[Freeipa-devel] [PATCH] 749-754 webui: new ID views section
Endi Sukma Dewata
edewata at redhat.com
Thu Sep 25 16:43:12 UTC 2014
On 9/25/2014 10:23 AM, Petr Vobornik wrote:
> On 25.9.2014 16:40, Endi Sukma Dewata wrote:
>>>> 4. If I understand correctly the description field for the User ID
>>>> Overrides and Group ID Overrides should be optional too because it's
>>>> also used to optionally override the description attribute of the
>>>> original entry.
>>
>>> No, this is description of the override itself. We don't want to
>>> override original description field, if any, we want to provide a way to
>>> document why this override was done.
>>
>> In that case the 'description' probably should have been a MUST.
>>
>> objectClasses: (2.16.840.1.113730.3.8.12.30 NAME 'ipaOverrideAnchor' SUP
>> top STRUCTURAL MUST ( ipaAnchorUUID ) MAY ( description ) X-ORIGIN 'IPA
>> v4' )
>>
>> BTW, the LDAP schema in the wiki page is outdated:
>> http://www.freeipa.org/page/V4/Migrating_existing_environments_to_Trust
>
> New server version which is being developed by Tomas will not have
> description required.
The above schema is actually from Tomas' patch #247-2. So should the
description be required or not? Regardless, I think the UI, CLI, and the
schema should match.
>>>> 6. Can multiple ID views be applied to the same host? Does the order
>>>> matter? If so, how would the UI manage the order?
>>
>>> No. Single ID view per host. The scheme is actually a bit more complex:
>>> - IPA users: data from main tree is overridden with a data from a
>>> host-specific ID view
>>> - AD users: data from AD is overridden by a data from a default trust
>>> view which is then overridden by a data from a host-specific ID view
>>
>> OK, right now if I apply an ID view to a host that already uses another
>> ID view, the host will be removed silently from the other ID view.
>> Should the operation fail/provide a warning if the host already uses
>> another ID view?
>
> If something then IMHO warning is better.
If it's a warning, maybe we can just add a text in the dialog box saying
that this will automatically un-apply the hosts from other ID views. Or
alternatively, the UI probably can check first, if some of the hosts
selected already have ID views it will prompt a confirmation dialog.
--
Endi S. Dewata
More information about the Freeipa-devel
mailing list