On 02/04/2013 05:23 PM, Tomas Babej wrote:

When adding/modifying an ID range for a trusted domain, the newly
added option --dom-name can be used. This looks up SID of the
trusted domain in LDAP and therefore the user is not required
to write it down in CLI. If the lookup fails, error message
asking the user to specify the SID manually is shown.



Just wondering: How bad would it be to not introduce new virtual attribute and just use the ipanttrusteddomainsid. On add and mod (when ipanttrusteddomainsid is set) we would check if ipanttrusteddomainsid is SID. If not, it would be treated as domain name and get_trusted_domain_sid_from_name method will be used to get the SID.

I'm asking because I don't really like virtual and standard attributes for the same ldap attribute in a mod command. In WEB UI details page we have to display only one field - ipanttrusteddomainsid.

So we are left with options:
  1) do not use this feature for mod operations in Web UI
2) enter domain name in ipanttrusteddomainsid field, implement the aforementioned check in Web UI and fill the correct option in RPC request 3) add special action into action list which will open new dialog, user will enter domain name, mod command with ipanttrusteddomainname set will be executed on confirmation
  4) some other method

I don't really like any of the options. If a SID check is an easy operation, we can go with #2, but I would still rather see this logic in server plugin.
Petr Vobornik

Freeipa-devel mailing list

Reply via email to