[Freeipa-devel] topology plugin - again need for input

[Simo Sorce]

On Wed, 2015-03-18 at 12:18 +0100, Ludwig Krispenz wrote:
> Hi,
> 
> I need your feedback on a problem with implementing the topology plugin: 
> marking an replication agreement, this seems to be a never ending story
> 
> We want o mark an agreement when it is creqated by the plugin or put 
> under control of the plugin by raising the domain level.
> The first idea was to rename the agreement, but this failed because DS 
> does not support MODRDN on the cn=config backend and on second thought 
> using a naming convetion on the rdn of the agreement entry seems to be 
> not the best idea.
> The next approach was to use an attribute in the the agreement itself, 
> and I just used description, which is multivalued and I added a 
> description value "managed agreement ....".
> This works, but didn't get Simo's blessing and we agreed just to add a 
> new objectclass "ipaReplTopoManagedAgreement", which could be used 
> without extenting the core replication schema.
> I think this is the best solution, but unfortunately it fails. 
> replication code is called when an agreement is modified and it accepts 
> only modifications for a defined set of replication agreement attributes 
> - other mods are rejected with UNWILLING_TO_PERORM.
> 
> I think we could enhance DS to accept a wider range of changes to the 
> replication agreement (it already does it for winsync agreements), but 
> this would add a new dependency on a specific DS version where this 
> change is included.
> 
> 
> Do you think this dependency is acceptable (topology plugin is targeted 
> to 4.2) ? or do we need to find another clever solution or use the not 
> so nice "description" way ?

A dependency on a specific version of DS is just fine IMO.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York