[Freeipa-devel] Please review: V4/AD user short names design draft
Jan Cholasta
jcholast at redhat.com
Wed Mar 8 06:37:40 UTC 2017
On 7.3.2017 15:14, Simo Sorce wrote:
> On Tue, 2017-03-07 at 09:38 +0100, Martin Babinsky wrote:
>> On 03/06/2017 01:48 PM, Simo Sorce wrote:
>>> On Mon, 2017-03-06 at 07:47 +0100, Martin Babinsky wrote:
>>>> On 03/02/2017 02:54 PM, Simo Sorce wrote:
>>>>> On Thu, 2017-03-02 at 08:10 +0100, Martin Babinsky wrote:
>>>>>> In this case it would probably be a good idea to think about "forward
>>>>>> compatibility" and define a new AUX objectclass bringing in
>>>>>> 'ipaDomainResolutionOrder' instead of extending two separate
>>>>>> objectclasses. In this way we may the just extend whathever object we
>>>>>> desire to carry the override in an easy and clean way.
>>>>>
>>>>> I agree.
>>>>> Simo.
>>>>>
>>>>
>>>> Now the most difficult question remains... How to name this objectclass.
>>>> I personally am out of ideas but will try my best to come up with
>>>> something meaningful.
>>>
>>> Try to describe what the option ultimately does with as few words as
>>> possible.
>>>
>>> Simo.
>>>
>>>
>>
>> I was thinking about this and since we are performing name qualification
>> (short-name -> fully-qualified name incl. domain/realm part), I would
>> like to propose the following naming schema:
>>
>> objectlasses: ( OID_TBD NAME ipaNameQualificationData Desc 'data used
>> for short name qualification data' SUP top AUXILIARY MAY
>> (ipaNameQualificationDomainList) X-ORIGIN 'IPA 4.5' )
>>
>> attributeTypes: ( OID_TBD NAME 'ipaNameQualificationDomainList' DESC
>> 'List of domains used to qualify user short name' EQUALITY
>> caseIgnoreIA5Match SINGLE-VALUE SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
>> X-ORIGIN 'IPA v4.5' )
>>
>> Let me know if you are ok with this or am I overengineering the names?
>>
>> I would like to solve this quickly so that I can finish the design and
>> start implementation.
>
> I was thinking that we can use acronyms here to make it less of a
> mouthful and also more easily recognizable:
> My idea is:
> - ipaNameQualificationData -> ipaFQDNPolicies
> - ipaNameQualificationDomainList -> ipaFQDNCheckOrder
TBH I liked ipaDomainResolutionOrder the best, both
ipaNameQualificationDomainList and ipaFQDNCheckOrder sound
overengineered to me :-)
If ipaDomainResolutionOrder is not good enough, we could draw some
inspiration from resolv.conf and use e.g. ipaDomainSearchList.
--
Jan Cholasta
More information about the Freeipa-devel
mailing list