On 02/25/2015 04:00 PM, Alexander Bokovoy wrote:
> On Wed, 25 Feb 2015, Martin Basti wrote:
>> On 25/02/15 15:37, Alexander Bokovoy wrote:
>>> On Wed, 25 Feb 2015, Martin Basti wrote:
>>>> Modifications:
>>>> * All plugins are migrated into new configuration style.
>>>> * I left attribute uniqueness plugin disabled, cn=uid
>>>> uniqueness,cn=plugins,cn=config is checking the same attribute.
>>>> * POST_UPDATE plugin for uid removed, I moved it to update file. Is it okay
>>>> Alexander? I haven't found reason why we need to do it in update plugin.
>>> So I looked up the original thread and since there are three different
>>> ways of defining uniqueness plugin's configuration, update plugin was to
>>> me the only way to handle all different configuration types. In general
>>> we cannot rely on the fact that FreeIPA deployment only contains
>>> FreeIPA-defined plugin configurations.
>>>
>> IMO, we should care only about IPA configured plugins, we cant handle
>> everything, what users added there.
>>
>> If user adds an own plugin configuration there, the one should keep
>> responsibility to test, if the plugin configuration still works after the IPA
>> upgrade.
>>
>> We can't keep what user want, and what IPA needs in all cases, we would break
>> IPA or users expectations, or both.
>>
>> In this case we can add detection of conflicts and print errors during
>> upgrade, but we cant fix plugins which user created.  If we want to handle
>> user custom configuration, we will need to add detection for lot of things
>> during upgrade not just uid uniqueness plugin.

I tend to agree with Martin. I know that we created the special uniqueness
plugin handling custom user plugins in the last release, but I am not convinced
it is a good idea, it adds complexity to the upgrade, making it more difficult
to debug.

So if we can create the cn=uid uniqueness,cn=plugins,cn=config plugin just with
simple update, I am fine with it.

> Uhm, right. Where my brain was today? :)

Is that an agreement with Martin's approach? I am not sure :-)

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to