[Freeipa-devel] [PATCH 0325] Add Domain Level feature
Martin Kosek
mkosek at redhat.com
Tue May 19 13:59:36 UTC 2015
On 05/19/2015 03:56 PM, Tomas Babej wrote:
>
>
> On 05/19/2015 03:51 PM, Martin Kosek wrote:
>> On 05/19/2015 03:49 PM, Ludwig Krispenz wrote:
>>> On 05/19/2015 03:36 PM, Martin Kosek wrote:
>>>> On 05/19/2015 03:22 PM, Tomas Babej wrote:
>>>> ...
>>>>>> 3) Domain level is just a single integer and it should be treated as such,
>>>>>> there's no need for an LDAPObject plugin and other unnecessary complexities.
>>>>>> The implemetation could be as simple as (from top of my head, untested):
>>>>> That's right, I also considered this approach, but as far as I know you do
>>>>> not
>>>>> get the permission handling for the global DomainLevel entry otherwise.
>>>>>
>>>>> Ludwig, I changed the path for the global entry to cn=DomainLevel.
>>>> I know this particular DN was added to the design by Simo, but why do we want
>>>> to use CamelCase with LDAP object?
>>>>
>>>> Wouldn't "cn=Domain Level,cn=ipa,cn=etc,SUFFIX" be a better place for it? This
>>>> is the last time we can change it, so I am asking now. Then, we will be stuck
>>>> with this DN forever.
>>> I don't mind using ""cn=Domain Level" ,
>>>
>>> but where does the entry live, here you say
>>>
>>> cn=Domain Level,cn=ipa,cn=etc,SUFFIX"
>>>
>>> and in the design page it is:
>>>
>>> cn=DomainLevel,cn=etc,SUFFIX
>>>
>>> The current version of the topology plugin is looking for
>>>
>>> cn=DomainLevel,cn=ipa,cn=etc,SUFFIX"
>>> but I want to change it to do a search on objectclass=ipaDomainLevelConfig
>> I see - we all need to unify the location apparently. I updated the design page
>> to use "cn=Domain Level,cn=ipa,cn=etc,SUFFIX". Tomas, please send the updated
>> patch set, it should be an extremely simple change :-)
>
> I prefer the ipa parent and the space in the name, so I'm glad we could agree
> on this without much bikeshedding.
>
> Updated patch attaced.
>
> Tomas
>
>
I still see
+# Create default Domain Level entry if it does not exist
+dn: cn=DomainLevel,cn=ipa,cn=etc,$SUFFIX
+default: objectClass: top
+default: objectClass: nsContainer
+default: objectClass: ipaDomainLevelConfig
+default: ipaDomainLevel: 0
...
More information about the Freeipa-devel
mailing list