On Thu, Feb 24, 2011 at 06:36:34PM +0100, Jakub Hrozek wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/24/2011 01:07 PM, Sumit Bose wrote:
> Sorry for not sseing this earlier, but would you mind to move the whole
> setting of IPA_KRB5_REALM from ipa_service_init() to ipa_get_options()?
> I think it it safer to set it here so that it is really always
> available.
>
OK. I think the code even reads better now.
>>>> > >> Patch looks good, would you mind to add a paragraph to the
man page of
>>>> > >> the IPA provider which explains the special role of
krb5_realm for the
>>>> > >> IPA provider?
>>> > >
>>>> > >> bye,
>>>> > >> Sumit
>> >
>> > Of course. A new patch is attached. I did one more modification - the
>> > values of SDAP_KRB5_REALM and KRB5_REALM for ipa_id and ipa_auth
>> > respectively now default to IPA_KRB5_REALM, not IPA_DOMAIN.toupper(). It
>> > should technically be the same, but I think the new way is more
consistent.
> Good point. While reading 'toupper' here I start thinking if we should
> add a 'tolower' to domain_to_basedn() as realm_to_suffix() does in
> FreeIPA. This is a cosmetic change because the case shouldn't matter
> here, but since we print the baseDN in the debug logs it might irritate
> the untrained eye.
>
Added and changed unit tests accordingly.
Thank you.
ACK
bye,
Sumit
Jakub
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org/
iEYEARECAAYFAk1mlyIACgkQHsardTLnvCXgowCg0wpC6ZIL1XHuo1KGkXCfFmsz
AeMAn1F7QJFY9SMDybj2GibmH5stsvw8
=ckjo
-----END PGP SIGNATURE-----