HI Ludwig,
Thanks for catching that, I will update the doc.
When the legacy server receives an aci with that new syntax, it does not
recognize the new keywords (moddn, target_to, target_from) so the parser
fails and the aci is simply ignored.
In the implementation (__aclp__parse_ac) , 'target_to' and 'target_from'
should be tested before 'target' because the way it is coded
'target_to'/'target_from' could be interpreted as 'target' keyword.
regards
thierry
On 02/27/2014 05:36 PM, Ludwig Krispenz wrote:
Hi,
in the replication section you describe the behaviour when replicating
to older versions of ds, but this is for n1, how about the new design ?
Ludwig
On 02/27/2014 04:46 PM, thierry bordaz wrote:
Hello,
Thanks to all your feedbacks, they helped me a lot and raised a
severe limitation in the original design.
I updated the design following the aci syntax proposed during the
discussion.
On the implementation side, it is a bit more complex but less than I
expected. I have not yet investigated the impact of ger operations.
I think a big work will be the test side as the ACI syntax provides
many options.
http://port389.org/wiki/Access_control_on_trees_specified_in_MODDN_operation
Note: I kept for the moment the original design in 'alternative no1'.
regards
thierry
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
