[Freeipa-devel] [PATCH] Use escapes in DNs instead of quoting.
Rob Crittenden
rcritten at redhat.com
Tue Mar 30 13:42:19 UTC 2010
Pavel Zuna wrote:
> On 03/26/2010 04:56 PM, Rob Crittenden wrote:
>> Pavel Zuna wrote:
>>> This patch effectively removes all LDAPv2 style quoted DNs and makes
>>> sure we don't use them anymore.
>>>
>>> KDC doesn't seem to have any problems with LDAPv3 style DNs, but I
>>> kept the option to disable DN normalization for now.
>>>
>>> I also had to add a new dollar variable for LDIF files:
>>> $ESCAPED_SUFFIX. We need it to create entries that contain the DN of
>>> another entry in their own, like the account activated/inactivated CoS
>>> entries.
>>>
>>> what I tested:
>>> - playing around with password policies and CoS entries using both
>>> pwpolicy and pwpolicy2
>>> - changing user passwords to see if the policies apply
>>> - re-installing IPA to see if the activated/inactived CoS entries
>>> where OK
>>> - user-lock/user-unlock
>>>
>>> The patch depends on the pwpolicy2 plugin. Well, it doesn't depend on
>>> it, but won't apply without. I didn't realize before committing and
>>> couldn't get it back by re-basing, so...
>>>
>>> Pavel
>>
>> replication also uses v2-style escaping. This code looks ok for what it
>> touches but it isn't complete.
> Maybe I'm wrong, but it seems that the cn="SUFFIX",cn=mapping
> tree,cn=config entry is created automatically by DS and there's no much
> we can do about it. We could delete the entry and create a new one, but
> I suspect replication won't like it.
Yes, looks like you're right.
Rich, any thoughts on this?
rob
More information about the Freeipa-devel
mailing list