Petr Viktorin wrote:
On 04/10/2013 08:02 PM, Rob Crittenden wrote:
The original design of the LDAP updater was to use numbered update files
which would be applied in order in blocks of 10. We ended up just
applying everything together, sorted by length of the DN.


Why not just sort the files lexicographically, and _run_updates after
each one?

That might work. I did this mostly for schema which can have interdependencies. I didn't want to force us to have humongous updates for schema.

I can kind of see the reasoning behind the blocks of ten, but it looks
pretty arbitrary and unnecessarily complex.
It will allow you to create/update parents and children anywhere in the
block of 10 and they'll be sorted properly, but outside of the blocks
you have to watch the ordering. This is pretty confusing; if it's really
needed it should at least be in the README.

It is absolutely arbitrary.

I'll beef up the README.

In practice it probably isn't a big deal WHERE the updates get put, as long as schema is first. This is just an attempt to force us to be somewhat organized with things.

This works ok except in the case of roles/privileges/permissions wehre
it is possible that a role is added to a permission  before the role is
created. So the permission has no memberOf attribute and things don't
work as expected.

So this patch implements the by-10 rule and applies the files 10-19,
20-29, etc. I left the ability to run unstructured updates too by
default.

We also need to revert this commit which breaks a test case now that
roles/permissions are created properly,
f7e27b547547be06f511a3ddfaff8db7d0b7898f

\o/


In the README, 10 - 19 should be Schema & configuration.

OK.

While you're at it you can update the FDS Server reference (FDS was
Fedora Directory Server, right?)


Yeah, shows how old this is. I'll fix it.

rob

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to