[Freeipa-devel] [PATCH] 749-754 webui: new ID views section

Petr Vobornik pvoborni at redhat.com
Thu Sep 25 15:23:36 UTC 2014 

Note: I'll send response also to previous mail.

On 25.9.2014 16:40, Endi Sukma Dewata wrote:
> On 9/25/2014 2:25 AM, Alexander Bokovoy wrote:
>> On Wed, 24 Sep 2014, Endi Sukma Dewata wrote:
>>> 4. If I understand correctly the description field for the User ID
>>> Overrides and Group ID Overrides should be optional too because it's
>>> also used to optionally override the description attribute of the
>>> original entry.
>
>> No, this is description of the override itself. We don't want to
>> override original description field, if any, we want to provide a way to
>> document why this override was done.
>
> In that case the 'description' probably should have been a MUST.
>
> objectClasses: (2.16.840.1.113730.3.8.12.30 NAME 'ipaOverrideAnchor' SUP
> top STRUCTURAL MUST ( ipaAnchorUUID ) MAY ( description ) X-ORIGIN 'IPA
> v4' )
>
> BTW, the LDAP schema in the wiki page is outdated:
> http://www.freeipa.org/page/V4/Migrating_existing_environments_to_Trust

New server version which is being developed by Tomas will not have 
description required.

>
>>> 6. Can multiple ID views be applied to the same host? Does the order
>>> matter? If so, how would the UI manage the order?
>
>> No. Single ID view per host. The scheme is actually a bit more complex:
>> - IPA users: data from main tree is overridden with a data from a
>>    host-specific ID view
>> - AD users: data from AD is overridden by a data from a default trust
>>    view which is then overridden by a data from a host-specific ID view
>
> OK, right now if I apply an ID view to a host that already uses another
> ID view, the host will be removed silently from the other ID view.
> Should the operation fail/provide a warning if the host already uses
> another ID view?

If something then IMHO warning is better.

>
>>> 7. Related to #6, there probably should be a tab in the Host details
>>> page showing which ID views apply to it.
>
>> There is only a single view and yes, it would be good to add a property
>> there, linking it to the ID view tab, if possible.
>
> I think that field should be editable as well so you can select the ID
> view from Host details page.

I'll add readonly field yet. Editable is a bigger task which we don't 
have time for atm. But should done in later versions.

>
>>> 9. This probably requires server support. In the "Apply to hosts"
>>> association dialog, if a host is already added it will still appear in
>>> the dialog box. As a comparison, a User that has been added into a
>>> User Group will not appear in the association dialog anymore.
>
>> Could be trivially filtered out on Web UI side.
>
> It may not be possible if the list of hosts is paged. The UI will not
> get the full list of hosts, so it won't be able to filter out hosts that
> are already added but not currently displayed. I'm not sure how
> important is this, but we did this for some other pages.

UI gets all hosts the view is applied on, so it can be filtered.

>
> Since #4 is not a UI issue, patch #754 is ACKed. Other issues can be
> addressed later.
>
OK I will addressed(am addressing) other issues separately so this patch 
doesn't have to be reviewed multiple times.


-- 
Petr Vobornik

More information about the Freeipa-devel mailing list