On 12/15/2011 07:09 PM, Dmitri Pal wrote:
On 12/15/2011 12:24 PM, Adam Young wrote:
When updating IPA, schema changes need to be applied to each of the
the tenant trees.
API
Each of the RPCs need to allow an optional parameter tenant. Members
of the original domain with an approapriate Permission will be able to
perform operations inside the tenant specified.
Why you need this? The principal of the authenticated user will give you
the tenant domain info.
"Members of the original domain with an approapriate Permission will be
able to perform operations inside the tenant specified. "
This is the override. This allows a super user account that can clean
things up for the end users. Say the hosting domain is
fedorahosted.org, but someone in a tenant of FREEIPA has managed to
delete the admin account. d...@fedorahosted.org can make a call with
"tenant": "freeipa.org" and add a new admin account.
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
