[Freeipa-devel] [PATCH] 0109-0110 Support querying AD DC when establishing trust as HTTP/ipa.server principal
Simo Sorce
simo at redhat.com
Tue Jul 23 12:15:50 UTC 2013
On Thu, 2013-07-18 at 18:37 +0300, Alexander Bokovoy wrote:
> Hi!
>
> Attached patches make possible to use HTTP/ipa.server at REALM to query AD
> DC over LDAP immediately after trust is established. We need this to get
> range discovery working prior to creating range for trusted domain.
>
> The patch 0109 makes KDC hostname cached on ipadb context to avoid
> resolving own hostname multiple times.
>
> The patch 0110 depends on ulc_casemap patches by Nathaniel and makes
> exception for HTTP/ipa.server at REALM when TGT is requested and MS-PAC is
> asked for -- we force refreshing list of trusted domains here.
>
> More details are available in the commit logs.
I do not think that changing reinit interval is the right thing to do.
I would rather pass a boolean that tells reinit to check if we have any
trust info, and if not unconditionally try to reinit immediately.
I see that you treat the interval sort of like a boolean but then you
just race hoping the previous reload w/o trust info happened more than 1
second earlier.
I think and explicit "bool force_reload" flag would be much clearer.
Otherwise ack.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list