Yair Zaslavsky has posted comments on this change. Change subject: tools: Add --resolve-kdc arg to engine-manage-domains ......................................................................
Patch Set 2: (1 comment) http://gerrit.ovirt.org/#/c/24576/2/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java File backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java: Line 742: try { Line 743: log.info("Creating kerberos configuration for domain(s): " + gssapiDomainsString); Line 744: useDnsLookup = utilityConfiguration.getUseDnsLookup(); Line 745: String domainRealmMappingFile = utilityConfiguration.getDomainRealmMappingFile(); Line 746: if (!args.contains(ARG_LDAP_SERVERS) && useDnsLookup > I don't not understand your comment, if --resolve-kdc option is entered, it sorry for the messy comment :) There is something strange to me in your if expression. I wrote a small java program and checked just to be 100% sure :) !a && b || c means that it doesnt matter what you place in a , either true of false, the condition will be true if c is true. so , in your case what happens is that if you do pass --ldap-servers, you will still empty the collection of ldap servers (the condition will be true) and this is incorrect. even if kdcs are resolved (or let's say - you pass a kdc list as arguments) you will still want in case of provided ldap serves to keep the order provided by --ldap-servers. regarding the 2nd part - I am fine with both approaches. I'm starting to think we might need to consider to pass an argument that will let the admin to pass a krb5.conf file that will be used instead of a krb5.conf file generated by manage-domains, but for now, let's fix this bug, and discuss my ideal ater. Line 747: || args.contains(ARG_RESOLVE_KDC)) { Line 748: // Arguments do not contain a list of ldap servers, so the Line 749: // kerberos configuration should not be created according to it if Line 750: // useDnsLookup is set to true or resolve KDC argument was entered. -- To view, visit http://gerrit.ovirt.org/24576 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I7884eae1c67636c7fc4578f7f16358205702ef64 Gerrit-PatchSet: 2 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Martin Peřina <mper...@redhat.com> Gerrit-Reviewer: Martin Peřina <mper...@redhat.com> Gerrit-Reviewer: Yair Zaslavsky <yzasl...@redhat.com> Gerrit-Reviewer: automat...@ovirt.org Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
