Re: [Freeipa-devel] Internationalized domain names in freeIPA

2013-11-12 Thread Alexander Bokovoy

On Thu, 07 Nov 2013, Martin Basti wrote:

On Tue, 2013-11-05 at 18:04 +0100, Petr Viktorin wrote:

On 11/05/2013 05:53 PM, John Dennis wrote:
 On 11/05/2013 11:13 AM, Martin Basti wrote:
 Hi list,

 I'm working on ticket: https://fedorahosted.org/freeipa/ticket/3169
 UTF-8 DNS names will be converted to punycode ASCII string and stored

 But there is a question, how to show DNS names to user (in UI or
 dnsrecord-show/find):
 * show them in punycode
 * convert them to UTF-8 and show
 * both ways
 * add options to show them in UTF-8

 I'll be thankful for your opinion.


 We have a rule that all strings use UCS and that UCS be interchanged by
 encoding UCS text in UTF-8. Therefore it seems to me the only time
 punycode should ever exist is when it's necessary to encode/decode
 punycode for dns operations. Since punycode is a standard Python codec
 this should be trivial, you just need to determine where you do the
 encode/decode (perhaps also validating user input can be successfully
 encoded).

In LDAP the values need to be in punycode, so bind-dyndb-ldap can
process them.

IMO all layers above that -- API, CLI, WebUI -- should use Unicode,
except with the `--raw` flag.



Thanks for your opinions.
I will do that as Petr wrote.

After discussing ticket #4020 (ipasam changes for iDNS), please make
sure realmdomains are always written *without* punycode.

realmdomains are just an attribute with UTF8, it is not used by named so
it will not affect DNS driver. However, keeping realmdomains values in
UTF8 will help us by not requiring any modification to ipasam module.


--
Martin^2 Basti

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


--
/ Alexander Bokovoy

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


Re: [Freeipa-devel] Internationalized domain names in freeIPA

2013-11-08 Thread Petr Viktorin

On 11/07/2013 02:14 PM, Martin Kosek wrote:

On 11/07/2013 01:59 PM, Petr Viktorin wrote:

On 11/05/2013 06:08 PM, John Dennis wrote:

On 11/05/2013 12:04 PM, Petr Viktorin wrote:

On 11/05/2013 05:53 PM, John Dennis wrote:

On 11/05/2013 11:13 AM, Martin Basti wrote:

Hi list,

I'm working on ticket: https://fedorahosted.org/freeipa/ticket/3169
UTF-8 DNS names will be converted to punycode ASCII string and stored

But there is a question, how to show DNS names to user (in UI or
dnsrecord-show/find):
* show them in punycode
* convert them to UTF-8 and show
* both ways
* add options to show them in UTF-8

I'll be thankful for your opinion.



We have a rule that all strings use UCS and that UCS be interchanged by
encoding UCS text in UTF-8. Therefore it seems to me the only time
punycode should ever exist is when it's necessary to encode/decode
punycode for dns operations. Since punycode is a standard Python codec
this should be trivial, you just need to determine where you do the
encode/decode (perhaps also validating user input can be successfully
encoded).


In LDAP the values need to be in punycode, so bind-dyndb-ldap can
process them.


This suggests the LDAP type conversion is the right location for
encode/decode.


IMO all layers above that -- API, CLI, WebUI -- should use Unicode,
except with the `--raw` flag.


The reason for this is that UTF-8 isn't as canonical a represenation of
Punicode as, say, a DN object for DNs or a bool for boolean values. Admins
might reasonably want to see the raw value.

Also, these values end up in DNs; I fear converting them at the LDAP wrapper
level could open a can of worms. Do we have resources to give this the testing
it needs?

I think converting them in the DNS plugin is the way to go.



Just to clarify the terms here: DNS plugin === dns.py plugin in FreeIPA, not
bind-dyndb-ldap.


dns.py; sorry for the confusion.


--
Petr³

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] Internationalized domain names in freeIPA

2013-11-07 Thread Martin Basti
On Tue, 2013-11-05 at 18:04 +0100, Petr Viktorin wrote:
 On 11/05/2013 05:53 PM, John Dennis wrote:
  On 11/05/2013 11:13 AM, Martin Basti wrote:
  Hi list,
 
  I'm working on ticket: https://fedorahosted.org/freeipa/ticket/3169
  UTF-8 DNS names will be converted to punycode ASCII string and stored
 
  But there is a question, how to show DNS names to user (in UI or
  dnsrecord-show/find):
  * show them in punycode
  * convert them to UTF-8 and show
  * both ways
  * add options to show them in UTF-8
 
  I'll be thankful for your opinion.
 
 
  We have a rule that all strings use UCS and that UCS be interchanged by
  encoding UCS text in UTF-8. Therefore it seems to me the only time
  punycode should ever exist is when it's necessary to encode/decode
  punycode for dns operations. Since punycode is a standard Python codec
  this should be trivial, you just need to determine where you do the
  encode/decode (perhaps also validating user input can be successfully
  encoded).
 
 In LDAP the values need to be in punycode, so bind-dyndb-ldap can 
 process them.
 
 IMO all layers above that -- API, CLI, WebUI -- should use Unicode, 
 except with the `--raw` flag.
 

Thanks for your opinions.
I will do that as Petr wrote.
-- 
Martin^2 Basti

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


Re: [Freeipa-devel] Internationalized domain names in freeIPA

2013-11-07 Thread Petr Viktorin

On 11/05/2013 06:08 PM, John Dennis wrote:

On 11/05/2013 12:04 PM, Petr Viktorin wrote:

On 11/05/2013 05:53 PM, John Dennis wrote:

On 11/05/2013 11:13 AM, Martin Basti wrote:

Hi list,

I'm working on ticket: https://fedorahosted.org/freeipa/ticket/3169
UTF-8 DNS names will be converted to punycode ASCII string and stored

But there is a question, how to show DNS names to user (in UI or
dnsrecord-show/find):
* show them in punycode
* convert them to UTF-8 and show
* both ways
* add options to show them in UTF-8

I'll be thankful for your opinion.



We have a rule that all strings use UCS and that UCS be interchanged by
encoding UCS text in UTF-8. Therefore it seems to me the only time
punycode should ever exist is when it's necessary to encode/decode
punycode for dns operations. Since punycode is a standard Python codec
this should be trivial, you just need to determine where you do the
encode/decode (perhaps also validating user input can be successfully
encoded).


In LDAP the values need to be in punycode, so bind-dyndb-ldap can
process them.


This suggests the LDAP type conversion is the right location for
encode/decode.


IMO all layers above that -- API, CLI, WebUI -- should use Unicode,
except with the `--raw` flag.


The reason for this is that UTF-8 isn't as canonical a represenation of 
Punicode as, say, a DN object for DNs or a bool for boolean values. 
Admins might reasonably want to see the raw value.


Also, these values end up in DNs; I fear converting them at the LDAP 
wrapper level could open a can of worms. Do we have resources to give 
this the testing it needs?


I think converting them in the DNS plugin is the way to go.

--
Petr³

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


Re: [Freeipa-devel] Internationalized domain names in freeIPA

2013-11-07 Thread Martin Kosek
On 11/07/2013 01:59 PM, Petr Viktorin wrote:
 On 11/05/2013 06:08 PM, John Dennis wrote:
 On 11/05/2013 12:04 PM, Petr Viktorin wrote:
 On 11/05/2013 05:53 PM, John Dennis wrote:
 On 11/05/2013 11:13 AM, Martin Basti wrote:
 Hi list,

 I'm working on ticket: https://fedorahosted.org/freeipa/ticket/3169
 UTF-8 DNS names will be converted to punycode ASCII string and stored

 But there is a question, how to show DNS names to user (in UI or
 dnsrecord-show/find):
 * show them in punycode
 * convert them to UTF-8 and show
 * both ways
 * add options to show them in UTF-8

 I'll be thankful for your opinion.


 We have a rule that all strings use UCS and that UCS be interchanged by
 encoding UCS text in UTF-8. Therefore it seems to me the only time
 punycode should ever exist is when it's necessary to encode/decode
 punycode for dns operations. Since punycode is a standard Python codec
 this should be trivial, you just need to determine where you do the
 encode/decode (perhaps also validating user input can be successfully
 encoded).

 In LDAP the values need to be in punycode, so bind-dyndb-ldap can
 process them.

 This suggests the LDAP type conversion is the right location for
 encode/decode.

 IMO all layers above that -- API, CLI, WebUI -- should use Unicode,
 except with the `--raw` flag.
 
 The reason for this is that UTF-8 isn't as canonical a represenation of
 Punicode as, say, a DN object for DNs or a bool for boolean values. Admins
 might reasonably want to see the raw value.
 
 Also, these values end up in DNs; I fear converting them at the LDAP wrapper
 level could open a can of worms. Do we have resources to give this the testing
 it needs?
 
 I think converting them in the DNS plugin is the way to go.
 

Just to clarify the terms here: DNS plugin === dns.py plugin in FreeIPA, not
bind-dyndb-ldap.

Martin

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


Re: [Freeipa-devel] Internationalized domain names in freeIPA

2013-11-05 Thread John Dennis
On 11/05/2013 11:13 AM, Martin Basti wrote:
 Hi list,
 
 I'm working on ticket: https://fedorahosted.org/freeipa/ticket/3169
 UTF-8 DNS names will be converted to punycode ASCII string and stored
 
 But there is a question, how to show DNS names to user (in UI or
 dnsrecord-show/find):
 * show them in punycode
 * convert them to UTF-8 and show
 * both ways
 * add options to show them in UTF-8
 
 I'll be thankful for your opinion.
 

We have a rule that all strings use UCS and that UCS be interchanged by
encoding UCS text in UTF-8. Therefore it seems to me the only time
punycode should ever exist is when it's necessary to encode/decode
punycode for dns operations. Since punycode is a standard Python codec
this should be trivial, you just need to determine where you do the
encode/decode (perhaps also validating user input can be successfully
encoded).

-- 
John

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


Re: [Freeipa-devel] Internationalized domain names in freeIPA

2013-11-05 Thread Petr Viktorin

On 11/05/2013 05:53 PM, John Dennis wrote:

On 11/05/2013 11:13 AM, Martin Basti wrote:

Hi list,

I'm working on ticket: https://fedorahosted.org/freeipa/ticket/3169
UTF-8 DNS names will be converted to punycode ASCII string and stored

But there is a question, how to show DNS names to user (in UI or
dnsrecord-show/find):
* show them in punycode
* convert them to UTF-8 and show
* both ways
* add options to show them in UTF-8

I'll be thankful for your opinion.



We have a rule that all strings use UCS and that UCS be interchanged by
encoding UCS text in UTF-8. Therefore it seems to me the only time
punycode should ever exist is when it's necessary to encode/decode
punycode for dns operations. Since punycode is a standard Python codec
this should be trivial, you just need to determine where you do the
encode/decode (perhaps also validating user input can be successfully
encoded).


In LDAP the values need to be in punycode, so bind-dyndb-ldap can 
process them.


IMO all layers above that -- API, CLI, WebUI -- should use Unicode, 
except with the `--raw` flag.


--
Petr³

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel