On Wed, 2013-10-30 at 19:01 +0100, Ana Krivokapic wrote: > On 10/29/2013 02:04 PM, Simo Sorce wrote: > > On Tue, 2013-10-29 at 12:42 +0100, Martin Kosek wrote: > >> On 10/29/2013 10:49 AM, Ana Krivokapic wrote: > >>> Hello, > >>> > >>> Patch 0080 adds userClass attribute for users to IPA CLI. > >>> Patch 0081 adds userClass attribute for users and hosts to the web UI. > >>> > >>> Design page: > >>> http://www.freeipa.org/page/V3/Integration_with_a_provisioning_systems > >>> > >>> Tickets: > >>> https://fedorahosted.org/freeipa/ticket/3588 > >>> https://fedorahosted.org/freeipa/ticket/3590 > >> NACK to just extending posixAccount objectclass. This is a standard > >> objectclass > >> defined by RFC 2307 and we cannot just simply extend and overwrite it as > >> we wish. > > Uhh indeed this is a big No-no. > > > >> We will need to come up with some custom objectclass, like ipaUser. This > >> is the > >> reason why I wrote to ticket "A second goal of this ticket is to review > >> current > >> objectClass hierarchy of users and do changes if needed." so that we can > >> pick > >> the best option where to place it. > > userClass is used in ipaHost, so I guess it could be instead add to an > > ipa objectclass. ipaObject might be used perhaps, otherwise we'll need a > > new ipaUser objectlass. > > > > Simo. > > > > If there are no objections to using the ipaObject objectclass, the attached > patches implement this approach.
After some thinking ipaObject is more generic than just users, not sure that attaching userClass there is appropriate. I think we really need ipaUser at this point. > Also, the schema change has been added to the appropriate .ldif file, and the > addeer dialogs in the web UI have been extended to support the new userclass > attribute. good. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
