[Freeipa-devel] [PATCH] 298 Add safe updates for objectClasses
Rob Crittenden
rcritten at redhat.com
Thu Aug 30 12:53:29 UTC 2012
Martin Kosek wrote:
> Current objectclass updates in a form of "replace" update instruction
> dependent on exact match of the old object class specification in the
> update instruction and the real value in LDAP. However, this approach is
> very error prone as object class definition can easily differ as for
> example because of unexpected X-ORIGIN value. Such objectclass update
> failures may lead to serious malfunctions later.
>
> Add new update instruction type "replaceoc" with the following format:
> replaceoc:OID:new
> This update instruction will always replace an objectclass with
> specified OID with the new definition.
>
> https://fedorahosted.org/freeipa/ticket/2440
This works ok. Martin and I had a conversation in IRC about it.
This moves from replacing a specific bit of schema with a new one, in
all cases. I wonder if we should be more conservative and know what
we're replacing in advance.
rob
More information about the Freeipa-devel
mailing list