[Freeipa-devel] [PATCH 0325] Add Domain Level feature

Jan Cholasta jcholast at redhat.com
Thu May 14 09:48:28 UTC 2015 

Hi,

Dne 14.5.2015 v 11:00 Tomas Babej napsal(a):
> Hi,
>
> this patch implements the domain level feature.
>
> https://fedorahosted.org/freeipa/ticket/5018
>
> Tomas

1)

+# Create entry proclaiming Domain Level support of this master
+# This will update the supported Domain Levels during upgrade
+dn: cn=Domain Level support,cn=$FQDN,cn=masters,cn=ipa,cn=etc,$SUFFIX
+default: objectClass: top
+default: objectClass: nsContainer
+default: objectClass: ipaConfigObject
+default: objectClass: ipaSupportedDomainLevelConfig
+only: ipaMinDomainLevel: $MIN_DOMAIN_LEVEL
+only: ipaMaxDomainLevel: $MAX_DOMAIN_LEVEL

The design states that supported domain levels should be stored directly 
in cn=$FQDN,cn=masters,cn=ipa,cn=etc,$SUFFIX and I agree with that - 
there is no reason to have this information in a separate entry.


2) I though we agreed to call the command domainlevel-set instead of 
domainlevel-raise: 
<https://www.redhat.com/archives/freeipa-devel/2015-May/msg00101.html>.


3) Domain level is just a single integer and it should be treated as 
such, there's no need for an LDAPObject plugin and other unnecessary 
complexities. The implemetation could be as simple as (from top of my 
head, untested):

     domainlevel_output = (
         output.Output('result', int)
     )

     @register()
     class domainlevel-get(Command):
         has_output = domainlevel_output

         def execute(self, *args, **options):
             ldap = self.api.Backend.ldap2

             dn = ...
             entry = ldap.get_entry(dn, ['ipaDomainLevel'])

             return {'result': entry.single_value['ipaDomainLevel']}

     @register()
     class domainlevel-set(Command):
         has_output = domainlevel_output

         takes_args = (
             Int('value'),
         )

         def execute(self, *args, **options):
             ldap = self.api.Backend.ldap2

             value = args[0]
             ... validate value ...

             dn = ...
             entry = ldap.get_entry(dn, ['ipaDomainLevel'])
             entry.single_value['ipaDomainLevel'] = value
             ldap.update_entry(entry)

             return {'result': value}


Honza

-- 
Jan Cholasta

More information about the Freeipa-devel mailing list