[Freeipa-devel] [PATCH 0325] Add Domain Level feature

Tomas Babej tbabej at redhat.com
Tue May 19 14:07:55 UTC 2015 


On 05/19/2015 03:59 PM, Martin Kosek wrote:
> On 05/19/2015 03:56 PM, Tomas Babej wrote:
>>
>> On 05/19/2015 03:51 PM, Martin Kosek wrote:
>>> On 05/19/2015 03:49 PM, Ludwig Krispenz wrote:
>>>> On 05/19/2015 03:36 PM, Martin Kosek wrote:
>>>>> On 05/19/2015 03:22 PM, Tomas Babej wrote:
>>>>> ...
>>>>>>> 3) Domain level is just a single integer and it should be treated as such,
>>>>>>> there's no need for an LDAPObject plugin and other unnecessary complexities.
>>>>>>> The implemetation could be as simple as (from top of my head, untested):
>>>>>> That's right, I also considered this approach, but as far as I know you do
>>>>>> not
>>>>>> get the permission handling for the global DomainLevel entry otherwise.
>>>>>>
>>>>>> Ludwig, I changed the path for the global entry to cn=DomainLevel.
>>>>> I know this particular DN was added to the design by Simo, but why do we want
>>>>> to use CamelCase with LDAP object?
>>>>>
>>>>> Wouldn't "cn=Domain Level,cn=ipa,cn=etc,SUFFIX" be a better place for it? This
>>>>> is the last time we can change it, so I am asking now. Then, we will be stuck
>>>>> with this DN forever.
>>>> I don't mind using ""cn=Domain Level" ,
>>>>
>>>> but where does the entry live, here you say
>>>>
>>>> cn=Domain Level,cn=ipa,cn=etc,SUFFIX"
>>>>
>>>> and in the design page it is:
>>>>
>>>> cn=DomainLevel,cn=etc,SUFFIX
>>>>
>>>> The current version of the topology plugin is looking for
>>>>
>>>> cn=DomainLevel,cn=ipa,cn=etc,SUFFIX"
>>>> but I want to change it to do a search on objectclass=ipaDomainLevelConfig
>>> I see - we all need to unify the location apparently. I updated the design page
>>> to use "cn=Domain Level,cn=ipa,cn=etc,SUFFIX". Tomas, please send the updated
>>> patch set, it should be an extremely simple change :-)
>> I prefer the ipa parent and the space in the name, so I'm  glad we could agree
>> on this without much bikeshedding.
>>
>> Updated patch attaced.
>>
>> Tomas
>>
>>
> I still see
>
> +# Create default Domain Level entry if it does not exist
> +dn: cn=DomainLevel,cn=ipa,cn=etc,$SUFFIX
> +default: objectClass: top
> +default: objectClass: nsContainer
> +default: objectClass: ipaDomainLevelConfig
> +default: ipaDomainLevel: 0
>
> ...

Right, the space eluded me there, thanks for the catch.

Tomas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-tbabej-0325-4-Add-Domain-Level-feature.patch
Type: text/x-patch
Size: 15083 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150519/d4b5a36e/attachment.bin>

More information about the Freeipa-devel mailing list