We need a way to create our IDM users and groups in a custom suffix. Now it is hard coded to 'ou=people' for users, 'ou=groups' for groups, etc.
Also, it is important to do not break current functionality. The parameter should remain optional, with a default set to 'ou=people' for users, 'ou=groups' for groups, etc.
Metadata Update from @spichugi: - Issue assigned to sramling - Issue priority set to: Normal
Hi Simon, please go ahead and change the code as per your requirement.
Hi Sankar, sure, no problem. <img alt="0001-Issue-22-Specify-a-basedn-parameter-for-IDM-modules.patch" src="/lib389/issue/raw/files/df2047a8be8107ef8a3b31c5a20518a5963e42d98fd07540541164653858318c-0001-Issue-22-Specify-a-basedn-parameter-for-IDM-modules.patch" />
Metadata Update from @spichugi: - Issue assigned to spichugi (was: sramling)
Metadata Update from @spichugi: - Custom field Review Status adjusted to review
Seems to me the test file renames should be in a separate commit.
@rcritten I'm happy for the test renames to be here, it's not a big deal or a big change. This is still a bit of a moving target so it's okay.
As for the actual change itself, @spichugi this bit of code has always irked me a little because basedn needs to be "ou=People,<backend dn>", but there was never a good way to change it. My way wasn't very good, but you could do it with:
ua = UserAccounts(..., basedn=dc=example,dc=com) ua._basedn= ....
But it's not good to tamper with these internals.
At the same time, I'm not sure I like the extra parameter: But I don't know a better option. Because really, we now have two parameters that change the basedn, and it's not clear if basedn means the userbasedn or the server basedn, and what rdn does.
So I like the "idea" of the change, but I wonder if we can come up with a better way? If not, I think I would be happy to accept this change as is, because it also doesn't break any existing code.
@rcritten I'm happy for the test renames to be here, it's not a big deal or a big change. This is still a bit of a moving target so it's okay. As for the actual change itself, @spichugi this bit of code has always irked me a little because basedn needs to be "ou=People,<backend dn>", but there was never a good way to change it. My way wasn't very good, but you could do it with: ua = UserAccounts(..., basedn=dc=example,dc=com) ua._basedn= .... But it's not good to tamper with these internals. At the same time, I'm not sure I like the extra parameter: But I don't know a better option. Because really, we now have two parameters that change the basedn, and it's not clear if basedn means the userbasedn or the server basedn, and what rdn does. So I like the "idea" of the change, but I wonder if we can come up with a better way? If not, I think I would be happy to accept this change as is, because it also doesn't break any existing code.
@rcritten I'm happy for the test renames to be here, it's not a big deal or a big change. This is still a bit of a moving target so it's okay. As for the actual change itself, @spichugi this bit of code has always irked me a little because basedn needs to be "ou=People,<backend dn>", but there was never a good way to change it. My way wasn't very good, but you could do it with: ua = UserAccounts(..., basedn=dc=example,dc=com) ua._basedn= ....
But it's not good to tamper with these internals. At the same time, I'm not sure I like the extra parameter: But I don't know a better option. Because really, we now have two parameters that change the basedn, and it's not clear if basedn means the userbasedn or the server basedn, and what rdn does. So I like the "idea" of the change, but I wonder if we can come up with a better way? If not, I think I would be happy to accept this change as is, because it also doesn't break any existing code.
@firstyear I agree with you and my first desire was to rewrite more stuff. :) Basically, what I think we can do it is to change basedn='dc=examle,dc=com' to the basedn='ou=people,dc=example,dc=com' accordingly in all modules. It makes more sense because then we will work just with one string as we do in the majority of ldap tools.
basedn='dc=examle,dc=com'
basedn='ou=people,dc=example,dc=com'
For this, though, I'll need to rewrite lib389/cli utils. If you are okay with that I'll go for it.
lib389/cli
But the issue then is we have tools like dsidm that don't use dc=example,dc=com by default. we need to change this relatie to ou=People.....
So for now, I think your solution is best, until we can do something better :)
Metadata Update from @firstyear: - Custom field Review Status adjusted to ack (was: review)
But the issue then is we have tools like dsidm that don't use dc=example,dc=com by default. we need to change this relatie to ou=People..... So for now, I think your solution is best, until we can do something better :)
Okay. Let's improve this part later. May be someone from GSoC will join. :)
To ssh://pagure.io/lib389.git b9d2a14..8f61549 master -> master commit 8f61549 Author: Simon Pichugin spichugi@redhat.com Date: Tue Apr 11 22:47:14 2017 +0200
Metadata Update from @spichugi: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.