[Freeipa-devel] [PATCH] #1728 New schema for IPAv3 required attributes
Simo Sorce
simo at redhat.com
Tue Sep 20 12:47:58 UTC 2011
On Tue, 2011-09-20 at 12:36 +0200, Sumit Bose wrote:
> On Mon, Sep 19, 2011 at 12:34:36PM -0400, Simo Sorce wrote:
> > Attached find a patch for new attributes and objectclasses for the IPA
> > v3 goal of configuring trust relationships between freeipa and windows
> > domains.
>
> I think everything is ok, I just started to wonder if it is maybe safer
> to always have a fallback primary group by making
> ipaNTFallbackPrimaryGroup a MUST attrbute?
I thought about that and although we are probably always going to try to
set it I did not want to force it.
Some people may decide to remove the ipausers group or rename it or
something and I do not want to find ourselves in a situation where
ipa-adtrust-install can't proceed because it doesn't find a suitable
group.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list