[Freeipa-devel] [PATCH] 0214 Remove 'cn' attribute from idnsRecord and idnsZone objectClasses
Petr Viktorin
pviktori at redhat.com
Wed Apr 10 11:32:48 UTC 2013
On 04/10/2013 12:56 PM, Martin Kosek wrote:
> On 04/10/2013 12:47 PM, Petr Viktorin wrote:
>> This removes the "cn" attribute from the idnsRecord objectclass.
>>
>> For more robust upgrades, any existing cn attributes are removed in preupgrade
>>
>> https://fedorahosted.org/freeipa/ticket/3514
>
> I am not sure that it is a good idea to silently remove user data on upgrades,
> User may want to migrate this data elsewhere.
>
> Wouldn't it be better to only detect this situation (i.e. some records have CN
> filled) and report that only as an upgrade warning?
>
> Martin
>
After some discussion, I removed the check completely. Searching through
the records on each upgrade just to give a warning is overkill (and yum
upgrade warnings tend to be problematic anyway).
In case of an exising cn, the upgrade will still work, but IPA won't be
able to modify the record until the cn is removed (it'll say "attribute
"cn" not allowed").
Since the misconfiguration is caused by an admin manually adding a
nonsensical attribute, this behavior is appropriate.
--
Petr³
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0214.2-Remove-cn-attribute-from-idnsRecord-and-idnsZone-obj.patch
Type: text/x-patch
Size: 5745 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130410/038bcfb5/attachment.bin>
More information about the Freeipa-devel
mailing list