On Tue, 2013-07-23 at 16:11 +0300, Alexander Bokovoy wrote: > On Tue, 23 Jul 2013, Simo Sorce wrote: > >On Thu, 2013-07-18 at 18:37 +0300, Alexander Bokovoy wrote: > >> Hi! > >> > >> Attached patches make possible to use HTTP/ipa.server@REALM to query AD > >> DC over LDAP immediately after trust is established. We need this to get > >> range discovery working prior to creating range for trusted domain. > >> > >> The patch 0109 makes KDC hostname cached on ipadb context to avoid > >> resolving own hostname multiple times. > >> > >> The patch 0110 depends on ulc_casemap patches by Nathaniel and makes > >> exception for HTTP/ipa.server@REALM when TGT is requested and MS-PAC is > >> asked for -- we force refreshing list of trusted domains here. > >> > >> More details are available in the commit logs. > > > >I do not think that changing reinit interval is the right thing to do. > > > >I would rather pass a boolean that tells reinit to check if we have any > >trust info, and if not unconditionally try to reinit immediately. > > > >I see that you treat the interval sort of like a boolean but then you > >just race hoping the previous reload w/o trust info happened more than 1 > >second earlier. > > > >I think and explicit "bool force_reload" flag would be much clearer. > > > >Otherwise ack. > Attached is modified patch that uses 'bool force_reinit' (as function is > called ipadb_reinit_mspac). > > I tested it together with updated Tomas patch 0076 which relies on these > patches so I'm going to commit whole set together.
LGTM, please proceed. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel