[Freeipa-devel] [PATCH] 0100 Enumerate UPN suffixes in ipasam

Fri Mar 29 12:48:35 UTC 2013

On 03/27/2013 12:46 PM, Sumit Bose wrote:
> On Wed, Mar 27, 2013 at 12:53:18PM +0200, Alexander Bokovoy wrote:
>> Hi,
>>
>> On Wed, 27 Mar 2013, Sumit Bose wrote:
>>>> Additionally, you can request Windows to update list of name suffixes
>>>> via UI. Here is how it looks in Windows 2012 Server:
>>>> http://abbra.fedorapeople.org/.paste/win2012-multiple-suffixes.png
>>>>
>>>> Part of ticket https://fedorahosted.org/freeipa/ticket/2848
>>>
>>> I've tested the attached patch with the samba packages mentioned above
>>> and everything works as expect.
>>>
>>> As can be seen in the figure Alexander linked above the new suffixes are
>>> disabled by default on the Windows side. This is expected and exactly
>>> the same behaviour can be found in AD-AD trusts. Nevertheless it would
>>> be good if you can make sure this behaviour is explicitly mentioned e.g.
>>> in the design page or other documents to avoid confusion when this
>>> feature is tested by others.
>> I'll add that, thanks for reminding.
>>
>>>
>>> Review comments are in-line.
>>>
>>> bye,
>>>> +
>>>> +	/* Since associatedDomain has attributeType MUST, there must be at least one domain */
>>>> +	for (i = 0; i < count ; i++) {
>>>> +		if (strcmp(ldap_state->domain_name, domains[i]) == 0) {
>>>> +			break;
>>>> +		}
>>>> +	}
>>>
>>> Since we area handling DNS domain names here strcasecmp() would be more
>>> fault tolerant? OTOH I think mixed cases here can only happen if some
>>> modifies IPA LDAP object manually.
>> Technically it should be something that does utf-8 caseless lookups. We
>> can go with strcasecmp as it is for time being, I'll add TODO there for
>> future IDN handling.
> 
> yes, good idea
> 
>>
>>
>> New patch attached. Survives Windows 2012 testing.
> 
> Survives my testing with 2008 as well. ACK.
> 
> bye,
> Sumit

Also survived my testing without support of PASSDB API in samba (i.e. did not
crash or disable existing functionality).

Pushed to master.

Martin