On Thu, 2011-09-29 at 12:11 -0400, Simo Sorce wrote: > On Thu, 2011-09-29 at 17:56 +0200, Martin Kosek wrote: > > I read every word of it :-) My point was that you can have more > > databases (basedns, suffixes) configured on the server and when the > > anonymous access is disabled we cannot check which one is for IPA. > > That's what my patch 130 fixes. Before it, we just took the first > > suffix. > > Ok, in that case we can compare the suffix with the realm. > It is 100% guaranteed that suffix and realm must match as we create the > suffix out of the realm. > Can you add code to check against REALM if anonymous is turned on ? > > In case REALM is missing (DNS discovery failed) we have 2 options, use > domain.upper() or require a --relam= option to be passed by the user, > what do you think ?
In the last version (3) of my patch 130 I just grabbed the realm you got from domain.upper() and generated a suffix from it. So far, it works fine. Martin _______________________________________________ Freeipa-devel mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-devel