On 05/19/2015 03:36 PM, Martin Kosek wrote:
On 05/19/2015 03:22 PM, Tomas Babej wrote:
...
3) Domain level is just a single integer and it should be treated as such,
there's no need for an LDAPObject plugin and other unnecessary complexities.
The implemetation could be as simple as (from top of my head, untested):
That's right, I also considered this approach, but as far as I know you do not
get the permission handling for the global DomainLevel entry otherwise.

Ludwig, I changed the path for the global entry to cn=DomainLevel.
I know this particular DN was added to the design by Simo, but why do we want
to use CamelCase with LDAP object?

Wouldn't "cn=Domain Level,cn=ipa,cn=etc,SUFFIX" be a better place for it? This
is the last time we can change it, so I am asking now. Then, we will be stuck
with this DN forever.
I don't mind using ""cn=Domain Level" ,

but where does the entry live, here you say

cn=Domain Level,cn=ipa,cn=etc,SUFFIX"

and in the design page it is:

cn=DomainLevel,cn=etc,SUFFIX

The current version of the topology plugin is looking for

cn=DomainLevel,cn=ipa,cn=etc,SUFFIX"
but I want to change it to do a search on objectclass=ipaDomainLevelConfig

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to