[Freeipa-devel] [PATCH] 0214 Remove 'cn' attribute from idnsRecord and idnsZone objectClasses
Martin Kosek
mkosek at redhat.com
Wed Apr 10 11:58:37 UTC 2013
On 04/10/2013 01:32 PM, Petr Viktorin wrote:
> On 04/10/2013 12:56 PM, Martin Kosek wrote:
>> On 04/10/2013 12:47 PM, Petr Viktorin wrote:
>>> This removes the "cn" attribute from the idnsRecord objectclass.
>>>
>>> For more robust upgrades, any existing cn attributes are removed in preupgrade
>>>
>>> https://fedorahosted.org/freeipa/ticket/3514
>>
>> I am not sure that it is a good idea to silently remove user data on upgrades,
>> User may want to migrate this data elsewhere.
>>
>> Wouldn't it be better to only detect this situation (i.e. some records have CN
>> filled) and report that only as an upgrade warning?
>>
>> Martin
>>
>
> After some discussion, I removed the check completely. Searching through the
> records on each upgrade just to give a warning is overkill (and yum upgrade
> warnings tend to be problematic anyway).
> In case of an exising cn, the upgrade will still work, but IPA won't be able to
> modify the record until the cn is removed (it'll say "attribute "cn" not
> allowed").
> Since the misconfiguration is caused by an admin manually adding a nonsensical
> attribute, this behavior is appropriate.
>
ACK. Pushed to master.
Martin
More information about the Freeipa-devel
mailing list