-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 02/24/2011 01:07 PM, Sumit Bose wrote:
Sorry for not sseing this earlier, but would you mind to move the whole setting of IPA_KRB5_REALM from ipa_service_init() to ipa_get_options()? I think it it safer to set it here so that it is really always available.
OK. I think the code even reads better now.
> Patch looks good, would you mind to add a paragraph to the man page of > the IPA provider which explains the special role of krb5_realm for the > IPA provider?
> bye, > Sumit
Of course. A new patch is attached. I did one more modification - the values of SDAP_KRB5_REALM and KRB5_REALM for ipa_id and ipa_auth respectively now default to IPA_KRB5_REALM, not IPA_DOMAIN.toupper(). It should technically be the same, but I think the new way is more consistent.
Good point. While reading 'toupper' here I start thinking if we should add a 'tolower' to domain_to_basedn() as realm_to_suffix() does in FreeIPA. This is a cosmetic change because the case shouldn't matter here, but since we print the baseDN in the debug logs it might irritate the untrained eye.
Added and changed unit tests accordingly.
Jakub