On 2.6.2014 17:29, Martin Basti wrote:
On Mon, 2014-06-02 at 17:09 +0200, Martin Basti wrote:
On Mon, 2014-06-02 at 16:21 +0200, Jan Cholasta wrote:
On 2.6.2014 13:50, Martin Basti wrote:
Rebased patches attached

I got this test failure:

ERROR: test suite for <class
Traceback (most recent call last):
    File "/usr/lib/python2.7/site-packages/nose/suite.py", line 208, in run
    File "/usr/lib/python2.7/site-packages/nose/suite.py", line 291, in setUp
    File "/usr/lib/python2.7/site-packages/nose/suite.py", line 314, in
      try_run(context, names)
    File "/usr/lib/python2.7/site-packages/nose/util.py", line 469, in
      return func()
line 214, in setUpClass
      force = True,
    File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 436,
in __call__
      ret = self.run(*args, **options)
    File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 758,
in run
      return self.forward(*args, **options)
    File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 779,
in forward
      return self.Backend.rpcclient.forward(self.name, *args, **kw)
    File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 876, in
      return self._call_command(command, params)
    File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 853, in
      return command(*params)
    File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 993, in _call
      return self.__request(name, args)
    File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 987, in
      raise error_class(message=error['message'])
DNSDataMismatch: DNS check failed: Expected {_kerberos.dnszone.test.
86400 IN TXT "IDM.LAB.BOS.REDHAT.COM"} got {None}
This is caused by wait_for_dns option. Try to set larger time limit, at
least 10sec.

Oh, OK, thanks.

Patch 31:

+            #compare if IDN normalized and original domain match
+            #there is N:1 mapping between unicode and IDNA names
+            #user should use normalized names to avoid mistakes
+            normalized_domain_name = encodings.idna.nameprep(value)
+            if value != normalized_domain_name:
+                error = _("domain name '%(domain)s' and normalized
domain name"
+                          " '%(normalized)s' do not match. Please use only"
+                          " normalized domains") % {'domain': value,
+                          'normalized': normalized_domain_name}

I thought we decided to drop this check, because of IDNA 2008?
We decided not to change IDNA2003 to 2008, because registrators are more
strictly than both of the RFC standards, and this is part of 2003 which
makes it safer, and in some way more compatible with 2008 (like only
small caps, etc)

But German registrator allows only IDNA2008, Switzerland allows only
IDNA2003, so we have problem with 'ß' character, because it is encoded

For the IDNA2008, we need extra library out of standard python libs.

So we should support both, or use pure punycode algorithm to
encode/decode, because it has no limitation instead of IDNA standard.
I propose to file a new ticket.

And also AD support IDNA2003. So we are compatible.

What I mean is that with the check, we support only IDNA2003 and without it, we support both IDNA2003 and IDNA2008, so it might be better just to remove it. Yes, users can enter invalid names without the check, but there is only so much babysitting we should do.

Maybe we can do a compromise and make it a warning instead?

Patch 38:

It seems you left out the normalize_zonemgr and normalize_zone
modifications I have suggested. Is there a reason for this?

I left there original code, which works with strings.

I dont use normalize_zone in DNS plugin anymore. So it would be better
to work only with string, no conversion string to object and back to

Should I modify normalize_zonemgr then? Old version works good, and code
will be little longer than your example.

Yes please, just to be safe ;-)

Jan Cholasta

Freeipa-devel mailing list

Reply via email to