On Thu, 2011-10-13 at 15:44 +0200, Sigbjorn Lie wrote: > Hi, > > What is your recommendations for avoiding incompatability with future > upgrades of IPA if extending > the dirsrv schema and adding custom objects to the LDAP server is required? > What considerations > and precautions should be taken? > > Such as adding RBAC support for Solaris clients...
Additional schema is unlikely to cause issues if it does not conflict with standard schema. We also tend to prefix all the attributes/objectlasses we create for FreeIPA so name clashes are unlikely. If it is custom schema I suggest you to prefix names appropriately too, so you have your own 'namespace'. As for placement I suggest you put this data in a separate container from standard FreeIPA stuff for new objects. In the base DN create a container named something like your company name or ticker: cn=ACME,<suffix> and put all your customized entries there. Attaching additional data to users is not a big deal for custom schema. If it is not custom schema but standard schema not currently used by FreeIPA I would be a little bit more careful as a following version of FreeIPA might conceivably start using those attributes, and there is generally enough space to use them in a sort of 'incompatible' way. But don't let that stop you if you really need it. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users