[Freeipa-devel] [PATCH] 0118 add support for subdomains

[Alexander Bokovoy]

On Mon, 23 Sep 2013, Martin Kosek wrote:
>>> However, we don't have trust type available so it needs to discovered
>>> every time. This doesn't play well with the framework, it is simply not
>>> expecting dynamic containers.
>>
>> This doesn't sound like a big obstacle to me. Right now the trust_type lookup
>> is done in trust_show.execute() for some reason, which is not the best place to
>> do it IMHO. Doing it in trust.get_dn() instead should simplify things enough to
>> make parent_object work.
>
>Yup, get_dn() is the method where object DN lookup should be done. See for
>example host.py plugin get_dn method, we also do a dynamic lookup for correct
>host name.
I'll see if that would work.

>the best way to implement dynamic DN gathering is the get_dn() method. That
>way, it could be implemented in one place and all commands could take advantage
>of it instead of re-implementing it several times in pre_callback - this is
>just hackish.
I'd suggest you look into the code. The commands use pre_callback for a
different purpose than implementing dynamic DN gathering.

>I think it would have been very useful to have a design page before sending a
>patch. It is then easier to make design decisions without having to dig into
>the patch.
The design page is there for long time:
http://www.freeipa.org/page/V3/Transitive_Trusts

-- 
/ Alexander Bokovoy