[Freeipa-devel] [PATCH] move replication topology to shared tree

[Ludwig Krispenz]

Hello,

this is the current status of my work on #4302, and there are a few 
pieces still missing, eg the management command needs more input 
checking and error handling, but
- I wanted to give people interested a chance to have a look again and  
get feedback
- there came up the following questions I would like to get an opinion.

when thinking how to move from an existing deployment with direct 
management of replication agreement to the new way, there should not be 
any intermediate disconnects, and if possible transition should be made 
easy. So I think we should have defined a few modes of operation for the 
plugin:
- initial/bootstrap [optional] - the plugin detects existing agreements 
and transforms it to segments in the shared tree
- pending - the plugin handles and propagates segments in the shared 
tree, but does not enforce teh deletion or creation of replication 
agreements
- active - directe management of replicatio agreements is rejected, 
existing segments ond their modifications are applied

I did run my tests of the management command as directory manager since 
admin did not have permissions to read plugin configuration in 
cn=config, I can add permissions, probably will also need permissions 
for the part in the shared tree, so what is the expected operation mode, 
which user needs access to the shared config data and configuration ?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-lkrispen-0003-move-replication-topology-to-shared-tree.patch
Type: text/x-patch
Size: 98269 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20141010/d1cc9648/attachment.bin>