[Freeipa-devel] topology plugin - again need for input
Simo Sorce
simo at redhat.com
Wed Mar 18 13:28:25 UTC 2015
On Wed, 2015-03-18 at 12:18 +0100, Ludwig Krispenz wrote:
> Hi,
>
> I need your feedback on a problem with implementing the topology plugin:
> marking an replication agreement, this seems to be a never ending story
>
> We want o mark an agreement when it is creqated by the plugin or put
> under control of the plugin by raising the domain level.
> The first idea was to rename the agreement, but this failed because DS
> does not support MODRDN on the cn=config backend and on second thought
> using a naming convetion on the rdn of the agreement entry seems to be
> not the best idea.
> The next approach was to use an attribute in the the agreement itself,
> and I just used description, which is multivalued and I added a
> description value "managed agreement ....".
> This works, but didn't get Simo's blessing and we agreed just to add a
> new objectclass "ipaReplTopoManagedAgreement", which could be used
> without extenting the core replication schema.
> I think this is the best solution, but unfortunately it fails.
> replication code is called when an agreement is modified and it accepts
> only modifications for a defined set of replication agreement attributes
> - other mods are rejected with UNWILLING_TO_PERORM.
>
> I think we could enhance DS to accept a wider range of changes to the
> replication agreement (it already does it for winsync agreements), but
> this would add a new dependency on a specific DS version where this
> change is included.
>
>
> Do you think this dependency is acceptable (topology plugin is targeted
> to 4.2) ? or do we need to find another clever solution or use the not
> so nice "description" way ?
A dependency on a specific version of DS is just fine IMO.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list