#3647 Extend ID range attributes to include range type
Closed: Fixed None Opened 7 years ago by abbra.

In order to allow deciding which ID mapping algorithm should be used per range, we need to extend ranges with range origin type attribute.

Range origin type:
- AD winsync
- AD trust with POSIX schema
- AD trust without POSIX schema
- IPA-IPA trust

We already have fake idrange attribute "iparangetype", computed based on objectclasses. Now we need to store the type in LDAP. Following mapping could be used between LDAP values and UI:

- ipa-local -> "Local domain range"
- ipa-ad-winsync -> "AD winsync range"
- ipa-ad-trust -> "AD trust range"
- ipa-ad-trust-posix -> "AD trust range with POSIX attributes"
- ipa-ipa-trust -> "IPA trust range"

Also we need to document which ID mapping algorithm is used for which range type.

This ticket is required for trusted domains work in 3.3. It is prerequisite for #2904.

Moving to next month bucket.

This is a 3.3 Trust effort sub-ticket - set rhbz to 0.

Regression fix:[[BR]]
master: 7eb6d8c

Metadata Update from @abbra:
- Issue assigned to tbabej
- Issue set to the milestone: FreeIPA 3.3 - 2013/06

3 years ago

Login to comment on this ticket.