On 05/15/2015 09:22 AM, Ludwig Krispenz wrote:

On 05/14/2015 11:48 AM, Jan Cholasta wrote:

Dne 14.5.2015 v 11:00 Tomas Babej napsal(a):

this patch implements the domain level feature.




+# Create entry proclaiming Domain Level support of this master
+# This will update the supported Domain Levels during upgrade
+dn: cn=Domain Level support,cn=$FQDN,cn=masters,cn=ipa,cn=etc,$SUFFIX
+default: objectClass: top
+default: objectClass: nsContainer
+default: objectClass: ipaConfigObject
+default: objectClass: ipaSupportedDomainLevelConfig
+only: ipaMinDomainLevel: $MIN_DOMAIN_LEVEL
+only: ipaMaxDomainLevel: $MAX_DOMAIN_LEVEL

The design states that supported domain levels should be stored directly in cn=$FQDN,cn=masters,cn=ipa,cn=etc,$SUFFIX and I agree with that - there is no reason to have this information in a separate entry.
yes, the design states that the domainlevel supported by a server should be stored in the cn=fqdn entry,

but this is only informational, saying what level a server could handle and the selected level used has to be set and stored and the design doc says this has to be in:

"Selected Domain level shall be stored in cn=DomainLevel,cn=etc,SUFFIX"

I don't see the handling of the global doamin level entry
ok, it is there, you called it "cn= Domain Level" (with space), I used "cn=DomainLevel" - so wouldn't find it, we need to agree an a naming or a way to detect the entry
I will probably change to search for "objectclass=ipaDomainLevelConfig"


2) I though we agreed to call the command domainlevel-set instead of domainlevel-raise: <https://www.redhat.com/archives/freeipa-devel/2015-May/msg00101.html>.

3) Domain level is just a single integer and it should be treated as such, there's no need for an LDAPObject plugin and other unnecessary complexities. The implemetation could be as simple as (from top of my head, untested):

    domainlevel_output = (
        output.Output('result', int)

    class domainlevel-get(Command):
        has_output = domainlevel_output

        def execute(self, *args, **options):
            ldap = self.api.Backend.ldap2

            dn = ...
            entry = ldap.get_entry(dn, ['ipaDomainLevel'])

            return {'result': entry.single_value['ipaDomainLevel']}

    class domainlevel-set(Command):
        has_output = domainlevel_output

        takes_args = (

        def execute(self, *args, **options):
            ldap = self.api.Backend.ldap2

            value = args[0]
            ... validate value ...

            dn = ...
            entry = ldap.get_entry(dn, ['ipaDomainLevel'])
            entry.single_value['ipaDomainLevel'] = value

            return {'result': value}


Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to