[Freeipa-devel] [PATCH] Use escapes in DNs instead of quoting.

[Pavel Zuna]

On 04/16/2010 10:25 PM, Rob Crittenden wrote:
> Pavel Zůna wrote:
>> On 4/16/2010 5:09 PM, Rob Crittenden wrote:
>>> Pavel Zuna wrote:
>>>> This patch effectively removes all LDAPv2 style quoted DNs and makes
>>>> sure we don't use them anymore.
>>>>
>>>> KDC doesn't seem to have any problems with LDAPv3 style DNs, but I
>>>> kept the option to disable DN normalization for now.
>>>>
>>>> I also had to add a new dollar variable for LDIF files:
>>>> $ESCAPED_SUFFIX. We need it to create entries that contain the DN of
>>>> another entry in their own, like the account activated/inactivated CoS
>>>> entries.
>>>>
>>>> what I tested:
>>>> - playing around with password policies and CoS entries using both
>>>> pwpolicy and pwpolicy2
>>>> - changing user passwords to see if the policies apply
>>>> - re-installing IPA to see if the activated/inactived CoS entries
>>>> where OK
>>>> - user-lock/user-unlock
>>>>
>>>> The patch depends on the pwpolicy2 plugin. Well, it doesn't depend on
>>>> it, but won't apply without. I didn't realize before committing and
>>>> couldn't get it back by re-basing, so...
>>>>
>>>> Pavel
>>>
>>> This fails to apply because the pwpolicy2 plugin hasn't been committed
>>> yet. You had suggested that this patch shouldn't be applied yet. Should
>>> I remove the pwpolicy2 part of this patch and push, rebase it, or what?
>>>
>>> rob
>> I rebased the patch - attached. It no longer depends on pwpolicy2. I'm
>> going to release an updated pwpolicy2 patch with quoting gone along
>> with this one.
>>
>> Pavel
>
> I made a couple of changes to the patch:
> - added ESCAPED_SUFFIX to the dsinstance sub_dict so installations work
> - added back some extra lines to pwpolicy_del() that actually deleted
> the entries
Oups, probably deleted those by mistake. Anyway, nice catch.

Just tested it - ACK.

> rob

Pavel