Hi,

Dne 14.5.2015 v 11:00 Tomas Babej napsal(a):
Hi,

this patch implements the domain level feature.

https://fedorahosted.org/freeipa/ticket/5018

Tomas

1)

+# Create entry proclaiming Domain Level support of this master
+# This will update the supported Domain Levels during upgrade
+dn: cn=Domain Level support,cn=$FQDN,cn=masters,cn=ipa,cn=etc,$SUFFIX
+default: objectClass: top
+default: objectClass: nsContainer
+default: objectClass: ipaConfigObject
+default: objectClass: ipaSupportedDomainLevelConfig
+only: ipaMinDomainLevel: $MIN_DOMAIN_LEVEL
+only: ipaMaxDomainLevel: $MAX_DOMAIN_LEVEL

The design states that supported domain levels should be stored directly in cn=$FQDN,cn=masters,cn=ipa,cn=etc,$SUFFIX and I agree with that - there is no reason to have this information in a separate entry.


2) I though we agreed to call the command domainlevel-set instead of domainlevel-raise: <https://www.redhat.com/archives/freeipa-devel/2015-May/msg00101.html>.


3) Domain level is just a single integer and it should be treated as such, there's no need for an LDAPObject plugin and other unnecessary complexities. The implemetation could be as simple as (from top of my head, untested):

    domainlevel_output = (
        output.Output('result', int)
    )

    @register()
    class domainlevel-get(Command):
        has_output = domainlevel_output

        def execute(self, *args, **options):
            ldap = self.api.Backend.ldap2

            dn = ...
            entry = ldap.get_entry(dn, ['ipaDomainLevel'])

            return {'result': entry.single_value['ipaDomainLevel']}

    @register()
    class domainlevel-set(Command):
        has_output = domainlevel_output

        takes_args = (
            Int('value'),
        )

        def execute(self, *args, **options):
            ldap = self.api.Backend.ldap2

            value = args[0]
            ... validate value ...

            dn = ...
            entry = ldap.get_entry(dn, ['ipaDomainLevel'])
            entry.single_value['ipaDomainLevel'] = value
            ldap.update_entry(entry)

            return {'result': value}


Honza

--
Jan Cholasta

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to