Pavel Zůna wrote:
Okey, I think my migration patches are ready for submission.What's new?- No more forced password change after migration, unless the password doesn't meet IPA password policy. Expiration time sets correctly (hooray!). - Migration mode (adding entries with pre-hashed passwords) can now be turned ON/OFF using the ipaMigrationEnabled attribute in ipaConfig entry. - New fancy password migration page using HTML form based authentication. (CSS and looks in general will probably have to change to visually go with the rest of the webUI.)- Better error/log messages and some general code clean up.I didn't change the migration plugin to use IPA commands. Believe me, I tried. There's just too much overhead and additional work:- We need to sanitize data from DS before we feed it to the IPA commands and it's not just converting them to unicode. - There are attributes our commands do not accept as parameters and setattr/addattr doesn't really help that much there. It's going to be even worst when custom schemas kick in. Our commands also make some assumptions about attributes - like givenName/sn being required etc. It's just too hard to do it properly in a generic way.- Using IPA commands generates at least 4 times more LDAP requests. - The code is also longer.The migration plugin might still need some work and I'm thinking of ways to make it better, more readable and maintainable, but if the other patches pass and there's no big problems with it, I say we should push it, so that QE can do some testing.I'm currently writing a wiki page with step by step migration guide, but I left it open at the office and I'm sick at home at the moment, so I'm going to resume when back. I will also setup a testing environment on the blades for DS to IPA migration.Pavel
Oups, I forgot to change the spec file. Patch attached. Pavel
0001-Add-password-migration-page-files-to-the-spec-file.patch
Description: application/mbox
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
