[Freeipa-devel] First cut of schema doc
Simo Sorce
ssorce at redhat.com
Thu Jul 12 12:45:27 UTC 2007
On Wed, 2007-07-11 at 15:23 -0700, Pete Rowley wrote:
> Simo Sorce wrote:
> > On Wed, 2007-07-11 at 14:53 -0700, Pete Rowley wrote:
> >
> >> Getting something up to argue over :)
> >>
> >> http://freeipa.com/page/SchemaV1
> >>
> >
> > Questions and remarks:
> > - what is/why dc=com ?
> >
> could be dc=org or whatever that component of the realm name is. The
> important thing is the splitting off of the most significant portion of
> the realm name from the suffix to be part of DIT (replacing cn=default
> which we didn't like)
Ooooh now I see the point, but I honestly don't like it :)
> > - I removed uniqueidentifier: IPA for now, as it is redundant (info: IPa
> > v1.0 is enough)
> >
> I don't think clients should have to parse the string in any fashion
> other than compare in order to be sure this is an IPA server.
What's wrong with this search filter:
(&(objectClass=pilotObject)(info=IPA*)) ?
> > - more info on objcetcalss: ipaRealm ? Why do we need it ? The
> > exp-lanation on the page is not really clear to me.
> >
> >
> OK I'll re-word it - it's discovery, since we have this partitioned off
> into a separate space so that clients can search through only the things
> they are interested in I thought it would be a good idea to be able to
> discover where that place is.
I see, it make sense for our discovery utility indeed,but this is not
something we can "backport" to older clients or other OSs clients
unfortunately.
Also I am strating wondering if we really need to separate Users and
Groups in different OUs ... yes we do cause bloody Unix has 2 different
name spaces for users and groups :(
Simo.
More information about the Freeipa-devel
mailing list