[Freeipa-devel] topology plugin - again need for input

[Ludwig Krispenz]

Hi,

I need your feedback on a problem with implementing the topology plugin: 
marking an replication agreement, this seems to be a never ending story

We want o mark an agreement when it is creqated by the plugin or put 
under control of the plugin by raising the domain level.
The first idea was to rename the agreement, but this failed because DS 
does not support MODRDN on the cn=config backend and on second thought 
using a naming convetion on the rdn of the agreement entry seems to be 
not the best idea.
The next approach was to use an attribute in the the agreement itself, 
and I just used description, which is multivalued and I added a 
description value "managed agreement ....".
This works, but didn't get Simo's blessing and we agreed just to add a 
new objectclass "ipaReplTopoManagedAgreement", which could be used 
without extenting the core replication schema.
I think this is the best solution, but unfortunately it fails. 
replication code is called when an agreement is modified and it accepts 
only modifications for a defined set of replication agreement attributes 
- other mods are rejected with UNWILLING_TO_PERORM.

I think we could enhance DS to accept a wider range of changes to the 
replication agreement (it already does it for winsync agreements), but 
this would add a new dependency on a specific DS version where this 
change is included.


Do you think this dependency is acceptable (topology plugin is targeted 
to 4.2) ? or do we need to find another clever solution or use the not 
so nice "description" way ?

Thanks,
Ludwig