[Freeipa-devel] Re: [PATCHES] Migration wrap-up.
Pavel Zůna
pzuna at redhat.com
Wed Dec 2 11:24:39 UTC 2009
Pavel Zůna wrote:
> Okey, I think my migration patches are ready for submission.
>
> What's new?
>
> - No more forced password change after migration, unless the password
> doesn't meet IPA password policy. Expiration time sets correctly (hooray!).
> - Migration mode (adding entries with pre-hashed passwords) can now be
> turned ON/OFF using the ipaMigrationEnabled attribute in ipaConfig entry.
> - New fancy password migration page using HTML form based
> authentication. (CSS and looks in general will probably have to change
> to visually go with the rest of the webUI.)
> - Better error/log messages and some general code clean up.
>
> I didn't change the migration plugin to use IPA commands. Believe me, I
> tried. There's just too much overhead and additional work:
>
> - We need to sanitize data from DS before we feed it to the IPA commands
> and it's not just converting them to unicode.
> - There are attributes our commands do not accept as parameters and
> setattr/addattr doesn't really help that much there. It's going to be
> even worst when custom schemas kick in. Our commands also make some
> assumptions about attributes - like givenName/sn being required etc.
> It's just too hard to do it properly in a generic way.
> - Using IPA commands generates at least 4 times more LDAP requests.
> - The code is also longer.
>
> The migration plugin might still need some work and I'm thinking of ways
> to make it better, more readable and maintainable, but if the other
> patches pass and there's no big problems with it, I say we should push
> it, so that QE can do some testing.
>
> I'm currently writing a wiki page with step by step migration guide, but
> I left it open at the office and I'm sick at home at the moment, so I'm
> going to resume when back. I will also setup a testing environment on
> the blades for DS to IPA migration.
>
> Pavel
Oups, I forgot to change the spec file. Patch attached.
Pavel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-password-migration-page-files-to-the-spec-file.patch
Type: application/mbox
Size: 912 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20091202/dd1d8d74/attachment.mbox>
More information about the Freeipa-devel
mailing list