[Freeipa-devel] [PATCH, 4.1] 0166 updater: enable uid uniqueness plugin for posixAccount objects
Martin Kosek
mkosek at redhat.com
Tue Oct 21 06:32:55 UTC 2014
On 10/20/2014 08:25 PM, Alexander Bokovoy wrote:
> Hi!
>
> This patch is for ipa-4-1 branch to enable uniqueness plugin for uid
> attribute for entries with objectclass posixAccount.
>
> We don't have uid uniqueness enforced in FreeIPA < 4.1 yet but for
> posixAccounts it worked due to our design of a flat tree: as uid attribute is
> part of the DN, renaming user entries
> enforces uniqueness as MODRDN will fail if entry with the same uid
> already exists.
>
> However, it is not enough for ID views -- we should be able to allow
> ID view overrides for the same uid across multiple views and we should
> be able to protect uid uniqueness more generally too.
>
> Implementation is done via update plugin that checks for existing uid
> uniqueness plugin and if it is missing, it will be added. If plugin
> exists, its configuration will be updated.
>
> I haven't added update specific to git master where staging subtree is
> added but I'll do that after FreeIPA 4.1 release as in 4.1 we don't yet
> have the staging subtree. Currently master has broken setup for uid
> uniqueness plugin that doesn't actually work anyway so it will be easier
> to add upgrade over properly configured entry.
>
> https://fedorahosted.org/freeipa/ticket/4636
Hi Alexander,
Thanks for the patch! However, I am personally not very confident with merging
it right before 4.1 release, I thought it will be a simple update definition
while this is a complex upgrade script which needs to be properly tested.
I would rather wait for 4.1.x, especially given it does not block any 4.1 major
feature in any way.
Martin
More information about the Freeipa-devel
mailing list