[Freeipa-devel] [PATCH] 0100 Enumerate UPN suffixes in ipasam
Sumit Bose
sbose at redhat.com
Wed Mar 27 11:46:13 UTC 2013
On Wed, Mar 27, 2013 at 12:53:18PM +0200, Alexander Bokovoy wrote:
> Hi,
>
> On Wed, 27 Mar 2013, Sumit Bose wrote:
> >>Additionally, you can request Windows to update list of name suffixes
> >>via UI. Here is how it looks in Windows 2012 Server:
> >>http://abbra.fedorapeople.org/.paste/win2012-multiple-suffixes.png
> >>
> >>Part of ticket https://fedorahosted.org/freeipa/ticket/2848
> >
> >I've tested the attached patch with the samba packages mentioned above
> >and everything works as expect.
> >
> >As can be seen in the figure Alexander linked above the new suffixes are
> >disabled by default on the Windows side. This is expected and exactly
> >the same behaviour can be found in AD-AD trusts. Nevertheless it would
> >be good if you can make sure this behaviour is explicitly mentioned e.g.
> >in the design page or other documents to avoid confusion when this
> >feature is tested by others.
> I'll add that, thanks for reminding.
>
> >
> >Review comments are in-line.
> >
> >bye,
> >>+
> >>+ /* Since associatedDomain has attributeType MUST, there must be at least one domain */
> >>+ for (i = 0; i < count ; i++) {
> >>+ if (strcmp(ldap_state->domain_name, domains[i]) == 0) {
> >>+ break;
> >>+ }
> >>+ }
> >
> >Since we area handling DNS domain names here strcasecmp() would be more
> >fault tolerant? OTOH I think mixed cases here can only happen if some
> >modifies IPA LDAP object manually.
> Technically it should be something that does utf-8 caseless lookups. We
> can go with strcasecmp as it is for time being, I'll add TODO there for
> future IDN handling.
yes, good idea
>
>
> New patch attached. Survives Windows 2012 testing.
Survives my testing with 2008 as well. ACK.
bye,
Sumit
>
>
>
> --
> / Alexander Bokovoy
More information about the Freeipa-devel
mailing list