[Freeipa-devel] [PATCH] Use escapes in DNs instead of quoting.

[Rob Crittenden]

Pavel Zuna wrote:
> On 04/16/2010 10:25 PM, Rob Crittenden wrote:
>> Pavel Zůna wrote:
>>> On 4/16/2010 5:09 PM, Rob Crittenden wrote:
>>>> Pavel Zuna wrote:
>>>>> This patch effectively removes all LDAPv2 style quoted DNs and makes
>>>>> sure we don't use them anymore.
>>>>>
>>>>> KDC doesn't seem to have any problems with LDAPv3 style DNs, but I
>>>>> kept the option to disable DN normalization for now.
>>>>>
>>>>> I also had to add a new dollar variable for LDIF files:
>>>>> $ESCAPED_SUFFIX. We need it to create entries that contain the DN of
>>>>> another entry in their own, like the account activated/inactivated CoS
>>>>> entries.
>>>>>
>>>>> what I tested:
>>>>> - playing around with password policies and CoS entries using both
>>>>> pwpolicy and pwpolicy2
>>>>> - changing user passwords to see if the policies apply
>>>>> - re-installing IPA to see if the activated/inactived CoS entries
>>>>> where OK
>>>>> - user-lock/user-unlock
>>>>>
>>>>> The patch depends on the pwpolicy2 plugin. Well, it doesn't depend on
>>>>> it, but won't apply without. I didn't realize before committing and
>>>>> couldn't get it back by re-basing, so...
>>>>>
>>>>> Pavel
>>>>
>>>> This fails to apply because the pwpolicy2 plugin hasn't been committed
>>>> yet. You had suggested that this patch shouldn't be applied yet. Should
>>>> I remove the pwpolicy2 part of this patch and push, rebase it, or what?
>>>>
>>>> rob
>>> I rebased the patch - attached. It no longer depends on pwpolicy2. I'm
>>> going to release an updated pwpolicy2 patch with quoting gone along
>>> with this one.
>>>
>>> Pavel
>>
>> I made a couple of changes to the patch:
>> - added ESCAPED_SUFFIX to the dsinstance sub_dict so installations work
>> - added back some extra lines to pwpolicy_del() that actually deleted
>> the entries
> Oups, probably deleted those by mistake. Anyway, nice catch.
> 
> Just tested it - ACK.
> 
>> rob
> 
> Pavel

pushed to master