On 08/10/2011 09:41 AM, Alexander Bokovoy wrote:
*Huge* work, very appreciated! It is much cleaner to see now what we are
actually expecting in a structured way.
Thank you. There are plenty more similar fixes coming to a review near
you soon :-)
Unrelated comment:
There are few place where we have CN vs cn like
- assert str(subject) == 'CN=ipa.example.com,O=IPA'
+ assert DN(str(subject)) == DN(('CN','ipa.example.com'),('O','IPA'))
Does it make sense to normalize to lowcase for those attributes that are
case-insensitive like cn, sn, uid, etc? It makes no functional
difference but looks a bit out of style to have a mix and also may trick
into wrongly using those attributes which are case-sensitive due to
schema definition.
Sure, good question. Since the comparison is case-insenstive there is no
logic change and my goal was to maintain things as originally written
but use the the correct method. We could lower case everything but as
you say there is no functional difference, it's a style issue and we
don't have a style guide for dn's (yet?).
However there does seem to be an unwritten convention (at least by
observation on my part) that dn attr's used in ldap are lowercase but dn
attr's in X509 certs are uppercase, go figure. The example you cited
happens to be a dn associated with a X509 cert.
Short answer: I don't have a strong opinion on this either way, if
others do chime in.
--
John Dennis <jden...@redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
