[Freeipa-devel] [PATCH 0029-0046, 0047] Internationalized domain names in DNS plugin
Martin Basti
mbasti at redhat.com
Mon Jun 2 15:29:22 UTC 2014
On Mon, 2014-06-02 at 17:09 +0200, Martin Basti wrote:
> On Mon, 2014-06-02 at 16:21 +0200, Jan Cholasta wrote:
> > On 2.6.2014 13:50, Martin Basti wrote:
> > > Rebased patches attached
> > >
> >
> > I got this test failure:
> >
> > ======================================================================
> > ERROR: test suite for <class
> > 'ipatests.test_xmlrpc.test_dns_plugin.test_dns'>
> > ----------------------------------------------------------------------
> > Traceback (most recent call last):
> > File "/usr/lib/python2.7/site-packages/nose/suite.py", line 208, in run
> > self.setUp()
> > File "/usr/lib/python2.7/site-packages/nose/suite.py", line 291, in setUp
> > self.setupContext(ancestor)
> > File "/usr/lib/python2.7/site-packages/nose/suite.py", line 314, in
> > setupContext
> > try_run(context, names)
> > File "/usr/lib/python2.7/site-packages/nose/util.py", line 469, in
> > try_run
> > return func()
> > File
> > "/usr/lib/python2.7/site-packages/ipatests/test_xmlrpc/test_dns_plugin.py",
> > line 214, in setUpClass
> > force = True,
> > File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 436,
> > in __call__
> > ret = self.run(*args, **options)
> > File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 758,
> > in run
> > return self.forward(*args, **options)
> > File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 779,
> > in forward
> > return self.Backend.rpcclient.forward(self.name, *args, **kw)
> > File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 876, in
> > forward
> > return self._call_command(command, params)
> > File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 853, in
> > _call_command
> > return command(*params)
> > File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 993, in _call
> > return self.__request(name, args)
> > File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 987, in
> > __request
> > raise error_class(message=error['message'])
> > DNSDataMismatch: DNS check failed: Expected {_kerberos.dnszone.test.
> > 86400 IN TXT "IDM.LAB.BOS.REDHAT.COM"} got {None}
> This is caused by wait_for_dns option. Try to set larger time limit, at
> least 10sec.
>
> >
> > Patch 31:
> >
> > + #compare if IDN normalized and original domain match
> > + #there is N:1 mapping between unicode and IDNA names
> > + #user should use normalized names to avoid mistakes
> > + normalized_domain_name = encodings.idna.nameprep(value)
> > + if value != normalized_domain_name:
> > + error = _("domain name '%(domain)s' and normalized
> > domain name"
> > + " '%(normalized)s' do not match. Please use only"
> > + " normalized domains") % {'domain': value,
> > + 'normalized': normalized_domain_name}
> >
> > I thought we decided to drop this check, because of IDNA 2008?
> We decided not to change IDNA2003 to 2008, because registrators are more
> strictly than both of the RFC standards, and this is part of 2003 which
> makes it safer, and in some way more compatible with 2008 (like only
> small caps, etc)
>
> But German registrator allows only IDNA2008, Switzerland allows only
> IDNA2003, so we have problem with 'ß' character, because it is encoded
> differently.
>
> For the IDNA2008, we need extra library out of standard python libs.
>
> So we should support both, or use pure punycode algorithm to
> encode/decode, because it has no limitation instead of IDNA standard.
> I propose to file a new ticket.
>
And also AD support IDNA2003. So we are compatible.
> >
> > Patch 38:
> >
> > It seems you left out the normalize_zonemgr and normalize_zone
> > modifications I have suggested. Is there a reason for this?
> >
> I left there original code, which works with strings.
>
> I dont use normalize_zone in DNS plugin anymore. So it would be better
> to work only with string, no conversion string to object and back to
> string.
>
> Should I modify normalize_zonemgr then? Old version works good, and code
> will be little longer than your example.
>
--
Martin^2 Basti
More information about the Freeipa-devel
mailing list