[Freeipa-devel] [PATCH] 749-754 webui: new ID views section
Endi Sukma Dewata
edewata at redhat.com
Thu Sep 25 14:40:19 UTC 2014
On 9/25/2014 2:25 AM, Alexander Bokovoy wrote:
> On Wed, 24 Sep 2014, Endi Sukma Dewata wrote:
>> 4. If I understand correctly the description field for the User ID
>> Overrides and Group ID Overrides should be optional too because it's
>> also used to optionally override the description attribute of the
>> original entry.
> No, this is description of the override itself. We don't want to
> override original description field, if any, we want to provide a way to
> document why this override was done.
In that case the 'description' probably should have been a MUST.
objectClasses: (2.16.840.1.113730.3.8.12.30 NAME 'ipaOverrideAnchor' SUP
top STRUCTURAL MUST ( ipaAnchorUUID ) MAY ( description ) X-ORIGIN 'IPA
v4' )
BTW, the LDAP schema in the wiki page is outdated:
http://www.freeipa.org/page/V4/Migrating_existing_environments_to_Trust
>> 6. Can multiple ID views be applied to the same host? Does the order
>> matter? If so, how would the UI manage the order?
> No. Single ID view per host. The scheme is actually a bit more complex:
> - IPA users: data from main tree is overridden with a data from a
> host-specific ID view
> - AD users: data from AD is overridden by a data from a default trust
> view which is then overridden by a data from a host-specific ID view
OK, right now if I apply an ID view to a host that already uses another
ID view, the host will be removed silently from the other ID view.
Should the operation fail/provide a warning if the host already uses
another ID view?
>> 7. Related to #6, there probably should be a tab in the Host details
>> page showing which ID views apply to it.
> There is only a single view and yes, it would be good to add a property
> there, linking it to the ID view tab, if possible.
I think that field should be editable as well so you can select the ID
view from Host details page.
>> 9. This probably requires server support. In the "Apply to hosts"
>> association dialog, if a host is already added it will still appear in
>> the dialog box. As a comparison, a User that has been added into a
>> User Group will not appear in the association dialog anymore.
> Could be trivially filtered out on Web UI side.
It may not be possible if the list of hosts is paged. The UI will not
get the full list of hosts, so it won't be able to filter out hosts that
are already added but not currently displayed. I'm not sure how
important is this, but we did this for some other pages.
Since #4 is not a UI issue, patch #754 is ACKed. Other issues can be
addressed later.
--
Endi S. Dewata
More information about the Freeipa-devel
mailing list