diff --git a/0001-Find-NetBIOS-name-in-keytab-while-leaving.patch b/0001-Find-NetBIOS-name-in-keytab-while-leaving.patch
deleted file mode 100644
index 894fe93..0000000
--- a/0001-Find-NetBIOS-name-in-keytab-while-leaving.patch
+++ /dev/null
@@ -1,168 +0,0 @@
-From b11d891a50c2f70e3c02b880e0199583b8df186c Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Thu, 31 May 2018 16:16:08 +0200
-Subject: [PATCH] Find NetBIOS name in keytab while leaving
-
-If realmd is used with Samba as membership software, i.e. Samba's net
-utility, the NetBIOS name must be known when leaving a domain. The most
-reliable way to find it is by searching the keytab for NAME$@REALM type
-entries and use the NAME as the NetBIOS name.
-
-Related to https://bugzilla.redhat.com/show_bug.cgi?id=1370457
----
- service/realm-kerberos.c     | 64 ++++++++++++++++++++++++++++++++++++
- service/realm-kerberos.h     |  2 ++
- service/realm-samba-enroll.c | 17 ++++++++--
- 3 files changed, 80 insertions(+), 3 deletions(-)
-
-diff --git a/service/realm-kerberos.c b/service/realm-kerberos.c
-index 54d1ed7..d6d109f 100644
---- a/service/realm-kerberos.c
-+++ b/service/realm-kerberos.c
-@@ -1130,3 +1130,67 @@ realm_kerberos_flush_keytab (const gchar *realm_name,
- 	return ret;
- 
- }
-+
-+gchar *
-+realm_kerberos_get_netbios_name_from_keytab (const gchar *realm_name)
-+{
-+	krb5_error_code code;
-+	krb5_keytab keytab = NULL;
-+	krb5_context ctx;
-+	krb5_kt_cursor cursor = NULL;
-+	krb5_keytab_entry entry;
-+	krb5_principal realm_princ = NULL;
-+	gchar *princ_name = NULL;
-+	gchar *netbios_name = NULL;
-+	krb5_data *name_data;
-+
-+	code = krb5_init_context (&ctx);
-+	if (code != 0) {
-+		return NULL;
-+	}
-+
-+	princ_name = g_strdup_printf ("user@%s", realm_name);
-+	code = krb5_parse_name (ctx, princ_name, &realm_princ);
-+	g_free (princ_name);
-+
-+	if (code == 0) {
-+		code = krb5_kt_default (ctx, &keytab);
-+	}
-+
-+	if (code == 0) {
-+		code = krb5_kt_start_seq_get (ctx, keytab, &cursor);
-+	}
-+
-+	if (code == 0) {
-+		while (!krb5_kt_next_entry (ctx, keytab, &entry, &cursor) && netbios_name == NULL) {
-+			if (krb5_realm_compare (ctx, realm_princ, entry.principal)) {
-+				name_data = krb5_princ_component (ctx, entry.principal, 0);
-+				if (name_data != NULL
-+				                && name_data->length > 0
-+				                && name_data->data[name_data->length - 1] == '$') {
-+					netbios_name = g_strndup (name_data->data, name_data->length - 1);
-+					if (netbios_name == NULL) {
-+						code = krb5_kt_free_entry (ctx, &entry);
-+						warn_if_krb5_failed (ctx, code);
-+						break;
-+					}
-+				}
-+			}
-+			code = krb5_kt_free_entry (ctx, &entry);
-+			warn_if_krb5_failed (ctx, code);
-+		}
-+	}
-+
-+	code = krb5_kt_end_seq_get (ctx, keytab, &cursor);
-+	warn_if_krb5_failed (ctx, code);
-+
-+	code = krb5_kt_close (ctx, keytab);
-+	warn_if_krb5_failed (ctx, code);
-+
-+	krb5_free_principal (ctx, realm_princ);
-+
-+	krb5_free_context (ctx);
-+
-+	return netbios_name;
-+
-+}
-diff --git a/service/realm-kerberos.h b/service/realm-kerberos.h
-index 0447e4d..58cfe07 100644
---- a/service/realm-kerberos.h
-+++ b/service/realm-kerberos.h
-@@ -88,6 +88,8 @@ gchar *             realm_kerberos_format_login          (RealmKerberos *self,
- gboolean            realm_kerberos_flush_keytab                (const gchar *realm_name,
-                                                                 GError **error);
- 
-+gchar *             realm_kerberos_get_netbios_name_from_keytab (const gchar *realm_name);
-+
- const gchar *       realm_kerberos_get_name                    (RealmKerberos *self);
- 
- const gchar *       realm_kerberos_get_realm_name              (RealmKerberos *self);
-diff --git a/service/realm-samba-enroll.c b/service/realm-samba-enroll.c
-index 76e7b79..f5edca3 100644
---- a/service/realm-samba-enroll.c
-+++ b/service/realm-samba-enroll.c
-@@ -85,7 +85,8 @@ static JoinClosure *
- join_closure_init (GTask *task,
-                    RealmDisco *disco,
-                    GVariant *options,
--                   GDBusMethodInvocation *invocation)
-+                   GDBusMethodInvocation *invocation,
-+                   gboolean do_join)
- {
- 	JoinClosure *join;
- 	gchar *workgroup;
-@@ -93,6 +94,7 @@ join_closure_init (GTask *task,
- 	int temp_fd;
- 	const gchar *explicit_computer_name = NULL;
- 	const gchar *authid = NULL;
-+	gchar *name_from_keytab = NULL;
- 
- 	join = g_new0 (JoinClosure, 1);
- 	join->disco = realm_disco_ref (disco);
-@@ -106,6 +108,14 @@ join_closure_init (GTask *task,
- 	else if (disco->explicit_netbios)
- 		authid = disco->explicit_netbios;
- 
-+	/* try to get the NetBIOS name from the keytab while leaving the domain */
-+	if (explicit_computer_name == NULL && !do_join) {
-+		name_from_keytab = realm_kerberos_get_netbios_name_from_keytab(disco->kerberos_realm);
-+		if (name_from_keytab != NULL) {
-+			authid = name_from_keytab;
-+		}
-+	}
-+
- 	join->config = realm_ini_config_new (REALM_INI_NO_WATCH | REALM_INI_PRIVATE);
- 	realm_ini_config_set (join->config, REALM_SAMBA_CONFIG_GLOBAL,
- 	                      "security", "ads",
-@@ -151,6 +161,7 @@ join_closure_init (GTask *task,
- 		g_warning ("Couldn't create temp file in: %s", g_get_tmp_dir ());
- 	}
- 
-+	g_free (name_from_keytab);
- 	return join;
- }
- 
-@@ -393,7 +404,7 @@ realm_samba_enroll_join_async (RealmDisco *disco,
- 	g_return_if_fail (cred != NULL);
- 
- 	task = g_task_new (NULL, NULL, callback, user_data);
--	join = join_closure_init (task, disco, options, invocation);
-+	join = join_closure_init (task, disco, options, invocation, TRUE);
- 	explicit_computer_name = realm_options_computer_name (options, disco->domain_name);
- 	if (explicit_computer_name != NULL) {
- 		realm_diagnostics_info (invocation, "Joining using a manual netbios name: %s",
-@@ -462,7 +473,7 @@ realm_samba_enroll_leave_async (RealmDisco *disco,
- 	JoinClosure *join;
- 
- 	task = g_task_new (NULL, NULL, callback, user_data);
--	join = join_closure_init (task, disco, options, invocation);
-+	join = join_closure_init (task, disco, options, invocation, FALSE);
- 
- 	switch (cred->type) {
- 	case REALM_CREDENTIAL_PASSWORD:
--- 
-2.17.1
-
diff --git a/0001-Fix-issues-found-by-Coverity.patch b/0001-Fix-issues-found-by-Coverity.patch
deleted file mode 100644
index abb6782..0000000
--- a/0001-Fix-issues-found-by-Coverity.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 1831748847715a13f0cc911a9a491eb8614d6682 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Tue, 14 Aug 2018 14:09:48 +0200
-Subject: [PATCH 1/3] Fix issues found by Coverity
-
----
- service/realm-kerberos.c | 5 ++++-
- service/realm-packages.c | 2 +-
- 2 files changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/service/realm-kerberos.c b/service/realm-kerberos.c
-index d6d109f..252e256 100644
---- a/service/realm-kerberos.c
-+++ b/service/realm-kerberos.c
-@@ -980,7 +980,10 @@ realm_kerberos_set_details (RealmKerberos *self,
- 		if (name == NULL)
- 			break;
- 		value = va_arg (va, const gchar *);
--		g_return_if_fail (value != NULL);
-+		if (value == NULL) {
-+			va_end (va);
-+			g_return_if_reached ();
-+		}
- 
- 		values[0] = g_variant_new_string (name);
- 		values[1] = g_variant_new_string (value);
-diff --git a/service/realm-packages.c b/service/realm-packages.c
-index 9a6984c..5976439 100644
---- a/service/realm-packages.c
-+++ b/service/realm-packages.c
-@@ -567,7 +567,7 @@ lookup_required_files_and_packages (const gchar **package_sets,
- 		g_ptr_array_add (packages, NULL);
- 		*result_packages = (gchar **)g_ptr_array_free (packages, FALSE);
- 	} else {
--		g_ptr_array_free (files, TRUE);
-+		g_ptr_array_free (packages, TRUE);
- 	}
- 
- 	if (result_files) {
--- 
-2.17.1
-
diff --git a/0001-Fix-man-page-reference-in-systemd-service-file.patch b/0001-Fix-man-page-reference-in-systemd-service-file.patch
deleted file mode 100644
index fe46620..0000000
--- a/0001-Fix-man-page-reference-in-systemd-service-file.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From e8d9d5e9817627dcf208ac742debcc9dc320752d Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Wed, 27 Jul 2016 19:06:29 +0200
-Subject: [PATCH] Fix man page reference in systemd service file
-
----
- dbus/realmd.service.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/dbus/realmd.service.in b/dbus/realmd.service.in
-index b3bcf7a..64c1090 100644
---- a/dbus/realmd.service.in
-+++ b/dbus/realmd.service.in
-@@ -1,6 +1,6 @@
- [Unit]
- Description=Realm and Domain Configuration
--Documentation=man:realmd(8)
-+Documentation=man:realm(8)
- 
- [Service]
- Type=dbus
--- 
-2.7.4
-
diff --git a/0001-IPA-do-not-call-sssd-enable-logins.patch b/0001-IPA-do-not-call-sssd-enable-logins.patch
deleted file mode 100644
index 01fdef8..0000000
--- a/0001-IPA-do-not-call-sssd-enable-logins.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 373f2e03736dfd87d50f02208b99d462cf34d891 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Thu, 27 Sep 2018 13:04:47 +0200
-Subject: [PATCH] IPA: do not call sssd-enable-logins
-
-It is expected that ipa-client-install will do all PAM and NSS
-configuration. To avoid changing IPA default realmd will not try to
-update the related configuration.
----
- service/realm-sssd-ipa.c | 24 +-----------------------
- 1 file changed, 1 insertion(+), 23 deletions(-)
-
-diff --git a/service/realm-sssd-ipa.c b/service/realm-sssd-ipa.c
-index 5029f6b..70f8b0e 100644
---- a/service/realm-sssd-ipa.c
-+++ b/service/realm-sssd-ipa.c
-@@ -109,41 +109,19 @@ enroll_closure_free (gpointer data)
- 	g_free (enroll);
- }
- 
--static void
--on_enable_nss_done (GObject *source,
--                    GAsyncResult *result,
--                    gpointer user_data)
--{
--	GTask *task = G_TASK (user_data);
--	GError *error = NULL;
--	gint status;
--
--	status = realm_command_run_finish (result, NULL, &error);
--	if (error == NULL && status != 0)
--		g_set_error (&error, REALM_ERROR, REALM_ERROR_INTERNAL,
--		             _("Enabling SSSD in nsswitch.conf and PAM failed."));
--	if (error != NULL)
--		g_task_return_error (task, error);
--	else
--		g_task_return_boolean (task, TRUE);
--	g_object_unref (task);
--}
--
- static void
- on_restart_done (GObject *source,
-                  GAsyncResult *result,
-                  gpointer user_data)
- {
- 	GTask *task = G_TASK (user_data);
--	EnrollClosure *enroll = g_task_get_task_data (task);
- 	RealmSssd *sssd = g_task_get_source_object (task);
- 	GError *error = NULL;
- 
- 	realm_service_enable_and_restart_finish (result, &error);
- 	if (error == NULL) {
- 		realm_sssd_update_properties (sssd);
--		realm_command_run_known_async ("sssd-enable-logins", NULL, enroll->invocation,
--		                               on_enable_nss_done, g_object_ref (task));
-+		g_task_return_boolean (task, TRUE);
- 	} else {
- 		g_task_return_error (task, error);
- 	}
--- 
-2.17.1
-
diff --git a/0001-Kerberos-fall-back-to-tcp-SRV-lookup.patch b/0001-Kerberos-fall-back-to-tcp-SRV-lookup.patch
deleted file mode 100644
index a61b602..0000000
--- a/0001-Kerberos-fall-back-to-tcp-SRV-lookup.patch
+++ /dev/null
@@ -1,112 +0,0 @@
-From 6f0aa79c3e8dd93e723f29bf46e1b8b14403254f Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Mon, 5 Dec 2016 18:25:44 +0100
-Subject: [PATCH] Kerberos: fall back to tcp SRV lookup
-
----
- service/realm-kerberos-provider.c | 48 +++++++++++++++++++++++++++++++--------
- 1 file changed, 39 insertions(+), 9 deletions(-)
-
-diff --git a/service/realm-kerberos-provider.c b/service/realm-kerberos-provider.c
-index 2b3a0f8..1477ae8 100644
---- a/service/realm-kerberos-provider.c
-+++ b/service/realm-kerberos-provider.c
-@@ -19,6 +19,7 @@
- #include "realm-kerberos-provider.h"
- 
- #include <errno.h>
-+#include <string.h>
- 
- struct _RealmKerberosProvider {
- 	RealmProvider parent;
-@@ -38,28 +39,54 @@ realm_kerberos_provider_init (RealmKerberosProvider *self)
- 
- }
- 
-+typedef struct {
-+	gchar *name;
-+	const char *prot;
-+} NameProtPair;
-+
-+static void
-+name_prot_pair_free (gpointer data)
-+{
-+	NameProtPair *name_prot_pair = data;
-+	g_free (name_prot_pair->name);
-+	g_free (name_prot_pair);
-+}
-+
- static void
- on_kerberos_discover (GObject *source,
-                       GAsyncResult *result,
-                       gpointer user_data)
- {
- 	GTask *task = G_TASK (user_data);
--	const gchar *domain = g_task_get_task_data (task);
-+	NameProtPair *name_prot_pair = g_task_get_task_data (task);
- 	GError *error = NULL;
- 	RealmDisco *disco;
- 	GList *targets;
-+	GResolver *resolver;
- 
- 	targets = g_resolver_lookup_service_finish (G_RESOLVER (source), result, &error);
- 	if (targets) {
- 		g_list_free_full (targets, (GDestroyNotify)g_srv_target_free);
--		disco = realm_disco_new (domain);
--		disco->kerberos_realm = g_ascii_strup (domain, -1);
-+		disco = realm_disco_new (name_prot_pair->name);
-+		disco->kerberos_realm = g_ascii_strup (name_prot_pair->name, -1);
- 		g_task_return_pointer (task, disco, realm_disco_unref);
- 
- 	} else if (error) {
--		g_debug ("Resolving %s failed: %s", domain, error->message);
-+		g_debug ("Resolving %s failed: %s", name_prot_pair->name, error->message);
- 		g_error_free (error);
--		g_task_return_pointer (task, NULL, NULL);
-+
-+		if (strcmp (name_prot_pair->prot, "tcp") == 0) {
-+			g_task_return_pointer (task, NULL, NULL);
-+		} else {
-+			/* Try tcp */
-+			name_prot_pair->prot = "tcp";
-+			resolver = g_resolver_get_default ();
-+			g_resolver_lookup_service_async (resolver, "kerberos", name_prot_pair->prot,
-+			                                 name_prot_pair->name,
-+			                                 g_task_get_cancellable (task),
-+			                                 on_kerberos_discover, g_object_ref (task));
-+			g_object_unref (resolver);
-+		}
- 	}
- 
- 	g_object_unref (task);
-@@ -76,7 +103,7 @@ realm_kerberos_provider_discover_async (RealmProvider *provider,
- 	GTask *task;
- 	const gchar *software;
- 	GResolver *resolver;
--	gchar *name;
-+	NameProtPair *name_prot_pair;
- 
- 	task = g_task_new (provider, NULL, callback, user_data);
- 
-@@ -86,12 +113,15 @@ realm_kerberos_provider_discover_async (RealmProvider *provider,
- 		g_task_return_pointer (task, NULL, NULL);
- 
- 	} else {
--		name = g_hostname_to_ascii (string);
-+		name_prot_pair = g_new0 (NameProtPair, 1);
-+		name_prot_pair->name = g_hostname_to_ascii (string);
-+		name_prot_pair->prot = "udp";
- 		resolver = g_resolver_get_default ();
--		g_resolver_lookup_service_async (resolver, "kerberos", "udp", name,
-+		g_resolver_lookup_service_async (resolver, "kerberos", name_prot_pair->prot,
-+		                                 name_prot_pair->name,
- 		                                 realm_invocation_get_cancellable (invocation),
- 		                                 on_kerberos_discover, g_object_ref (task));
--		g_task_set_task_data (task, name, g_free);
-+		g_task_set_task_data (task, name_prot_pair, name_prot_pair_free);
- 		g_object_unref (resolver);
- 	}
- 
--- 
-2.9.3
-
diff --git a/0001-LDAP-don-t-close-LDAP-socket-twice.patch b/0001-LDAP-don-t-close-LDAP-socket-twice.patch
deleted file mode 100644
index 09e9ccf..0000000
--- a/0001-LDAP-don-t-close-LDAP-socket-twice.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 895e5b37d14090541480cebcb297846cbd3662ce Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Fri, 25 Nov 2016 17:35:11 +0100
-Subject: [PATCH] LDAP: don't close LDAP socket twice
-
-ldap_destroy() will call close() on the LDAP socket so with an explicit
-close() before the file descriptor will be closed twice. Even worse,
-since the file descriptor can be reused after the explicit call of
-close() by any other thread the close() called from ldap_destroy() might
-close a file descriptor used by a different thread as seen e.g. in
-https://bugzilla.redhat.com/show_bug.cgi?id=1398522.
-
-Additionally the patch makes sure that the closed connection cannot be
-used again.
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1398522
----
- service/realm-ldap.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/service/realm-ldap.c b/service/realm-ldap.c
-index 061ed61..59817fb 100644
---- a/service/realm-ldap.c
-+++ b/service/realm-ldap.c
-@@ -159,10 +159,11 @@ ldap_source_finalize (GSource *source)
- {
- 	LdapSource *ls = (LdapSource *)source;
- 
--	/* Yeah, this is pretty rough, but we don't want blocking here */
--	close (ls->sock);
- 	ldap_destroy (ls->ldap);
- 
-+	ls->sock = -1;
-+	ls->ldap = NULL;
-+
- 	if (ls->cancellable) {
- 		g_cancellable_release_fd (ls->cancellable);
- 		g_object_unref (ls->cancellable);
--- 
-2.9.3
-
diff --git a/0001-Use-current-idmap-options-for-smb.conf.patch b/0001-Use-current-idmap-options-for-smb.conf.patch
deleted file mode 100644
index ea34960..0000000
--- a/0001-Use-current-idmap-options-for-smb.conf.patch
+++ /dev/null
@@ -1,185 +0,0 @@
-From e683fb573bc09893ec541be29751560cea30ce3f Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Wed, 30 May 2018 13:10:57 +0200
-Subject: [PATCH] Use current idmap options for smb.conf
-
-Samba change some time ago the way how to configure id-mapping. With
-this patch realmd will use the current supported options when creating
-smb.conf.
-
-A new option --legacy-samba-config is added to use the old options if
-realmd is used with Samba 3.5 or earlier.
-
-Related to https://bugzilla.redhat.com/show_bug.cgi?id=1484072
----
- dbus/realm-dbus-constants.h   |  1 +
- doc/manual/realmd.conf.xml    | 17 ++++++++++++
- service/realm-samba-enroll.c  |  2 +-
- service/realm-samba-enroll.h  |  3 +++
- service/realm-samba-winbind.c | 63 ++++++++++++++++++++++++++++++++++---------
- 5 files changed, 72 insertions(+), 14 deletions(-)
-
-diff --git a/dbus/realm-dbus-constants.h b/dbus/realm-dbus-constants.h
-index 9cd30ef..40ffa2d 100644
---- a/dbus/realm-dbus-constants.h
-+++ b/dbus/realm-dbus-constants.h
-@@ -69,6 +69,7 @@ G_BEGIN_DECLS
- #define   REALM_DBUS_OPTION_COMPUTER_NAME          "computer-name"
- #define   REALM_DBUS_OPTION_OS_NAME                "os-name"
- #define   REALM_DBUS_OPTION_OS_VERSION             "os-version"
-+#define   REALM_DBUS_OPTION_LEGACY_SMB_CONF        "legacy-samba-config"
- 
- #define   REALM_DBUS_IDENTIFIER_ACTIVE_DIRECTORY   "active-directory"
- #define   REALM_DBUS_IDENTIFIER_WINBIND            "winbind"
-diff --git a/doc/manual/realmd.conf.xml b/doc/manual/realmd.conf.xml
-index 7853230..a2b577c 100644
---- a/doc/manual/realmd.conf.xml
-+++ b/doc/manual/realmd.conf.xml
-@@ -192,6 +192,23 @@ automatic-install = no
- 	</listitem>
- 	</varlistentry>
- 
-+	<varlistentry>
-+	<term><option>legacy-samba-config</option></term>
-+	<listitem>
-+		<para>Set this to <parameter>yes</parameter> to create a Samba
-+		configuration file with id-mapping options used by Samba-3.5
-+		and earlier version.</para>
-+
-+		<informalexample>
-+<programlisting language="js">
-+[service]
-+legacy-samba-config = no
-+# legacy-samba-config = yes
-+</programlisting>
-+		</informalexample>
-+	</listitem>
-+	</varlistentry>
-+
- 	</variablelist>
- </refsect1>
- 
-diff --git a/service/realm-samba-enroll.c b/service/realm-samba-enroll.c
-index c81aed2..76e7b79 100644
---- a/service/realm-samba-enroll.c
-+++ b/service/realm-samba-enroll.c
-@@ -69,7 +69,7 @@ join_closure_free (gpointer data)
- 	g_free (join);
- }
- 
--static gchar *
-+gchar *
- fallback_workgroup (const gchar *realm)
- {
- 	const gchar *pos;
-diff --git a/service/realm-samba-enroll.h b/service/realm-samba-enroll.h
-index 84e8b2f..310ec65 100644
---- a/service/realm-samba-enroll.h
-+++ b/service/realm-samba-enroll.h
-@@ -46,6 +46,9 @@ void               realm_samba_enroll_leave_async          (RealmDisco *disco,
- gboolean           realm_samba_enroll_leave_finish         (GAsyncResult *result,
-                                                             GError **error);
- 
-+gchar *
-+fallback_workgroup (const gchar *realm);
-+
- G_END_DECLS
- 
- #endif /* __REALM_SAMBA_ENROLL_H__ */
-diff --git a/service/realm-samba-winbind.c b/service/realm-samba-winbind.c
-index a7ddec3..9335e26 100644
---- a/service/realm-samba-winbind.c
-+++ b/service/realm-samba-winbind.c
-@@ -21,8 +21,10 @@
- #include "realm-options.h"
- #include "realm-samba-config.h"
- #include "realm-samba-winbind.h"
-+#include "realm-samba-enroll.h"
- #include "realm-settings.h"
- #include "realm-service.h"
-+#include "dbus/realm-dbus-constants.h"
- 
- #include <glib/gstdio.h>
- 
-@@ -80,6 +82,10 @@ realm_samba_winbind_configure_async (RealmIniConfig *config,
- 	RealmIniConfig *pwc;
- 	GTask *task;
- 	GError *error = NULL;
-+	gchar *workgroup = NULL;
-+	gchar *idmap_config_backend = NULL;
-+	gchar *idmap_config_range = NULL;
-+	gchar *idmap_config_schema_mode = NULL;
- 
- 	g_return_if_fail (config != NULL);
- 	g_return_if_fail (invocation != NULL || G_IS_DBUS_METHOD_INVOCATION (invocation));
-@@ -100,23 +106,54 @@ realm_samba_winbind_configure_async (RealmIniConfig *config,
- 		                      "template shell", realm_settings_string ("users", "default-shell"),
- 		                      NULL);
- 
--		if (realm_options_automatic_mapping (options, domain_name)) {
--			realm_ini_config_set (config, REALM_SAMBA_CONFIG_GLOBAL,
--			                      "idmap uid", "10000-2000000",
--			                      "idmap gid", "10000-2000000",
--			                      "idmap backend", "tdb",
--			                      "idmap schema", NULL,
--			                      NULL);
-+		if (realm_settings_boolean ("service", REALM_DBUS_OPTION_LEGACY_SMB_CONF, FALSE)) {
-+			if (realm_options_automatic_mapping (options, domain_name)) {
-+				realm_ini_config_set (config, REALM_SAMBA_CONFIG_GLOBAL,
-+						      "idmap uid", "10000-2000000",
-+						      "idmap gid", "10000-2000000",
-+						      "idmap backend", "tdb",
-+						      "idmap schema", NULL,
-+						      NULL);
-+			} else {
-+				realm_ini_config_set (config, REALM_SAMBA_CONFIG_GLOBAL,
-+						      "idmap uid", "500-4294967296",
-+						      "idmap gid", "500-4294967296",
-+						      "idmap backend", "ad",
-+						      "idmap schema", "rfc2307",
-+						      NULL);
-+			}
- 		} else {
--			realm_ini_config_set (config, REALM_SAMBA_CONFIG_GLOBAL,
--			                      "idmap uid", "500-4294967296",
--			                      "idmap gid", "500-4294967296",
--			                      "idmap backend", "ad",
--			                      "idmap schema", "rfc2307",
--			                      NULL);
-+			workgroup = realm_ini_config_get (config, REALM_SAMBA_CONFIG_GLOBAL, "workgroup");
-+			if (workgroup == NULL) {
-+				workgroup = fallback_workgroup (domain_name);
-+			}
-+			idmap_config_backend = g_strdup_printf ("idmap config %s : backend", workgroup != NULL ? workgroup : "PLEASE_REPLACE");
-+			idmap_config_range = g_strdup_printf ("idmap config %s : range", workgroup != NULL ? workgroup : "PLEASE_REPLACE");
-+			idmap_config_schema_mode = g_strdup_printf ("idmap config %s : schema_mode", workgroup != NULL ? workgroup : "PLEASE_REPLACE");
-+			g_free (workgroup);
-+
-+			if (realm_options_automatic_mapping (options, domain_name)) {
-+				realm_ini_config_set (config, REALM_SAMBA_CONFIG_GLOBAL,
-+						      "idmap config * : backend", "tdb",
-+						      "idmap config * : range", "10000-999999",
-+						      idmap_config_backend != NULL ? idmap_config_backend : "idmap config PLEASE_REPLACE : backend", "rid",
-+						      idmap_config_range != NULL ? idmap_config_range: "idmap config PLEASE_REPLACE : range", "2000000-2999999",
-+						      idmap_config_schema_mode != NULL ? idmap_config_schema_mode: "idmap config PLEASE_REPLACE : schema_mode", NULL,
-+						      NULL);
-+			} else {
-+				realm_ini_config_set (config, REALM_SAMBA_CONFIG_GLOBAL,
-+						      "idmap config * : backend", "tdb",
-+						      "idmap config * : range", "10000000-10999999",
-+						      idmap_config_backend != NULL ? idmap_config_backend : "idmap config PLEASE_REPLACE : backend", "ad",
-+						      idmap_config_range != NULL ? idmap_config_range: "idmap config PLEASE_REPLACE : range", "500-999999",
-+						      idmap_config_schema_mode != NULL ? idmap_config_schema_mode: "idmap config PLEASE_REPLACE : schema_mode", "rfc2307",
-+						      NULL);
-+			}
- 		}
- 
- 		realm_ini_config_finish_change (config, &error);
-+		g_free (idmap_config_backend);
-+		g_free (idmap_config_range);
- 	}
- 
- 	/* Setup pam_winbind.conf with decent defaults matching our expectations */
--- 
-2.14.4
-
diff --git a/0001-service-Add-nss-and-pam-sssd.conf-services-after-joi.patch b/0001-service-Add-nss-and-pam-sssd.conf-services-after-joi.patch
deleted file mode 100644
index 8b8f633..0000000
--- a/0001-service-Add-nss-and-pam-sssd.conf-services-after-joi.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-From 402cbab6e8267fcd959bcfa84a47f4871b59944d Mon Sep 17 00:00:00 2001
-From: Stef Walter <stefw@redhat.com>
-Date: Fri, 28 Oct 2016 20:27:48 +0200
-Subject: [PATCH] service: Add nss and pam sssd.conf services after joining
-
-After adding a domain to sssd.conf add the nss and pam services
-to the [sssd] block.
-
-https://bugs.freedesktop.org/show_bug.cgi?id=98479
----
- service/realm-sssd-ad.c     | 3 +++
- service/realm-sssd-config.c | 2 --
- service/realm-sssd-ipa.c    | 3 +++
- tests/test-sssd-config.c    | 4 ++--
- 4 files changed, 8 insertions(+), 4 deletions(-)
-
-diff --git a/service/realm-sssd-ad.c b/service/realm-sssd-ad.c
-index 5ed384d..5fa81ce 100644
---- a/service/realm-sssd-ad.c
-+++ b/service/realm-sssd-ad.c
-@@ -160,6 +160,7 @@ configure_sssd_for_domain (RealmIniConfig *config,
-                            gboolean use_adcli,
-                            GError **error)
- {
-+	const gchar *services[] = { "nss", "pam", NULL };
- 	GString *realmd_tags;
- 	const gchar *access_provider;
- 	const gchar *shell;
-@@ -206,6 +207,8 @@ configure_sssd_for_domain (RealmIniConfig *config,
- 	                                    "ldap_sasl_authid", authid,
- 	                                    NULL);
- 
-+	realm_ini_config_set_list_diff (config, "sssd", "services", ", ", services, NULL);
-+
- 	g_free (authid);
- 	g_string_free (realmd_tags, TRUE);
- 
-diff --git a/service/realm-sssd-config.c b/service/realm-sssd-config.c
-index 2096afd..d4398b9 100644
---- a/service/realm-sssd-config.c
-+++ b/service/realm-sssd-config.c
-@@ -154,8 +154,6 @@ realm_sssd_config_add_domain (RealmIniConfig *config,
- 	g_strfreev (already);
- 
- 	/* Setup a default sssd section */
--	if (!realm_ini_config_have (config, "section", "services"))
--		realm_ini_config_set (config, "sssd", "services", "nss, pam", NULL);
- 	if (!realm_ini_config_have (config, "sssd", "config_file_version"))
- 		realm_ini_config_set (config, "sssd", "config_file_version", "2", NULL);
- 
-diff --git a/service/realm-sssd-ipa.c b/service/realm-sssd-ipa.c
-index b12136e..001870d 100644
---- a/service/realm-sssd-ipa.c
-+++ b/service/realm-sssd-ipa.c
-@@ -156,6 +156,7 @@ on_ipa_client_do_restart (GObject *source,
-                           GAsyncResult *result,
-                           gpointer user_data)
- {
-+	const gchar *services[] = { "nss", "pam", NULL };
- 	GTask *task = G_TASK (user_data);
- 	EnrollClosure *enroll = g_task_get_task_data (task);
- 	RealmSssd *sssd = g_task_get_source_object (task);
-@@ -207,6 +208,8 @@ on_ipa_client_do_restart (GObject *source,
- 		                                 "realmd_tags", realmd_tags,
- 		                                 NULL);
- 
-+		realm_ini_config_set_list_diff (config, "sssd", "services", ", ", services, NULL);
-+
- 		g_free (home);
- 	}
- 
-diff --git a/tests/test-sssd-config.c b/tests/test-sssd-config.c
-index 59eab75..892b9d5 100644
---- a/tests/test-sssd-config.c
-+++ b/tests/test-sssd-config.c
-@@ -90,7 +90,7 @@ test_add_domain (Test *test,
-                  gconstpointer unused)
- {
- 	const gchar *data = "[domain/one]\nval=1\n[sssd]\ndomains=one";
--	const gchar *check = "[domain/one]\nval=1\n[sssd]\ndomains = one, two\nconfig_file_version = 2\nservices = nss, pam\n\n[domain/two]\ndos = 2\n";
-+	const gchar *check = "[domain/one]\nval=1\n[sssd]\ndomains = one, two\nconfig_file_version = 2\n\n[domain/two]\ndos = 2\n";
- 	GError *error = NULL;
- 	gchar *output;
- 	gboolean ret;
-@@ -140,7 +140,7 @@ static void
- test_add_domain_only (Test *test,
-                       gconstpointer unused)
- {
--	const gchar *check = "\n[sssd]\ndomains = two\nconfig_file_version = 2\nservices = nss, pam\n\n[domain/two]\ndos = 2\n";
-+	const gchar *check = "\n[sssd]\ndomains = two\nconfig_file_version = 2\n\n[domain/two]\ndos = 2\n";
- 	GError *error = NULL;
- 	gchar *output;
- 	gboolean ret;
--- 
-2.9.3
-
diff --git a/0001-service-Add-pam-and-nss-services-in-realm_sssd_confi.patch b/0001-service-Add-pam-and-nss-services-in-realm_sssd_confi.patch
deleted file mode 100644
index 6c44727..0000000
--- a/0001-service-Add-pam-and-nss-services-in-realm_sssd_confi.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-From 9d5b6f5c88df582fb94edcf5cc05a8cfaa63cf6a Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
-Date: Tue, 25 Apr 2017 07:20:17 +0200
-Subject: [PATCH] service: Add "pam" and "nss" services in
- realm_sssd_config_add_domain()
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-realm_sssd_config_add_domain() must setup the services line in sssd.conf
-otherwise SSSD won't be able to start any of its services.
-
-It's a regression caused by 402cbab which leaves SSSD with no services
-line when joining to an ad client doing "realm join ad.example".
-
-https://bugs.freedesktop.org/show_bug.cgi?id=98479
-
-Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
----
- service/realm-sssd-ad.c     | 3 ++-
- service/realm-sssd-config.c | 2 ++
- service/realm-sssd-ipa.c    | 3 ++-
- tests/test-sssd-config.c    | 4 ++--
- 4 files changed, 8 insertions(+), 4 deletions(-)
-
-diff --git a/service/realm-sssd-ad.c b/service/realm-sssd-ad.c
-index 5fa81ce..8543ca8 100644
---- a/service/realm-sssd-ad.c
-+++ b/service/realm-sssd-ad.c
-@@ -207,7 +207,8 @@ configure_sssd_for_domain (RealmIniConfig *config,
- 	                                    "ldap_sasl_authid", authid,
- 	                                    NULL);
- 
--	realm_ini_config_set_list_diff (config, "sssd", "services", ", ", services, NULL);
-+	if (ret)
-+		ret = realm_ini_config_change_list (config, "sssd", "services", ", ", services, NULL, error);
- 
- 	g_free (authid);
- 	g_string_free (realmd_tags, TRUE);
-diff --git a/service/realm-sssd-config.c b/service/realm-sssd-config.c
-index d4398b9..140d7dc 100644
---- a/service/realm-sssd-config.c
-+++ b/service/realm-sssd-config.c
-@@ -130,6 +130,7 @@ realm_sssd_config_add_domain (RealmIniConfig *config,
- 	gchar **already;
- 	gboolean ret;
- 	gchar *section;
-+	const gchar *services[] = { "nss", "pam", NULL };
- 	va_list va;
- 	gint i;
- 
-@@ -154,6 +155,7 @@ realm_sssd_config_add_domain (RealmIniConfig *config,
- 	g_strfreev (already);
- 
- 	/* Setup a default sssd section */
-+	realm_ini_config_set_list_diff (config, "sssd", "services", ", ", services, NULL);
- 	if (!realm_ini_config_have (config, "sssd", "config_file_version"))
- 		realm_ini_config_set (config, "sssd", "config_file_version", "2", NULL);
- 
-diff --git a/service/realm-sssd-ipa.c b/service/realm-sssd-ipa.c
-index 001870d..ff1dc8a 100644
---- a/service/realm-sssd-ipa.c
-+++ b/service/realm-sssd-ipa.c
-@@ -208,7 +208,8 @@ on_ipa_client_do_restart (GObject *source,
- 		                                 "realmd_tags", realmd_tags,
- 		                                 NULL);
- 
--		realm_ini_config_set_list_diff (config, "sssd", "services", ", ", services, NULL);
-+		if (error == NULL)
-+			realm_ini_config_change_list (config, "sssd", "services", ", ", services, NULL, &error);
- 
- 		g_free (home);
- 	}
-diff --git a/tests/test-sssd-config.c b/tests/test-sssd-config.c
-index 892b9d5..59eab75 100644
---- a/tests/test-sssd-config.c
-+++ b/tests/test-sssd-config.c
-@@ -90,7 +90,7 @@ test_add_domain (Test *test,
-                  gconstpointer unused)
- {
- 	const gchar *data = "[domain/one]\nval=1\n[sssd]\ndomains=one";
--	const gchar *check = "[domain/one]\nval=1\n[sssd]\ndomains = one, two\nconfig_file_version = 2\n\n[domain/two]\ndos = 2\n";
-+	const gchar *check = "[domain/one]\nval=1\n[sssd]\ndomains = one, two\nconfig_file_version = 2\nservices = nss, pam\n\n[domain/two]\ndos = 2\n";
- 	GError *error = NULL;
- 	gchar *output;
- 	gboolean ret;
-@@ -140,7 +140,7 @@ static void
- test_add_domain_only (Test *test,
-                       gconstpointer unused)
- {
--	const gchar *check = "\n[sssd]\ndomains = two\nconfig_file_version = 2\n\n[domain/two]\ndos = 2\n";
-+	const gchar *check = "\n[sssd]\ndomains = two\nconfig_file_version = 2\nservices = nss, pam\n\n[domain/two]\ndos = 2\n";
- 	GError *error = NULL;
- 	gchar *output;
- 	gboolean ret;
--- 
-2.9.3
-
diff --git a/0001-switch-to-authselect.patch b/0001-switch-to-authselect.patch
deleted file mode 100644
index d750d6d..0000000
--- a/0001-switch-to-authselect.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 32645f2fc1ddfb2eed7069fd749602619f26ed37 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Mon, 19 Feb 2018 11:51:06 +0100
-Subject: [PATCH] switch to authselect
-
----
- service/realmd-redhat.conf | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/service/realmd-redhat.conf b/service/realmd-redhat.conf
-index e39fad525c716d1ed99715280cd5d497b9039427..26cf6147f352e1b48c3261fa42707d816428f879 100644
---- a/service/realmd-redhat.conf
-+++ b/service/realmd-redhat.conf
-@@ -23,15 +23,15 @@ adcli = /usr/sbin/adcli
- freeipa-client = /usr/sbin/ipa-client-install
- 
- [commands]
--winbind-enable-logins = /usr/bin/sh -c "/usr/sbin/authconfig --update --enablewinbind --enablewinbindauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service"
--winbind-disable-logins = /usr/sbin/authconfig --update --disablewinbind --disablewinbindauth --nostart
-+winbind-enable-logins = /usr/bin/sh -c "/usr/bin/authselect select winbind with-mkhomedir --force && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service"
-+winbind-disable-logins = /usr/bin/authselect select sssd with-mkhomedir
- winbind-enable-service = /usr/bin/systemctl enable winbind.service
- winbind-disable-service = /usr/bin/systemctl disable winbind.service
- winbind-restart-service = /usr/bin/systemctl restart winbind.service
- winbind-stop-service = /usr/bin/systemctl stop winbind.service
- 
--sssd-enable-logins = /usr/bin/sh -c "/usr/sbin/authconfig --update --enablesssd --enablesssdauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service"
--sssd-disable-logins = /usr/sbin/authconfig --update --disablesssdauth --nostart
-+sssd-enable-logins = /usr/bin/sh -c "/usr/bin/authselect select sssd with-mkhomedir --force && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service"
-+sssd-disable-logins = /usr/bin/authselect select sssd with-mkhomedir
- sssd-enable-service = /usr/bin/systemctl enable sssd.service
- sssd-disable-service = /usr/bin/systemctl disable sssd.service
- sssd-restart-service = /usr/bin/systemctl restart sssd.service
--- 
-2.9.3
-
diff --git a/0001-tests-run-tests-with-python3.patch b/0001-tests-run-tests-with-python3.patch
deleted file mode 100644
index 607afa4..0000000
--- a/0001-tests-run-tests-with-python3.patch
+++ /dev/null
@@ -1,374 +0,0 @@
-From c257850912897a07e20f205faecf3c1b692fa9e9 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Wed, 4 Jul 2018 16:41:16 +0200
-Subject: [PATCH] tests: run tests with python3
-
-To allow the test to run with python3 build/tap-driver and
-build/tap-gtester are updated to the latest version provided by the
-cockpit project https://github.com/cockpit-project/cockpit.
-
-Related to https://bugzilla.redhat.com/show_bug.cgi?id=1595813
----
- build/tap-driver  | 104 +++++++++++++++++++++++++++++++++++++++++++-----------
- build/tap-gtester |  59 ++++++++++++++++++++++---------
- 2 files changed, 125 insertions(+), 38 deletions(-)
-
-diff --git a/build/tap-driver b/build/tap-driver
-index 42f57c8..241fd50 100755
---- a/build/tap-driver
-+++ b/build/tap-driver
-@@ -1,4 +1,5 @@
--#!/usr/bin/python
-+#!/usr/bin/python3
-+# This can also be run with Python 2.
- 
- # Copyright (C) 2013 Red Hat, Inc.
- #
-@@ -29,20 +30,58 @@
- #
- 
- import argparse
-+import fcntl
- import os
- import select
-+import struct
- import subprocess
- import sys
-+import termios
-+import errno
-+
-+_PY3 = sys.version[0] >= '3'
-+_str = _PY3 and str or unicode
-+
-+def out(data, stream=None, flush=False):
-+    if not isinstance(data, bytes):
-+        data = data.encode("UTF-8")
-+    if not stream:
-+        stream = _PY3 and sys.stdout.buffer or sys.stdout
-+    while True:
-+        try:
-+            if data:
-+                stream.write(data)
-+            data = None
-+            if flush:
-+                stream.flush()
-+            flush = False
-+            break
-+        except IOError as e:
-+            if e.errno == errno.EAGAIN:
-+                continue
-+            raise
-+
-+def terminal_width():
-+    try:
-+        h, w, hp, wp = struct.unpack('HHHH',
-+            fcntl.ioctl(1, termios.TIOCGWINSZ,
-+            struct.pack('HHHH', 0, 0, 0, 0)))
-+        return w
-+    except IOError as e:
-+        if e.errno != errno.ENOTTY:
-+            sys.stderr.write("%i %s %s\n" % (e.errno, e.strerror, sys.exc_info()))
-+        return sys.maxsize
- 
- class Driver:
-     def __init__(self, args):
-         self.argv = args.command
-         self.test_name = args.test_name
--        self.log = open(args.log_file, "w")
--        self.log.write("# %s\n" % " ".join(sys.argv))
-+        self.log = open(args.log_file, "wb")
-+        self.log.write(("# %s\n" % " ".join(sys.argv)).encode("UTF-8"))
-         self.trs = open(args.trs_file, "w")
-         self.color_tests = args.color_tests
-         self.expect_failure = args.expect_failure
-+        self.width = terminal_width() - 9
- 
-     def report(self, code, *args):
-         CODES = {
-@@ -57,17 +96,18 @@ class Driver:
-         # Print out to console
-         if self.color_tests:
-             if code in CODES:
--                sys.stdout.write(CODES[code])
--        sys.stdout.write(code)
-+                out(CODES[code])
-+        out(code)
-         if self.color_tests:
--            sys.stdout.write('\x1b[m')
--        sys.stdout.write(": ")
--        sys.stdout.write(self.test_name)
--        sys.stdout.write(" ")
--        for arg in args:
--            sys.stdout.write(str(arg))
--        sys.stdout.write("\n")
--        sys.stdout.flush()
-+            out('\x1b[m')
-+        out(": ")
-+        msg = "".join([ self.test_name + " " ] + list(map(_str, args)))
-+        if code == "PASS" and len(msg) > self.width:
-+            out(msg[:self.width])
-+            out("...")
-+        else:
-+            out(msg)
-+        out("\n", flush=True)
- 
-         # Book keeping
-         if code in CODES:
-@@ -100,12 +140,14 @@ class Driver:
-     def execute(self):
-         try:
-             proc = subprocess.Popen(self.argv, close_fds=True,
-+                                    stdin=subprocess.PIPE,
-                                     stdout=subprocess.PIPE,
-                                     stderr=subprocess.PIPE)
--        except OSError, ex:
-+        except OSError as ex:
-             self.report_error("Couldn't run %s: %s" % (self.argv[0], str(ex)))
-             return
- 
-+        proc.stdin.close()
-         outf = proc.stdout.fileno()
-         errf = proc.stderr.fileno()
-         rset = [outf, errf]
-@@ -113,18 +155,25 @@ class Driver:
-             ret = select.select(rset, [], [], 10)
-             if outf in ret[0]:
-                 data = os.read(outf, 1024)
--                if data == "":
-+                if data == b"":
-                     rset.remove(outf)
-                 self.log.write(data)
-                 self.process(data)
-             if errf in ret[0]:
-                 data = os.read(errf, 1024)
--                if data == "":
-+                if data == b"":
-                     rset.remove(errf)
-                 self.log.write(data)
--                sys.stderr.write(data)
-+                stream = _PY3 and sys.stderr.buffer or sys.stderr
-+                out(data, stream=stream, flush=True)
- 
-         proc.wait()
-+
-+        # Make sure the test didn't change blocking output
-+        assert fcntl.fcntl(0, fcntl.F_GETFL) & os.O_NONBLOCK == 0
-+        assert fcntl.fcntl(1, fcntl.F_GETFL) & os.O_NONBLOCK == 0
-+        assert fcntl.fcntl(2, fcntl.F_GETFL) & os.O_NONBLOCK == 0
-+
-         return proc.returncode
- 
- 
-@@ -137,6 +186,7 @@ class TapDriver(Driver):
-         self.late_plan = False
-         self.errored = False
-         self.bail_out = False
-+        self.skip_all_reason = None
- 
-     def report(self, code, num, *args):
-         if num:
-@@ -170,13 +220,19 @@ class TapDriver(Driver):
-         else:
-             self.result_fail(num, description)
- 
--    def consume_test_plan(self, first, last):
-+    def consume_test_plan(self, line):
-         # Only one test plan is supported
-         if self.test_plan:
-             self.report_error("Get a second TAP test plan")
-             return
- 
-+        if line.lower().startswith('1..0 # skip'):
-+            self.skip_all_reason = line[5:].strip()
-+            self.bail_out = True
-+            return
-+
-         try:
-+            (first, unused, last) = line.partition("..")
-             first = int(first)
-             last = int(last)
-         except ValueError:
-@@ -192,7 +248,7 @@ class TapDriver(Driver):
- 
-     def process(self, output):
-         if output:
--            self.output += output
-+            self.output += output.decode("UTF-8")
-         elif self.output:
-             self.output += "\n"
-         (ready, unused, self.output) = self.output.rpartition("\n")
-@@ -202,8 +258,7 @@ class TapDriver(Driver):
-             elif line.startswith("not ok "):
-                 self.consume_test_line(False, line[7:])
-             elif line and line[0].isdigit() and ".." in line:
--                (first, unused, last) = line.partition("..")
--                self.consume_test_plan(first, last)
-+                self.consume_test_plan(line)
-             elif line.lower().startswith("bail out!"):
-                 self.consume_bail_out(line)
- 
-@@ -213,6 +268,13 @@ class TapDriver(Driver):
-         failed = False
-         skipped = True
- 
-+        if self.skip_all_reason is not None:
-+            self.result_skip("skipping:", self.skip_all_reason)
-+            self.trs.write(":global-test-result: SKIP\n")
-+            self.trs.write(":test-global-result: SKIP\n")
-+            self.trs.write(":recheck: no\n")
-+            return 0
-+
-         # Basic collation of results
-         for (num, code) in self.reported.items():
-             if code == "ERROR":
-diff --git a/build/tap-gtester b/build/tap-gtester
-index 7e667d4..bbda266 100755
---- a/build/tap-gtester
-+++ b/build/tap-gtester
-@@ -1,4 +1,5 @@
--#!/usr/bin/python
-+#!/usr/bin/python3
-+# This can also be run with Python 2.
- 
- # Copyright (C) 2014 Red Hat, Inc.
- #
-@@ -30,9 +31,19 @@
- import argparse
- import os
- import select
-+import signal
- import subprocess
- import sys
- 
-+# Yes, it's dumb, but strsignal is not exposed in python
-+# In addition signal numbers varify heavily from arch to arch
-+def strsignal(sig):
-+    for name in dir(signal):
-+        if name.startswith("SIG") and sig == getattr(signal, name):
-+            return name
-+    return str(sig)
-+
-+
- class NullCompiler:
-     def __init__(self, command):
-         self.command = command
-@@ -76,22 +87,22 @@ class GTestCompiler(NullCompiler):
-            elif cmd == "result":
-                if self.test_name:
-                    if data == "OK":
--                       print "ok %d %s" % (self.test_num, self.test_name)
-+                       print("ok %d %s" % (self.test_num, self.test_name))
-                    if data == "FAIL":
--                       print "not ok %d %s", (self.test_num, self.test_name)
-+                       print("not ok %d %s" % (self.test_num, self.test_name))
-                self.test_name = None
-            elif cmd == "skipping":
-                if "/subprocess" not in data:
--                   print "ok %d # skip -- %s" % (self.test_num, data)
-+                   print("ok %d # skip -- %s" % (self.test_num, data))
-                self.test_name = None
-            elif data:
--               print "# %s: %s" % (cmd, data)
-+               print("# %s: %s" % (cmd, data))
-            else:
--               print "# %s" % cmd
-+               print("# %s" % cmd)
-         elif line.startswith("(MSG: "):
--            print "# %s" % line[6:-1]
-+            print("# %s" % line[6:-1])
-         elif line:
--            print "# %s" % line
-+            print("# %s" % line)
-         sys.stdout.flush()
- 
-     def run(self, proc, output=""):
-@@ -106,22 +117,26 @@ class GTestCompiler(NullCompiler):
-             if line.startswith("/"):
-                 self.test_remaining.append(line.strip())
-         if not self.test_remaining:
--            print "Bail out! No tests found in GTest: %s" % self.command[0]
-+            print("Bail out! No tests found in GTest: %s" % self.command[0])
-             return 0
- 
--        print "1..%d" % len(self.test_remaining)
-+        print("1..%d" % len(self.test_remaining))
- 
-         # First try to run all the tests in a batch
--        proc = subprocess.Popen(self.command + ["--verbose" ], close_fds=True, stdout=subprocess.PIPE)
-+        proc = subprocess.Popen(self.command + ["--verbose" ], close_fds=True,
-+                                stdout=subprocess.PIPE, universal_newlines=True)
-         result = self.process(proc)
-         if result == 0:
-             return 0
- 
-+        if result < 0:
-+            sys.stderr.write("%s terminated with %s\n" % (self.command[0], strsignal(-result)))
-+
-         # Now pick up any stragglers due to failures
-         while True:
-             # Assume that the last test failed
-             if self.test_name:
--                print "not ok %d %s" % (self.test_num, self.test_name)
-+                print("not ok %d %s" % (self.test_num, self.test_name))
-                 self.test_name = None
- 
-             # Run any tests which didn't get run
-@@ -129,7 +144,8 @@ class GTestCompiler(NullCompiler):
-                 break
- 
-             proc = subprocess.Popen(self.command + ["--verbose", "-p", self.test_remaining[0]],
--                                    close_fds=True, stdout=subprocess.PIPE)
-+                                    close_fds=True, stdout=subprocess.PIPE,
-+                                    universal_newlines=True)
-             result = self.process(proc)
- 
-             # The various exit codes and signals we continue for
-@@ -139,24 +155,32 @@ class GTestCompiler(NullCompiler):
-         return result
- 
- def main(argv):
--    parser = argparse.ArgumentParser(description='Automake TAP compiler')
-+    parser = argparse.ArgumentParser(description='Automake TAP compiler',
-+                                     usage="tap-gtester [--format FORMAT] command ...")
-     parser.add_argument('--format', metavar='FORMAT', choices=[ "auto", "gtest", "tap" ],
-                         default="auto", help='The input format to compile')
-     parser.add_argument('--verbose', action='store_true',
-                         default=True, help='Verbose mode (ignored)')
--    parser.add_argument('command', nargs='+', help="A test command to run")
-+    parser.add_argument('command', nargs=argparse.REMAINDER, help="A test command to run")
-     args = parser.parse_args(argv[1:])
- 
-     output = None
-     format = args.format
-     cmd = args.command
-+    if not cmd:
-+        sys.stderr.write("tap-gtester: specify a command to run\n")
-+        return 2
-+    if cmd[0] == '--':
-+        cmd.pop(0)
-+
-     proc = None
- 
-     os.environ['HARNESS_ACTIVE'] = '1'
- 
-     if format in ["auto", "gtest"]:
-         list_cmd = cmd + ["-l", "--verbose"]
--        proc = subprocess.Popen(list_cmd, close_fds=True, stdout=subprocess.PIPE)
-+        proc = subprocess.Popen(list_cmd, close_fds=True, stdout=subprocess.PIPE,
-+                                universal_newlines=True)
-         output = proc.stdout.readline()
-         # Smell whether we're dealing with GTest list output from first line
-         if "random seed" in output or "GTest" in output or output.startswith("/"):
-@@ -164,7 +188,8 @@ def main(argv):
-         else:
-             format = "tap"
-     else:
--        proc = subprocess.Popen(cmd, close_fds=True, stdout=subprocess.PIPE)
-+        proc = subprocess.Popen(cmd, close_fds=True, stdout=subprocess.PIPE,
-+                                universal_newlines=True)
- 
-     if format == "gtest":
-         compiler = GTestCompiler(cmd)
--- 
-2.14.4
-
diff --git a/0002-Change-qualified-names-default-for-IPA.patch b/0002-Change-qualified-names-default-for-IPA.patch
deleted file mode 100644
index 4ac6c6d..0000000
--- a/0002-Change-qualified-names-default-for-IPA.patch
+++ /dev/null
@@ -1,113 +0,0 @@
-From 21ab1fdd127d242a9b4e95c3c90dd2bf3159d149 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Tue, 14 Aug 2018 16:44:39 +0200
-Subject: [PATCH 2/3] Change qualified names default for IPA
-
-In a FreeIPA domain it is typically expected that the IPA accounts use
-sort names while accounts from trusted domains have fully qualified
-names. This is automatically done by SSSD's IPA provider so there is no
-need to force fully qualified names in the SSSD configuration.
-
-Related to https://bugzilla.redhat.com/show_bug.cgi?id=1575538
----
- service/realm-options.c       | 9 +++++----
- service/realm-options.h       | 3 ++-
- service/realm-samba-winbind.c | 2 +-
- service/realm-sssd-ad.c       | 2 +-
- service/realm-sssd-ipa.c      | 2 +-
- 5 files changed, 10 insertions(+), 8 deletions(-)
-
-diff --git a/service/realm-options.c b/service/realm-options.c
-index bd804ea..34a209f 100644
---- a/service/realm-options.c
-+++ b/service/realm-options.c
-@@ -98,7 +98,7 @@ realm_options_automatic_mapping (GVariant *options,
- 
- 	if (realm_name && !option) {
- 		section = g_utf8_casefold (realm_name, -1);
--		mapping = realm_settings_boolean (realm_name, REALM_DBUS_OPTION_AUTOMATIC_ID_MAPPING, TRUE);
-+		mapping = realm_settings_boolean (section, REALM_DBUS_OPTION_AUTOMATIC_ID_MAPPING, TRUE);
- 		g_free (section);
- 	}
- 
-@@ -112,20 +112,21 @@ realm_options_automatic_join (const gchar *realm_name)
- 	gboolean mapping;
- 
- 	section = g_utf8_casefold (realm_name, -1);
--	mapping = realm_settings_boolean (realm_name, "automatic-join", FALSE);
-+	mapping = realm_settings_boolean (section, "automatic-join", FALSE);
- 	g_free (section);
- 
- 	return mapping;
- }
- 
- gboolean
--realm_options_qualify_names (const gchar *realm_name)
-+realm_options_qualify_names (const gchar *realm_name,
-+                             gboolean def)
- {
- 	gchar *section;
- 	gboolean qualify;
- 
- 	section = g_utf8_casefold (realm_name, -1);
--	qualify = realm_settings_boolean (realm_name, "fully-qualified-names", TRUE);
-+	qualify = realm_settings_boolean (section, "fully-qualified-names", def);
- 	g_free (section);
- 
- 	return qualify;
-diff --git a/service/realm-options.h b/service/realm-options.h
-index 7a1355e..b71d219 100644
---- a/service/realm-options.h
-+++ b/service/realm-options.h
-@@ -37,7 +37,8 @@ const gchar *  realm_options_user_principal           (GVariant *options,
- gboolean       realm_options_automatic_mapping        (GVariant *options,
- 						       const gchar *realm_name);
- 
--gboolean       realm_options_qualify_names            (const gchar *realm_name);
-+gboolean       realm_options_qualify_names            (const gchar *realm_name,
-+                                                       gboolean def);
- 
- gboolean       realm_options_check_domain_name        (const gchar *domain_name);
- 
-diff --git a/service/realm-samba-winbind.c b/service/realm-samba-winbind.c
-index 9335e26..61988eb 100644
---- a/service/realm-samba-winbind.c
-+++ b/service/realm-samba-winbind.c
-@@ -102,7 +102,7 @@ realm_samba_winbind_configure_async (RealmIniConfig *config,
- 		                      "winbind enum groups", "no",
- 		                      "winbind offline logon", "yes",
- 		                      "winbind refresh tickets", "yes",
--		                      "winbind use default domain", realm_options_qualify_names (domain_name )? "no" : "yes",
-+		                      "winbind use default domain", realm_options_qualify_names (domain_name, TRUE )? "no" : "yes",
- 		                      "template shell", realm_settings_string ("users", "default-shell"),
- 		                      NULL);
- 
-diff --git a/service/realm-sssd-ad.c b/service/realm-sssd-ad.c
-index 8543ca8..de7ce30 100644
---- a/service/realm-sssd-ad.c
-+++ b/service/realm-sssd-ad.c
-@@ -172,7 +172,7 @@ configure_sssd_for_domain (RealmIniConfig *config,
- 	gchar *home;
- 
- 	home = realm_sssd_build_default_home (realm_settings_string ("users", "default-home"));
--	qualify = realm_options_qualify_names (disco->domain_name);
-+	qualify = realm_options_qualify_names (disco->domain_name, TRUE);
- 	shell = realm_settings_string ("users", "default-shell");
- 	explicit_computer_name = realm_options_computer_name (options, disco->domain_name);
- 	realmd_tags = g_string_new ("");
-diff --git a/service/realm-sssd-ipa.c b/service/realm-sssd-ipa.c
-index ff1dc8a..5029f6b 100644
---- a/service/realm-sssd-ipa.c
-+++ b/service/realm-sssd-ipa.c
-@@ -201,7 +201,7 @@ on_ipa_client_do_restart (GObject *source,
- 
- 		realm_sssd_config_update_domain (config, domain, &error,
- 		                                 "cache_credentials", "True",
--		                                 "use_fully_qualified_names", realm_options_qualify_names (domain) ? "True" : "False",
-+		                                 "use_fully_qualified_names", realm_options_qualify_names (domain, FALSE) ? "True" : "False",
- 		                                 "krb5_store_password_if_offline", "True",
- 		                                 "default_shell", shell,
- 		                                 "fallback_homedir", home,
--- 
-2.17.1
-
diff --git a/0003-discover-try-to-get-domain-name-from-hostname.patch b/0003-discover-try-to-get-domain-name-from-hostname.patch
deleted file mode 100644
index b611d6c..0000000
--- a/0003-discover-try-to-get-domain-name-from-hostname.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From 5e28cf702ad338e399f8fff0b3fa18736a297318 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Tue, 21 Aug 2018 13:09:20 +0200
-Subject: [PATCH 3/3] discover: try to get domain name from hostname
-
-If there is no domain name returned by DHCP check if the hostname
-contains a domain part and use this to discover a realm.
-
-Related to https://bugzilla.redhat.com/show_bug.cgi?id=1619162
----
- service/realm-provider.c | 28 +++++++++++++++++++++++++++-
- 1 file changed, 27 insertions(+), 1 deletion(-)
-
-diff --git a/service/realm-provider.c b/service/realm-provider.c
-index d647c7a..258e8e1 100644
---- a/service/realm-provider.c
-+++ b/service/realm-provider.c
-@@ -28,6 +28,8 @@
- #include <glib/gi18n.h>
- #include <gio/gio.h>
- 
-+#include <errno.h>
-+
- #define TIMEOUT_SECONDS 15
- 
- G_DEFINE_TYPE (RealmProvider, realm_provider, G_TYPE_DBUS_OBJECT_SKELETON);
-@@ -181,6 +183,25 @@ on_discover_complete (GObject *source,
- 	return_discover_result (method, realms, relevance, error);
- }
- 
-+static gchar *
-+get_domain_from_hostname (void)
-+{
-+	gchar hostname[HOST_NAME_MAX + 1];
-+	gchar *dot;
-+
-+	if (gethostname (hostname, sizeof (hostname)) < 0) {
-+		g_warning ("Couldn't get the computer host name: %s", g_strerror (errno));
-+		return NULL;
-+	}
-+
-+	dot = strchr (hostname, '.');
-+	if (dot != NULL) {
-+		return g_strdup (dot + 1);
-+	}
-+
-+	return NULL;
-+}
-+
- static void
- on_discover_default (GObject *source,
-                      GAsyncResult *result,
-@@ -195,6 +216,10 @@ on_discover_default (GObject *source,
- 		g_clear_error (&error);
- 	}
- 
-+	if (method->string == NULL) {
-+		method->string = get_domain_from_hostname ();
-+	}
-+
- 	if (method->string) {
- 		g_strstrip (method->string);
- 		if (g_str_equal (method->string, "")) {
-@@ -210,7 +235,8 @@ on_discover_default (GObject *source,
- 		                         on_discover_complete, method);
- 
- 	} else {
--		realm_diagnostics_info (method->invocation, "No default domain received via DHCP");
-+		realm_diagnostics_info (method->invocation,
-+		                        "No default domain received via DHCP or given by hostname");
- 		return_discover_result (method, NULL, 0, NULL);
- 	}
- }
--- 
-2.17.1
-
diff --git a/realmd.spec b/realmd.spec
index a6fa6ae..8a43d3f 100644
--- a/realmd.spec
+++ b/realmd.spec
@@ -1,26 +1,12 @@
 %define _hardened_build 1
 Name:		realmd
 Version:	0.16.3
-Release:	20
+Release:	21
 Summary:	AD integration detection
 License:	LGPLv2+
 URL:		https://cgit.freedesktop.org/realmd/realmd/
 Source0:	https://www.freedesktop.org/software/realmd/releases/realmd-%{version}.tar.gz
 
-Patch1:		0001-LDAP-don-t-close-LDAP-socket-twice.patch
-Patch2:		0001-service-Add-nss-and-pam-sssd.conf-services-after-joi.patch
-Patch3:		0001-Kerberos-fall-back-to-tcp-SRV-lookup.patch
-Patch4:		0001-service-Add-pam-and-nss-services-in-realm_sssd_confi.patch
-Patch5:		0001-switch-to-authselect.patch
-Patch6:		0001-Fix-man-page-reference-in-systemd-service-file.patch
-Patch7:		0001-Use-current-idmap-options-for-smb.conf.patch
-Patch8:		0001-Find-NetBIOS-name-in-keytab-while-leaving.patch
-Patch9:		0001-tests-run-tests-with-python3.patch
-Patch10:	0001-Fix-issues-found-by-Coverity.patch
-Patch11:	0002-Change-qualified-names-default-for-IPA.patch
-Patch12:	0003-discover-try-to-get-domain-name-from-hostname.patch
-Patch13:	0001-IPA-do-not-call-sssd-enable-logins.patch
-
 Patch9000:      fix-build-bug-with-distro-of-openeuler.patch
 
 BuildRequires:	gcc automake autoconf intltool pkgconfig gettext-devel glib2-devel >= 2.32.0
@@ -69,6 +55,9 @@ make check
 %{_mandir}/man5/*
 
 %changelog
+* Fri Jan 10 2020 openEuler Buildteam <buildteam@openeuler.org> - 0.16.3-21
+- clean code
+
 * Sun Dec 29 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.16.3-20
 - Modify patch information