In order to allow deciding which ID mapping algorithm should be used per range, we need to extend ranges with range origin type attribute.
Range origin type:
- AD winsync
- AD trust with POSIX schema
- AD trust without POSIX schema
- IPA-IPA trust
We already have fake idrange attribute "iparangetype", computed based on objectclasses. Now we need to store the type in LDAP. Following mapping could be used between LDAP values and UI:
- ipa-local -> "Local domain range"
- ipa-ad-winsync -> "AD winsync range"
- ipa-ad-trust -> "AD trust range"
- ipa-ad-trust-posix -> "AD trust range with POSIX attributes"
- ipa-ipa-trust -> "IPA trust range"
Also we need to document which ID mapping algorithm is used for which range type.
This ticket is required for trusted domains work in 3.3. It is prerequisite for #2904.
Moving to next month bucket.
This is a 3.3 Trust effort sub-ticket - set rhbz to 0.
Pushed to master: d2b943f, 11c0f05, ddb3957, f8de527
Metadata Update from @abbra:
- Issue assigned to tbabej
- Issue set to the milestone: FreeIPA 3.3 - 2013/06
to comment on this ticket.