[Freeipa-devel] Please review: V4/AD user short names design draft

[Martin Babinsky]

Hello list,

I have put together a draft of design page describing server-side 
implementation of user short name -> fully-qualified name resolution.[1]

In the end I have taken the liberty to change a few aspects of the 
design we have agreed on before and I will be grad if we can discuss 
them further.

Me and Honza have discussed the object that should hold the domain 
resolution order and given the fact that IPA domain can also be a part 
of this list, we have decided that this information is no longer bound 
to trust configuration and should be a part of the global config instead.

Also we have purposefully cut down the API only to a raw manipulation of 
the attribute using an option of `ipa config-mod`. The reasons for this 
are twofold:

   * the developer resources are quite scarce and it may be good to 
follow YAGNI[2] principle to implement the dumbest API now and not to 
invest into more high-level interface unless there is a demand for it

   * we can imagine that the manipulation of the domain resolution order 
is a rare operation (ideally only once all trusts are established), so I 
am not convinced that it is worth investing into designing higher-level API

I propose we first develop the "dumber" parts first to unblock the SSSD 
part. If we have spare cycle afterwards then we can design and implement 
more bells-and-whistles afterwards.

[1] https://www.freeipa.org/page/V4/AD_User_Short_Names
[2] https://en.wikipedia.org/wiki/You_aren%27t_gonna_need_it

-- 
Martin^3 Babinsky