[Freeipa-devel] [PATCH 0325] Add Domain Level feature

Ludwig Krispenz lkrispen at redhat.com
Fri May 15 07:22:47 UTC 2015 

On 05/14/2015 11:48 AM, Jan Cholasta wrote:
> Hi,
>
> Dne 14.5.2015 v 11:00 Tomas Babej napsal(a):
>> Hi,
>>
>> this patch implements the domain level feature.
>>
>> https://fedorahosted.org/freeipa/ticket/5018
>>
>> Tomas
>
> 1)
>
> +# Create entry proclaiming Domain Level support of this master
> +# This will update the supported Domain Levels during upgrade
> +dn: cn=Domain Level support,cn=$FQDN,cn=masters,cn=ipa,cn=etc,$SUFFIX
> +default: objectClass: top
> +default: objectClass: nsContainer
> +default: objectClass: ipaConfigObject
> +default: objectClass: ipaSupportedDomainLevelConfig
> +only: ipaMinDomainLevel: $MIN_DOMAIN_LEVEL
> +only: ipaMaxDomainLevel: $MAX_DOMAIN_LEVEL
>
> The design states that supported domain levels should be stored 
> directly in cn=$FQDN,cn=masters,cn=ipa,cn=etc,$SUFFIX and I agree with 
> that - there is no reason to have this information in a separate entry.
yes, the design states that the domainlevel supported by a server should 
be stored in the cn=fqdn entry,

but this is only informational, saying what level a server could handle  
and the selected level used has to be set and stored and the design doc 
says this has to be in:

"Selected Domain level shall be stored in cn=DomainLevel,cn=etc,SUFFIX"

Tomas,
I don't see the handling of the global doamin level entry

Ludwig
>
>
> 2) I though we agreed to call the command domainlevel-set instead of 
> domainlevel-raise: 
> <https://www.redhat.com/archives/freeipa-devel/2015-May/msg00101.html>.
>
>
> 3) Domain level is just a single integer and it should be treated as 
> such, there's no need for an LDAPObject plugin and other unnecessary 
> complexities. The implemetation could be as simple as (from top of my 
> head, untested):
>
>     domainlevel_output = (
>         output.Output('result', int)
>     )
>
>     @register()
>     class domainlevel-get(Command):
>         has_output = domainlevel_output
>
>         def execute(self, *args, **options):
>             ldap = self.api.Backend.ldap2
>
>             dn = ...
>             entry = ldap.get_entry(dn, ['ipaDomainLevel'])
>
>             return {'result': entry.single_value['ipaDomainLevel']}
>
>     @register()
>     class domainlevel-set(Command):
>         has_output = domainlevel_output
>
>         takes_args = (
>             Int('value'),
>         )
>
>         def execute(self, *args, **options):
>             ldap = self.api.Backend.ldap2
>
>             value = args[0]
>             ... validate value ...
>
>             dn = ...
>             entry = ldap.get_entry(dn, ['ipaDomainLevel'])
>             entry.single_value['ipaDomainLevel'] = value
>             ldap.update_entry(entry)
>
>             return {'result': value}
>
>
> Honza
>

More information about the Freeipa-devel mailing list