On Wed, 2014-04-16 at 15:00 +0200, Petr Viktorin wrote: > >> Simo, Rob, would you be OK with changing virtual operation > objectclass to our > >> own one to have a better control over it? > > > > No, in general I am not ok to change objects that already exist in > IPA > > as it make upgrades with new and old replicas break the old > replicas. > > > > Also we can add new auxiliray classes but removing structural > classes is > > not possible, you would have to delete and recreate the object, and > that > > would be racy too. > > I see. > How about adding a new objectClass in addition to nsContainer, and > using > a negative targetfilter? > I have no objection to that, but should be last resort if we have no other way IMO, and valid only for objects that are not normally created on a daily basis, as old replicas creating new objects would not know to add the new objectclass. In this case it seem like we should be ok as we do not commonly create these objects, so the chances an old replica creates them are negligible.
Simo. _______________________________________________ Freeipa-devel mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-devel