Re: [Freeipa-devel] [PATCH] 0087 Warn about DNA plugin configuration when working with local ID ranges

Wed, 10 Oct 2012 03:00:58 -0700 

On Wed, 10 Oct 2012, Sumit Bose wrote:

On Wed, Oct 10, 2012 at 10:51:11AM +0300, Alexander Bokovoy wrote:


Warn about manual DNA plugin configuration when working with local ID ranges
since we currently do not support automatic pick up of the changed
settings for local ID ranges by the DNA plugin.
https://fedorahosted.org/freeipa/ticket/3116


--
/ Alexander Bokovoy



>From 2c98296a26b2176d2ae07257078a1fd460dd90ec Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <aboko...@redhat.com>
Date: Wed, 10 Oct 2012 10:03:40 +0300
Subject: [PATCH 4/5] Warn about DNA plugin configuration when working with
 local ID ranges

https://fedorahosted.org/freeipa/ticket/3116
---
 ipalib/plugins/idrange.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/ipalib/plugins/idrange.py b/ipalib/plugins/idrange.py
index 
8f2d4efdc0463e7d81cd72fba7769e38dc0c638b..ef712de4f8663f374097eb737a5f4c71097b61f6
 100644
--- a/ipalib/plugins/idrange.py
+++ b/ipalib/plugins/idrange.py
@@ -111,7 +111,6 @@ Typically the creation of ID ranges happens behind the 
scenes and this CLI
 must not be used at all. The ID range for the local domain will be created
 during installation or upgrade from an older version. The ID range for a
 trusted domain will be created together with the trust by 'ipa trust-add ...'.
-The use cases for this CLI are

 USE CASES:

@@ -141,6 +140,15 @@ the domain SID. E.g. if the domain SID is 
S-1-5-21-123-456-789 and a user from
 this domain has the SID S-1-5-21-123-456-789-1010 then 1010 id the RID of the
 user. RIDs are unique in a domain, 32bit values and are used for users and
 groups.
+
+WARNING:
+
+DNA plugin in 389-ds will allocate IDs based on the ranges configured for the
+local domain. Currently the DNA plugin *cannot* be reconfigured itself based
+on the local ranges set via this family of commands.
+
+Manual configuration change has to be done in the DNA plugin configuration to
+match with the new range.
 """)


I wonder if we should add a sentence like "See section 'Managing Unique
UID and GID Number Assignments' in the FreeIPA Documentation for
details' to point the admin to the right directory? Or replace the last
sentence with something more explicit like 'The dnaNextRange attribute
of 'cn=Posix IDs,cn=Distributed Numeric Assignment
Plugin,cn=plugins,cn=config' has to be modified to match the new range'?

Updated the patch, also adding the same warning to the 'idrange-add'
help.

--
/ Alexander Bokovoy

>From d3fcc6f4202ae610b287535a696098040180f026 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <aboko...@redhat.com>
Date: Wed, 10 Oct 2012 10:03:40 +0300
Subject: [PATCH 4/5] Warn about DNA plugin configuration when working with
 local ID ranges

https://fedorahosted.org/freeipa/ticket/3116
---
 ipalib/plugins/idrange.py | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/ipalib/plugins/idrange.py b/ipalib/plugins/idrange.py
index 
8f2d4efdc0463e7d81cd72fba7769e38dc0c638b..75470811750f745c9b89268074830439bfc06bce
 100644
--- a/ipalib/plugins/idrange.py
+++ b/ipalib/plugins/idrange.py
@@ -111,7 +111,6 @@ Typically the creation of ID ranges happens behind the 
scenes and this CLI
 must not be used at all. The ID range for the local domain will be created
 during installation or upgrade from an older version. The ID range for a
 trusted domain will be created together with the trust by 'ipa trust-add ...'.
-The use cases for this CLI are
 
 USE CASES:
 
@@ -141,6 +140,17 @@ the domain SID. E.g. if the domain SID is 
S-1-5-21-123-456-789 and a user from
 this domain has the SID S-1-5-21-123-456-789-1010 then 1010 id the RID of the
 user. RIDs are unique in a domain, 32bit values and are used for users and
 groups.
+
+WARNING:
+
+DNA plugin in 389-ds will allocate IDs based on the ranges configured for the
+local domain. Currently the DNA plugin *cannot* be reconfigured itself based
+on the local ranges set via this family of commands.
+
+Manual configuration change has to be done in the DNA plugin configuration for
+the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix
+IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to be
+modified to match the new range.
 """)
 
 class idrange(LDAPObject):
@@ -287,6 +297,17 @@ class idrange_add(LDAPCreate):
         --dom-sid
 
     must be given to add a new range for a trusted AD domain.
+
+    WARNING:
+
+    DNA plugin in 389-ds will allocate IDs based on the ranges configured for 
the
+    local domain. Currently the DNA plugin *cannot* be reconfigured itself 
based
+    on the local ranges set via this family of commands.
+
+    Manual configuration change has to be done in the DNA plugin configuration 
for
+    the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix
+    IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to 
be
+    modified to match the new range.
     """)
 
     msg_summary = _('Added ID range "%(value)s"')
-- 
1.7.12


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel





















					Reply via email to