On 04/16/2014 03:04 PM, Simo Sorce wrote:
On Wed, 2014-04-16 at 15:00 +0200, Petr Viktorin wrote:
Simo, Rob, would you be OK with changing virtual operation
objectclass to our
own one to have a better control over it?
No, in general I am not ok to change objects that already exist in
IPA
as it make upgrades with new and old replicas break the old
replicas.
Also we can add new auxiliray classes but removing structural
classes is
not possible, you would have to delete and recreate the object, and
that
would be racy too.
I see.
How about adding a new objectClass in addition to nsContainer, and
using
a negative targetfilter?
I have no objection to that, but should be last resort if we have no
other way IMO, and valid only for objects that are not normally created
on a daily basis, as old replicas creating new objects would not know to
add the new objectclass.
In this case it seem like we should be ok as we do not commonly create
these objects, so the chances an old replica creates them are
negligible.
Simo.
Alright. I've reserved 2.16.840.1.113730.3.8.12.23 for a new
ipaVirtualOperation objectclass. Let me know if I should use a different
one.
--
PetrĀ³
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
