[Freeipa-devel] [PATCH] 28 Move Managed Entries into their own container

Tue May 24 16:26:03 UTC 2011

On May 24, 2011, at 8:17 AM, Rob Crittenden wrote:

> JR Aquino wrote:
>> On May 23, 2011, at 2:42 PM, "Rob Crittenden"<rcritten at redhat.com>  wrote:
>> 
>>> JR Aquino wrote:
>>>> On May 19, 2011, at 6:16 AM, Rob Crittenden wrote:
>>>> 
>>>>> JR Aquino wrote:
>>>>>> On May 18, 2011, at 2:52 PM, Rob Crittenden wrote:
>>>>>> 
>>>>>>> JR Aquino wrote:
>>>>>>>> On May 18, 2011, at 12:46 PM, JR Aquino wrote:
>>>>>>>> 
>>>>>>>>> This effects Ticket 1222 and Rob's patch 786
>>>>>>>> 
>>>>>>>> Per IRC Conversation with Simo and Rob, take the path of least change.
>>>>>>>> 
>>>>>>>> The patch has been modified to correct the CN to match the DN rather than changing both.
>>>>>>> 
>>>>>>> This looks good. I'm going to wait to push it at the same time as 786.
>>>>>> 
>>>>>> Simo mentioned that I need to create the .update in the patch so that we remove the previous typo laden entry during updates.
>>>>> 
>>>>> I added that to my patch.
>>>>> 
>>>>> rob
>>>> 
>>>> NACK both 28 and 786.
>>>> 
>>>> Please see attached, and have a look at this new patch and ticket 1182 for a better understanding of the impact they have on these patches.
>>>> 
>>>> Move Managed Entries into their own container in the
>>>>  replicated space. Create: cn=Managed Entries,cn=etc,$SUFFIX
>>>>  Create: cn=Definitions,cn=Managed Entries,cn=etc,$SUFFIX
>>>>  Create: cn=Templates,cn=Managed Entries,cn=etc,$SUFFIX
>>>> 
>>>> Create method for migrating any and all custom Managed Entries from
>>>> the cn=config space into the new container.
>>>> 
>>>> The Managed Entries plugin configurations weren't being created on
>>>> replica installs.
>>>> 
>>>> This patch addresses two seperate tickets and accounts for
>>>> new installs, replica installs, and upgrades.
>>>> 
>>>> https://fedorahosted.org/freeipa/ticket/1181 - Managed Entry Tool / New Container
>>>> https://fedorahosted.org/freeipa/ticket/1222 - Add Managed Entries during Replica installation
>>>> 
>>> 
>>> Well, I like this in spirit but this requires a yet-unreleased version of 389-ds, right?
>>> 
>>> Should we take the intermediate step of your previous 28 patch and my 786 and then address moving entries once 389-ds is released?
>>> 
>> 
>> Hrm. You have a good point...
>> 
>> Should I plan on deleting the .update files for user private groups and nis/host groups in the separate patch that institutes the container move?
> 
> Not sure I follow.

Let me try to be more clear.

> What I'd like to do is take an incremental approach.

Yes I agree.

> Lets get managed entries working at all on replicas first, then deal with moving the configuration once this functionality is widely available.

My new method performs an ldap lookup to query the contents of the legacy configuration objects, and actually moves them to the new locations which are replica friendly.

Thus, I was suggesting, yes, let us move forward with baby steps, fix the cn naming oversight, fix the replica install oversight with the .update files.

Then once ns-slapd 1.2.9 is available, implement the newer patch, which makes the .update files for host/nis and user private groups obsolete. (Since it will read the data, and any additional custom user created configs, and move them)
That's what I had meant about having the future patch provide an updated method for handling the 'upgrade' and migration and remove those .update files as they would no longer be relevant.

-JR