On Tue, Feb 28, 2017 at 01:29:50PM +0100, Martin Babinsky wrote:
>I have put together a draft of design page describing server-side
>implementation of user short name -> fully-qualified name resolution.
>In the end I have taken the liberty to change a few aspects of the design we
>have agreed on before and I will be grad if we can discuss them further.
>Me and Honza have discussed the object that should hold the domain resolution
>order and given the fact that IPA domain can also be a part of this list, we
>have decided that this information is no longer bound to trust configuration
>and should be a part of the global config instead.
>Also we have purposefully cut down the API only to a raw manipulation of the
>attribute using an option of `ipa config-mod`. The reasons for this are
> * the developer resources are quite scarce and it may be good to follow
>YAGNI principle to implement the dumbest API now and not to invest into
>more high-level interface unless there is a demand for it
> * we can imagine that the manipulation of the domain resolution order is a
>rare operation (ideally only once all trusts are established), so I am not
>convinced that it is worth investing into designing higher-level API
>I propose we first develop the "dumber" parts first to unblock the SSSD part.
>If we have spare cycle afterwards then we can design and implement more
>Manage your subscription for the Freeipa-devel mailing list:
>Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
I have updated the design page and incorporated most of the comments from all
reviewers. The most dramatic change is that I have expanded the discussion by
the possibility for overriding global domain resolution order by ID
view-specific settings. I have also expanded How-To section accordingly.
Please try to review and comment during today as the window for development is
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code