[Freeipa-devel] [PATCH] #1728 New schema for IPAv3 required attributes

Sumit Bose sbose at redhat.com
Tue Sep 20 12:59:10 UTC 2011


On Tue, Sep 20, 2011 at 08:47:58AM -0400, Simo Sorce wrote:
> On Tue, 2011-09-20 at 12:36 +0200, Sumit Bose wrote:
> > On Mon, Sep 19, 2011 at 12:34:36PM -0400, Simo Sorce wrote:
> > > Attached find a patch for new attributes and objectclasses for the IPA
> > > v3 goal of configuring trust relationships between freeipa and windows
> > > domains.
> > 
> > I think everything is ok, I just started to wonder if it is maybe safer
> > to always have a fallback primary group by making
> > ipaNTFallbackPrimaryGroup a MUST attrbute?
> 
> I thought about that and although we are probably always going to try to
> set it I did not want to force it.
> Some people may decide to remove the ipausers group or rename it or
> something and I do not want to find ourselves in a situation where
> ipa-adtrust-install can't proceed because it doesn't find a suitable
> group.

good point.

ACK

bye,
Sumit

> 
> Simo.
> 
> -- 
> Simo Sorce * Red Hat, Inc * New York
> 




More information about the Freeipa-devel mailing list