[Freeipa-devel] [RFC] Migrating existing environments to Trust - v4
Sumit Bose
sbose at redhat.com
Thu Aug 28 07:32:23 UTC 2014
Hi,
there is another update for the user views design
http://www.freeipa.org/page/V4/Migrating_existing_environments_to_Trust
(diff can be found at
http://www.freeipa.org/index.php?title=V4%2FMigrating_existing_environments_to_Trust&diff=9641&oldid=8696
)
The main change is that the view is not applied as early as possible on
the IPA server, but as late as possible by view aware SSSD clients.
There is no change for legacy systems, they still have to use the compat
tree.
There are a couple of reasons for this change:
- it reduces to load on the server
- clients will know the original data (default view) and so it will be
easier for them to apply policies like e.g. sudo or HBAC rules which
are assigned to the original object
- although we concentrate on AD users in this first step which the new
scheme adding support for IPA users will be much easier.
As usual comments and suggestions are welcome.
bye,
Sumit
More information about the Freeipa-devel
mailing list