[Freeipa-devel] [PATCH 0325] Add Domain Level feature

Tomas Babej tbabej at redhat.com
Thu May 21 16:18:58 UTC 2015 


On 05/19/2015 04:07 PM, Tomas Babej wrote:
>
>
> On 05/19/2015 03:59 PM, Martin Kosek wrote:
>> On 05/19/2015 03:56 PM, Tomas Babej wrote:
>>>
>>> On 05/19/2015 03:51 PM, Martin Kosek wrote:
>>>> On 05/19/2015 03:49 PM, Ludwig Krispenz wrote:
>>>>> On 05/19/2015 03:36 PM, Martin Kosek wrote:
>>>>>> On 05/19/2015 03:22 PM, Tomas Babej wrote:
>>>>>> ...
>>>>>>>> 3) Domain level is just a single integer and it should be 
>>>>>>>> treated as such,
>>>>>>>> there's no need for an LDAPObject plugin and other unnecessary 
>>>>>>>> complexities.
>>>>>>>> The implemetation could be as simple as (from top of my head, 
>>>>>>>> untested):
>>>>>>> That's right, I also considered this approach, but as far as I 
>>>>>>> know you do
>>>>>>> not
>>>>>>> get the permission handling for the global DomainLevel entry 
>>>>>>> otherwise.
>>>>>>>
>>>>>>> Ludwig, I changed the path for the global entry to cn=DomainLevel.
>>>>>> I know this particular DN was added to the design by Simo, but 
>>>>>> why do we want
>>>>>> to use CamelCase with LDAP object?
>>>>>>
>>>>>> Wouldn't "cn=Domain Level,cn=ipa,cn=etc,SUFFIX" be a better place 
>>>>>> for it? This
>>>>>> is the last time we can change it, so I am asking now. Then, we 
>>>>>> will be stuck
>>>>>> with this DN forever.
>>>>> I don't mind using ""cn=Domain Level" ,
>>>>>
>>>>> but where does the entry live, here you say
>>>>>
>>>>> cn=Domain Level,cn=ipa,cn=etc,SUFFIX"
>>>>>
>>>>> and in the design page it is:
>>>>>
>>>>> cn=DomainLevel,cn=etc,SUFFIX
>>>>>
>>>>> The current version of the topology plugin is looking for
>>>>>
>>>>> cn=DomainLevel,cn=ipa,cn=etc,SUFFIX"
>>>>> but I want to change it to do a search on 
>>>>> objectclass=ipaDomainLevelConfig
>>>> I see - we all need to unify the location apparently. I updated the 
>>>> design page
>>>> to use "cn=Domain Level,cn=ipa,cn=etc,SUFFIX". Tomas, please send 
>>>> the updated
>>>> patch set, it should be an extremely simple change :-)
>>> I prefer the ipa parent and the space in the name, so I'm glad we 
>>> could agree
>>> on this without much bikeshedding.
>>>
>>> Updated patch attaced.
>>>
>>> Tomas
>>>
>>>
>> I still see
>>
>> +# Create default Domain Level entry if it does not exist
>> +dn: cn=DomainLevel,cn=ipa,cn=etc,$SUFFIX
>> +default: objectClass: top
>> +default: objectClass: nsContainer
>> +default: objectClass: ipaDomainLevelConfig
>> +default: ipaDomainLevel: 0
>>
>> ...
>
> Right, the space eluded me there, thanks for the catch.
>
> Tomas

A new iteration of the patch, including the server-side checks for the 
installers.

Tomas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-tbabej-0325-5-Add-Domain-Level-feature.patch
Type: text/x-patch
Size: 21146 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150521/1ca4d294/attachment.bin>

More information about the Freeipa-devel mailing list