On Mon, Aug 13, 2012 at 07:41:01PM -0500, Endi Sukma Dewata wrote:
> On 8/6/2012 2:08 AM, Petr Vobornik wrote:
> >Range web UI was implemented.
> >
> >It consist of:
> >   * new menu item - 'ranges' in 'IPA Server' tab
> >   * new search page
> >   * new details page
> >
> >https://fedorahosted.org/freeipa/ticket/2894
> >
> >
> >Some comments/questions:
> >1) I'm not sure about options in adder dialog. Should they all be there
> >or should I remove some? And also labels seems to long.
> Depending on the range type each of these options might be required,
> so it's necessary to show them all in the adder dialog, but they can
> be enabled/disabled (see #4). The labels probably can be shortened
> to mimic the CLI parameters, and the current labels can be moved
> into the doc attributes. So it may look something like this (feel
> free to change):
>   Add ID Range
>   ------------------------------------------------------
>   Range name:         [              ]
>   Range type:         (*) Local domain
>                       ( ) Active Directory domain
>   Base ID:            [              ]
>   Range size:         [              ]
>   Primary RID base:   [              ]
>   Secondary RID base: [              ]
>   Domain SID:         [              ]

I agree, all options should be display and depending on the Range type
either Secondary RID base or Domain SID should be greyed out.

> >2) FreeIPA creates default range. This range doesn't have required
> >attribute 'First RID of the corresponding RID range'. It prevents from
> >editing the range in Web UI until a some value is set. Not sure if even
> >should be edited though.
> Someone else more knowledgeable should answer this. One possibility
> is to introduce another range type (e.g. POSIX) that doesn't use
> RID.

ah, the attribute is not required by the schema, but the CLI currently
requires it. I was focused on trusts while writing it, but in general it
makes sense to allow to add an ID range with only base ID and range
size. One possible use case would be a stand alone IPA domain which runs
out of Posix ID because the range created at installation time is full.
In this case it makes no sense to add the RID attributes.

I have created https://fedorahosted.org/freeipa/ticket/2999 to track
this and also the issue without parameters mentioned below.

> 3. As shown in #1, it might be better to call it "ID Ranges" as in
> the CLI. "Ranges" by itself doesn't sound very meaningful.


> 4. In range.py the range type seems to be not user
> enterable/editable and automatically generated based on the domain
> SID. However, in the adder dialog the range type options can be used
> to enable/disable the appropriate fields for the type. For example,
> selecting "local domain" will make the secondary RID base required.

yes, see my comment above

> 5. This is a CLI issue. If you call ipa range-add without parameters
> it will ask for the parameters, but then it will fail before asking
> the secondary RID base or domain SID:
>   # ipa range-add
>   Range name: test
>   First Posix ID of the range: 10000
>   Number of IDs in the range: 100
>   First RID of the corresponding RID range: 50
>   ipa: ERROR: invalid Gettext('Range setup', domain='ipa',
>   localedir=None): Ranges for local domain must have a secondary RID
>   base



Freeipa-devel mailing list

Reply via email to