MJ J wrote:
Sure, it can be improved to become invulnerable to the academically imaginative race conditions that are not going to happen in real life. That will go to the very bottom of my list of things to do now, thanks.
Adding a couple of lines of Python code is such a low-hanging fruit, especially since there free examples out there. Would have been less time than writing the list postings.
FreeIPA is a cool concept, too bad it's not scalable or multi-tenant capable.
Æ-DIR aims to provide similar features while providing a much better level of isolation (need-to-know, least privilege). I'd not call it multi-tenant approach though because I'm super-cautious with that term. Full multi-tenancy can always be achieved by setting up new instance in a separate name space anyway. But that's not what people usually want.
Ciao, Michael.