Re: Freeze exception for sssd?

[Russ Allbery <rra@debian.org>]

Not a review of the upload, but for the maintainer script implementation
here:

Petter Reinholdtsen <pere@hungry.com> writes:

> +# See if we can find an LDAP server.  Prefer ldap.domain, but also
> +# accept SRV records if no ldap.domain server is found.
> +lookup_ldap_uri() {
> +    domain="$1"
> +    if ping -c2 ldap.$domain > /dev/null 2>&1; then
> +	echo ldap://ldap.$domain
> +    else
> +	host=$(host -N 2 -t SRV _ldap._tcp.$domain | grep -v NXDOMAIN | awk '{print $NF}' | head -1)
> +	if [ "$host" ] ; then
> +	    echo ldap://$host | sed 's/\.$//'
> +	fi
> +    fi
> +}

You should reverse this logic and check for and prefer the SRV record
first, as that's the documented purpose of the SRV record and any site
that's configured the SRV record probably knows what they're doing and
isn't going to want you to do simple name guessing.

> +lookup_kerberos_server() {
> +    domain="$1"
> +    if ping -c2 kerberos.$domain > /dev/null 2>&1; then
> +	echo kerberos.$domain
> +    else
> +	host=$(host -t SRV _kerberos._tcp.$domain | grep -v NXDOMAIN | awk '{print $NF}'|head -1)
> +	if [ "$host" ] ; then
> +	    echo $host | sed 's/\.$//'
> +	fi
> +    fi
> +}

Likewise here.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>