[Freeipa-devel] [PATCHES] 0022-0023 [RFE] DNS - IDN support

Jan Cholasta jcholast at redhat.com
Wed Dec 11 12:51:54 UTC 2013


On 6.12.2013 14:48, Martin Basti wrote:
> Hello,
>
> patches here contain a *draft* of IDN support for IPA DNS.
>
> Overview:
> 1) IND domains stored in LDAP are punycoded(A-labels)
> 2) now domain can contains almost everything
> 3) domains have to be normalized (AD requires normalized domains too).
> Example:  groß => gross
> 4) --raw option shows domains punycoded
> 5) without --raw option domains are showed in Unicode(U-labels, human
> readable form)
> 6) It works only in DNS module, rest of IPA is still without IDN
> 7) IDN domains are not added into realmdomains
>
> TODO:
> 1) bug in dnspython can cause improper conversion with escaped
> characters:  https://github.com/rthalley/dnspython/issues/46
> 2) discuss if validators should be more strict (only letters
> allowed, ...)
> 3) fix parts of code where domains are showed in punycode - error
> messages, exceptions
> 4) cleanup unused code
>
> TESTS:
> 1) 3 failures: caused by TODO 3)
> 2) expected value: 'value' should be in Unicode(U-labels), instead of
> punycode (part of TODO 3) )
>

I did a quick look at the patch and it is a little bit beefier than I 
would expect. Instead of doing excessive amounts of punycode 
encoding/decoding when a value is received from/about to be send to the 
client, I would instead encode right before LDAP add/mod and decode 
right after LDAP search.

Honza

-- 
Jan Cholasta




More information about the Freeipa-devel mailing list