[Freeipa-devel] [PATCH 0325] Add Domain Level feature
Martin Kosek
mkosek at redhat.com
Tue May 19 13:36:33 UTC 2015
On 05/19/2015 03:22 PM, Tomas Babej wrote:
...
>> 3) Domain level is just a single integer and it should be treated as such,
>> there's no need for an LDAPObject plugin and other unnecessary complexities.
>> The implemetation could be as simple as (from top of my head, untested):
>
> That's right, I also considered this approach, but as far as I know you do not
> get the permission handling for the global DomainLevel entry otherwise.
>
> Ludwig, I changed the path for the global entry to cn=DomainLevel.
I know this particular DN was added to the design by Simo, but why do we want
to use CamelCase with LDAP object?
Wouldn't "cn=Domain Level,cn=ipa,cn=etc,SUFFIX" be a better place for it? This
is the last time we can change it, so I am asking now. Then, we will be stuck
with this DN forever.
More information about the Freeipa-devel
mailing list