Hello list,

I have put together a draft of design page describing server-side implementation of user short name -> fully-qualified name resolution.[1]


In the end I have taken the liberty to change a few aspects of the design we have agreed on before and I will be grad if we can discuss them further.

Me and Honza have discussed the object that should hold the domain resolution order and given the fact that IPA domain can also be a part of this list, we have decided that this information is no longer bound to trust configuration and should be a part of the global config instead.

Also we have purposefully cut down the API only to a raw manipulation of the attribute using an option of `ipa config-mod`. The reasons for this are twofold:

* the developer resources are quite scarce and it may be good to follow YAGNI[2] principle to implement the dumbest API now and not to invest into more high-level interface unless there is a demand for it

* we can imagine that the manipulation of the domain resolution order is a rare operation (ideally only once all trusts are established), so I am not convinced that it is worth investing into designing higher-level API

I propose we first develop the "dumber" parts first to unblock the SSSD part. If we have spare cycle afterwards then we can design and implement more bells-and-whistles afterwards.

[1] https://www.freeipa.org/page/V4/AD_User_Short_Names
[2] https://en.wikipedia.org/wiki/You_aren%27t_gonna_need_it

--
Martin^3 Babinsky

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to