[Freeipa-devel] [Freeipa-users] Extending Schema, CLI and Web UI for use with Samba 3 (groups!)

Dmitri Pal dpal at redhat.com
Wed Aug 17 15:32:29 UTC 2011 

On 08/16/2011 10:42 PM, Simo Sorce wrote:
> On Tue, 2011-08-16 at 18:52 -0400, Dmitri Pal wrote:
>> On 08/16/2011 06:29 PM, Simo Sorce wrote:
>>> Moved to -devel,
>>>
>>> On Tue, 2011-08-16 at 18:01 -0400, Dmitri Pal wrote:
>>>> On 08/16/2011 05:11 PM, Simo Sorce wrote:
>>>>> On Tue, 2011-08-16 at 16:50 -0400, Dmitri Pal wrote:
>>>>>> Should we open a ticket and have a way to just turn this integration
>>>>>> on?
>>>>>> Something like ipa-server-install install flag --samba-integration.
>>>>>> Then
>>>>>> it will translate into enabling all of the above at the install time
>>>>>> or
>>>>>> after.
>>>>>>
>>>>> It may conflict with the adtrust work if not done right, so I would
>>>>> prefer to do this as part of the 3.0-Trust work.
>>>>>
>>>>> Simo.
>>>>>
>>>> I am not suggesting to do it earlier. Can you please create a ticket to
>>>> track it as a part of the trust effort?
>>> The necessary steps should already be performed by ipa-datrust-install,
>>> do we need an additional option to ipa-server-install ?
>>>
>>> Simo.
>>>
>> No, it should be clear that there is a way to enable samba attributes
>> without actually using/establishing the trusts.
> ipa-adtrust-install does not establish trusts, it merely prepares the
> IPA tree to handle them including setting up a specially configured
> samba. The probelm I see is that if we allow --samba-integration and
> then we stomp over it when doing ipa-adtrust-install people will not be
> really happy ...
>
> Simo.
>
True. It was just an idea. May be not a good one in the context of the
adtrust work.
The only problem with your proposal is that it is not intuitive to
expect ipa-adtrust-install to just set samba configuration. Based on the
name it assumes that you are going to setup trusts later.
May be we should change the name then (sorry once again) to something
like ipa-adinterop-install. Then it would be logical to run such utility
to enable samba schema but not go full nine yards for preparing IPA to
establish trusts.

Just another thought...

-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

More information about the Freeipa-devel mailing list