[Authentication] When does 'realm discover' return two sections for the one realm, with one not configured?

Richard Sharpe realrichardsharpe at gmail.com
Thu Oct 17 18:51:33 UTC 2019 

On Thu, Oct 17, 2019 at 11:06 AM Sumit Bose <sbose at redhat.com> wrote:
>
> On Wed, Oct 16, 2019 at 07:04:11PM -0700, Richard Sharpe wrote:
> > On Wed, Oct 16, 2019 at 6:07 PM Richard Sharpe
> > <realrichardsharpe at gmail.com> wrote:
> > >
> > > > We are using sssd 1.16.1 and have no changes in the realm code or the
> > > > SSSDConfig utility.
> > >
> > > I have managed to reproduce, I believe, the problem. I did it by
> > > specifying an uppercase domain name when setting up a new domain.
> > >
> > > This is what I now see with 'realm discover -v BAD.AD.TEST'
> > > ---------------------
> > >  $ realm discover -v BAD.AD.TEST
> > >  * Resolving: _ldap._tcp.bad.ad.test
> > >  * Performing LDAP DSE lookup on: 10.200.8.100
> > >  * Successfully discovered: BAD.AD.TEST
> > > BAD.AD.TEST
> > >   type: kerberos
> > >   realm-name: BAD.AD.TEST
> > >   domain-name: BAD.AD.TEST
> > >   configured: no
> > >   server-software: active-directory
> > >   client-software: sssd
> > >   required-package: oddjob
> > >   required-package: oddjob-mkhomedir
> > >   required-package: sssd
> > >   required-package: adcli
> > >   required-package: samba-common-tools
> > > bad.ad.test
> > >   type: kerberos
> > >   realm-name: BAD.AD.TEST
> > >   domain-name: bad.ad.test
> > >   configured: no
> > > ------------------
> > >
> > > I never see the second, lower-case realm/domain when the domain is
> > > created with a lowercase name to begin with.
>
> Hi,
>
> thanks for the analysis. After creating a domain with upper-case letters
> in the name I'm able to reproduce this as well.
>
> >
> > Here is a fix for the problem. Domain names are canonicalized to lower
> > case in realmd:
>
> Thanks for the fix, would you mind to open a new merge request at
> https://gitlab.freedesktop.org/realmd/realmd/merge_requests/new ? If you
> prefer, I can open one for you as well.

Can you open it for me please. I am starting to go crazy with the
number of places I have to add merge requests :-)

-- 
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)(传说杜康是酒的发明者)

More information about the Authentication mailing list