[Freeipa-devel] First cut of schema doc

Andrew Bartlett abartlet at samba.org
Wed Jul 11 22:55:41 UTC 2007 

On Wed, 2007-07-11 at 15:50 -0700, Pete Rowley wrote:
> Andrew Bartlett wrote:
> > On Wed, 2007-07-11 at 15:23 -0700, Pete Rowley wrote:
> >   
> >> Simo Sorce wrote:
> >>     
> >>> On Wed, 2007-07-11 at 14:53 -0700, Pete Rowley wrote:
> >>>   
> >>>       
> >>>> Getting something up to argue over :)
> >>>>
> >>>> http://freeipa.com/page/SchemaV1
> >>>>     
> >>>>         
> >>> Questions and remarks:
> >>> - what is/why dc=com ?
> >>>   
> >>>       
> >> could be dc=org or whatever that component of the realm name is. The 
> >> important thing is the splitting off of the most significant portion of 
> >> the realm name from the suffix to be part of DIT (replacing cn=default 
> >> which we didn't like)
> >>     
> >
> > Doesn't that break referrals to other DIT trees that may hold other
> > parts of the data?  
> >   
> I don't think so, but then I don't think we are going to support such a 
> model.

It just seems ugly and inconsistent to start that far up the domain
tree.  And it seems to invite someone to hard-code dc=com, then be
busted when deployed to dc=au...

> >>
> >> OK I'll re-word it - it's discovery, since we have this partitioned off 
> >> into a separate space so that clients can search through only the things 
> >> they are interested in I thought it would be a good idea to be able to 
> >> discover where that place is.
> >>     
> >
> > Could this be in the rootDSE?
> >   
> That was my first thought too, but I don't think we can modify that. We 
> actually have info you might put into rootDSE placed in the suffix entry.

If we can't modify it, can we at least have the clients search the
published suffixes (we do publish them somehow don't we?) for
objectClass=ipaRealm?

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20070712/8b254a8f/attachment.sig>

More information about the Freeipa-devel mailing list