-8'?>\n<methodResponse>\n<params>\n<param>\n<value><struct>\n<member>\n<name>count</name>\n<value><int>1</int></value>\n</member>\n<member>\n<name>truncated</name>\n<value><boolean>1</boolean></value>\n</member>\n<member>\n<name>result</name>\n<value><array><data>\n<value><struct>\n<member>\n<name>dn</name>\n<value><string>fqdn=foo.example.com,cn=computers,cn=accounts,dc=example,dc=com</string></value>\n</member>\n<member>\n<name>has_keytab</name>\n<value><boolean>0</boolean></value>\n</member>\n<member>\n<name>fqdn</name>\n<value><array><data>\n<value><string>foo.example.com</string></value>\n</data></array></value>\n</member>\n<member>\n<name>has_password</name>\n<value><boolean>0</boolean></value>\n</member>\n<member>\n<name>krbprincipalname</name>\n<value><array><data>\n<value><string>host/foo.example.com@EXAMPLE.COM</string></value>\n</data></array></value>\n</member>\n<member>\n<name>managedby_host</name>\n<value><array><data>\n<value><string>foo.example.com</string></value>\n</data><"
body: '/array></value>\n</member>\n</struct></value>\n</data></array></value>\n</member>\n<member>\n<name>summary</name>\n<value><string>1 host matched</string></value>\n</member>\n</struct></value>\n</param>\n</params>\n</methodResponse>\n'
--------------
1 host matched
--------------
  Host name: foo.example.com
  Principal name: host/foo.example.com@IDM.LAB.BOS.REDHAT.COM
  Password: False
  Keytab: False
  Managed by: foo.example.com
----------------------------
Number of entries returned 1
----------------------------

Notice this value:

...<name>truncated</name>\n<value><boolean>1</boolean></value>...

Processing leftovers from 4.2 backlog - this ticket was found as suitable for consideration in next big feature release - 4.4.

master:

  • 9a945b2 Warn user when ipa *-find reach limit

Metadata Update from @adelton:
- Issue assigned to mbasti
- Issue set to the milestone: FreeIPA 4.4
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
low
None
None
None
None
defect
None
None
CLI
None
0
None
None
None
None
todo
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.