[Freeipa-devel] [PATCH 0325] Add Domain Level feature

[Ludwig Krispenz]

On 05/19/2015 03:36 PM, Martin Kosek wrote:
> On 05/19/2015 03:22 PM, Tomas Babej wrote:
> ...
>>> 3) Domain level is just a single integer and it should be treated as such,
>>> there's no need for an LDAPObject plugin and other unnecessary complexities.
>>> The implemetation could be as simple as (from top of my head, untested):
>> That's right, I also considered this approach, but as far as I know you do not
>> get the permission handling for the global DomainLevel entry otherwise.
>>
>> Ludwig, I changed the path for the global entry to cn=DomainLevel.
> I know this particular DN was added to the design by Simo, but why do we want
> to use CamelCase with LDAP object?
>
> Wouldn't "cn=Domain Level,cn=ipa,cn=etc,SUFFIX" be a better place for it? This
> is the last time we can change it, so I am asking now. Then, we will be stuck
> with this DN forever.
I don't mind using ""cn=Domain Level" ,

but where does the entry live, here you say

cn=Domain Level,cn=ipa,cn=etc,SUFFIX"

and in the design page it is:

cn=DomainLevel,cn=etc,SUFFIX

The current version of the topology plugin is looking for

cn=DomainLevel,cn=ipa,cn=etc,SUFFIX"
but I want to change it to do a search on objectclass=ipaDomainLevelConfig