On Thu, 2011-09-29 at 12:11 -0400, Simo Sorce wrote:
> On Thu, 2011-09-29 at 17:56 +0200, Martin Kosek wrote:
> > I read every word of it :-) My point was that you can have more
> > databases (basedns, suffixes) configured on the server and when the
> > anonymous access is disabled we cannot check which one is for IPA.
> > That's what my patch 130 fixes. Before it, we just took the first
> > suffix.
> 
> Ok, in that case we can compare the suffix with the realm.
> It is 100% guaranteed that suffix and realm must match as we create the
> suffix out of the realm.
> Can you add code to check against REALM if anonymous is turned on ?
> 
> In case REALM is missing (DNS discovery failed) we have 2 options, use
> domain.upper() or require a --relam= option to be passed by the user,
> what do you think ?

In the last version (3) of my patch 130 I just grabbed the realm you got
from domain.upper() and generated a suffix from it. So far, it works
fine.

Martin

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to