On 12/16/2011 02:37 PM, Alan Evans wrote:
> Adam,
> This is great news.  The feedback I have after a quick read through (I
> will try to put a bit more time on it later) would be to make the
> 'tennant' separation more flexible and why not use existing ldap
> schema?
> Instead of forcing the user into cn={TENANT},cn=tenants,$suffix why
> not create a 'tennant' aux class that would allow the end user to
> design a DIT however they would like.
> We for example use o=<company|organization>,$suffix.  Then any schema
> maintenance instead of being:
> For each tennant in (cn=tenants,$suffix)
> It would be:
> For each tennant in (ldapsearch (objectclass=tennant))
> Then the end provider could design a DIT that fit their needs with
> replication in mind.  Consider the flexibility of:
> o=<Tennant1>,C=US,$suffix
> o=<Tennant2>,C=UK,$suffix
> o=<Tennant3>,OU=North America,$suffix
> o=<Tennant4>,OU=Europe,$suffix
> That's my 2ยข at the moment.  I'd be glad to banter back and forth
> about this with you. :)
> Regards,
> -Alan

This is very flexible but I am not sure IPA would be able to be that
One of the design goals from the beginning was: static schema and flat
DIT. The whole project is built around it. Such approach would really
come as a "system shock". I am not against it, just saying it would be
harder as it goes even further than Adam's proposal in changing the
fundamental principals.

> On Fri, Dec 16, 2011 at 5:35 AM, Adam Young <ayo...@redhat.com> wrote:
>> I opened a ticket for multitenancy
>> https://fedorahosted.org/freeipa/ticket/2201
>> Here is a detailed write up of the issues.
>> http://freeipa.org/page/Multitenancy
>> Please provide any feedback that you have and I will update.
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.

Looking to carve out IT costs?

Freeipa-users mailing list

Reply via email to