On 05/19/2015 03:22 PM, Tomas Babej wrote:
>> 3) Domain level is just a single integer and it should be treated as such,
>> there's no need for an LDAPObject plugin and other unnecessary complexities.
>> The implemetation could be as simple as (from top of my head, untested):
> That's right, I also considered this approach, but as far as I know you do not
> get the permission handling for the global DomainLevel entry otherwise.
> Ludwig, I changed the path for the global entry to cn=DomainLevel.
I know this particular DN was added to the design by Simo, but why do we want
to use CamelCase with LDAP object?
Wouldn't "cn=Domain Level,cn=ipa,cn=etc,SUFFIX" be a better place for it? This
is the last time we can change it, so I am asking now. Then, we will be stuck
with this DN forever.
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code