[Freeipa-devel] [PATCH 0325] Add Domain Level feature
Tomas Babej
tbabej at redhat.com
Tue May 19 13:22:19 UTC 2015
On 05/14/2015 11:48 AM, Jan Cholasta wrote:
> Hi,
>
> Dne 14.5.2015 v 11:00 Tomas Babej napsal(a):
>> Hi,
>>
>> this patch implements the domain level feature.
>>
>> https://fedorahosted.org/freeipa/ticket/5018
>>
>> Tomas
>
> 1)
>
> +# Create entry proclaiming Domain Level support of this master
> +# This will update the supported Domain Levels during upgrade
> +dn: cn=Domain Level support,cn=$FQDN,cn=masters,cn=ipa,cn=etc,$SUFFIX
> +default: objectClass: top
> +default: objectClass: nsContainer
> +default: objectClass: ipaConfigObject
> +default: objectClass: ipaSupportedDomainLevelConfig
> +only: ipaMinDomainLevel: $MIN_DOMAIN_LEVEL
> +only: ipaMaxDomainLevel: $MAX_DOMAIN_LEVEL
>
> The design states that supported domain levels should be stored
> directly in cn=$FQDN,cn=masters,cn=ipa,cn=etc,$SUFFIX and I agree with
> that - there is no reason to have this information in a separate entry.
I agree, this is an error on my part - I read the design as stored in
entry under cn=$FQDN,cn=masters, not in the entry itself.
>
>
> 2) I though we agreed to call the command domainlevel-set instead of
> domainlevel-raise:
> <https://www.redhat.com/archives/freeipa-devel/2015-May/msg00101.html>.
Fixed.
>
>
> 3) Domain level is just a single integer and it should be treated as
> such, there's no need for an LDAPObject plugin and other unnecessary
> complexities. The implemetation could be as simple as (from top of my
> head, untested):
That's right, I also considered this approach, but as far as I know you
do not get the permission handling for the global DomainLevel entry
otherwise.
Ludwig, I changed the path for the global entry to cn=DomainLevel.
Updated patch attached.
Tomas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-tbabej-0325-2-Add-Domain-Level-feature.patch
Type: text/x-patch
Size: 15059 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150519/3a0e4bd5/attachment.bin>
More information about the Freeipa-devel
mailing list