On Fri, 2011-05-27 at 13:38 +0200, Jakub Hrozek wrote:
On 05/26/2011 06:46 PM, Stephen Gallagher wrote:
> On Thu, 2011-05-26 at 18:02 +0200, Jakub Hrozek wrote:
>> Escaping the IPv6 address with "[" and "]" makes it
compliant with
>> RFC2732 and allows the URI to be parsed with libldap routines.
>
>
> Nack.
>
> This fix is incomplete. It's a bug that the LDAP provider does not
> encode the IP address as returned by the failover resolution. The
> sdap_uri_callback() routine should be creating the new_uri with the
> returned address and escaping IPv6.
>
>
Attached are patches that deal with both providers:
[PATCH 1/4] Add utility function to return IP address as string
Removes code duplication we had between Kerberos and IPA providers and
would have in the LDAP provider
Ack
[PATCH 2/4] Add a utility function to escape IPv6 address for use in
URIs
A utility function that would be used later on
Ack
[PATCH 3/4] Use escaped IP addresses in LDAP provider
Instead of hostname, construct the URI based on IP address, escaped if
needed. When a URI is passed in, we break it down and reconstruct it
with address.
Ack
[PATCH 4/4] Escape IPv6 IP addresses in the IPA provider
https://fedorahosted.org/sssd/ticket/880
Ack