It seems to me that we are being inconsistent with regards to our FreeIPA
version and the schema files.

We now have 60basev2.ldif containing FreeIPA 2.x schema, 60basev3.ldif
containing FreeIPA 3.x schema. However, we now also added FreeIPA 4.x schema to
60basev3.ldif which seems as an inconsistency to me.

Should we simply create 60basev4.ldif and move the new schema (mostly
permissionsv2 related) there? I am wondering that in that case we may also
think about making a new OID space for v4 schema as current one is defined as

## Attributes:      2.16.840.1.113730.3.8.11 - V3 base attributres
## ObjectClasses:   2.16.840.1.113730.3.8.12 - V3 base objectclasses

If we ever want to fix the OID space, now is the right time, it won't be
possible after release. Alternatively, we could also define
2.16.840.1.113730.3.8.11 and 2.16.840.1.113730.3.8.12 as "V3+" space.

Martin Kosek <>
Supervisor, Software Engineering - Identity Management Team
Red Hat Inc.

Freeipa-devel mailing list

Reply via email to