Domain Display Optional

server/lib/src/constants/mod.rs

@@ -85,7 +85,7 @@ pub const DOMAIN_LEVEL_11: DomainVersion = 11;
 
 // The minimum level that we can re-migrate from.
 // This should be DOMAIN_TGT_LEVEL minus 2
-pub const DOMAIN_MIN_REMIGRATION_LEVEL: DomainVersion = DOMAIN_TGT_LEVEL - 2;
+pub const DOMAIN_MIN_REMIGRATION_LEVEL: DomainVersion = DOMAIN_LEVEL_7;
 // The minimum supported domain functional level (for replication)
 pub const DOMAIN_MIN_LEVEL: DomainVersion = DOMAIN_TGT_LEVEL;
 // The previous releases domain functional level

server/lib/src/constants/schema.rs

@@ -1209,6 +1209,30 @@ pub static ref SCHEMA_CLASS_DOMAIN_INFO_DL9: SchemaClass = SchemaClass {
     ..Default::default()
 };
 
+pub static ref SCHEMA_CLASS_DOMAIN_INFO_DL10: SchemaClass = SchemaClass {
+    uuid: UUID_SCHEMA_CLASS_DOMAIN_INFO,
+    name: EntryClass::DomainInfo.into(),
+    description: "Local domain information and configuration".to_string(),
+
+    systemmay: vec![
+        Attribute::DomainSsid,
+        Attribute::DomainLdapBasedn,
+        Attribute::LdapAllowUnixPwBind,
+        Attribute::Image,
+        Attribute::PatchLevel,
+        Attribute::DomainDevelopmentTaint,
+        Attribute::DomainAllowEasterEggs,
+        Attribute::DomainDisplayName,
+    ],
+    systemmust: vec![
+        Attribute::Name,
+        Attribute::DomainUuid,
+        Attribute::DomainName,
+        Attribute::Version,
+    ],
+    ..Default::default()
+};
+
 pub static ref SCHEMA_CLASS_POSIXGROUP: SchemaClass = SchemaClass {
     uuid: UUID_SCHEMA_CLASS_POSIXGROUP,
     name: EntryClass::PosixGroup.into(),

server/lib/src/plugins/domain.rs

@@ -109,8 +109,15 @@ impl Domain {
                     debug!("plugin_domain: NOT Applying domain version transform");
                 };
 
-                // create the domain_display_name if it's missing
-                if !e.attribute_pres(Attribute::DomainDisplayName) {
+                // create the domain_display_name if it's missing. This was the behaviour in versions
+                // prior to DL10. Rather than checking the domain version itself, the issue is we
+                // have to check the min remigration level. This is because during a server setup
+                // we start from the MIN remigration level and work up, and the domain version == 0.
+                //
+                // So effectively we only skip setting this value after we know that we are at DL12
+                // since we could never go back to anything lower than 10 at that point.
+                if DOMAIN_MIN_REMIGRATION_LEVEL < DOMAIN_LEVEL_10
+                    && !e.attribute_pres(Attribute::DomainDisplayName) {
                     let domain_display_name = Value::new_utf8(format!("Kanidm {}", qs.get_domain_name()));
                     security_info!("plugin_domain: setting default domain_display_name to {:?}", domain_display_name);
 

server/lib/src/server/migrations.rs

@@ -764,6 +764,21 @@ impl QueryServerWriteTransaction<'_> {
             return Err(OperationError::MG0004DomainLevelInDevelopment);
         }
 
+        // =========== Apply changes ==============
+
+        // Now update schema
+        let idm_schema_changes = [SCHEMA_CLASS_DOMAIN_INFO_DL10.clone().into()];
+
+        idm_schema_changes
+            .into_iter()
+            .try_for_each(|entry| self.internal_migrate_or_create(entry))
+            .map_err(|err| {
+                error!(?err, "migrate_domain_9_to_10 -> Error");
+                err
+            })?;
+
+        self.reload()?;
+
         Ok(())
     }
 

server/lib/src/server/mod.rs

@@ -2394,7 +2394,7 @@ impl<'a> QueryServerWriteTransaction<'a> {
         let display_name = domain_entry
             .get_ava_single_utf8(Attribute::DomainDisplayName)
             .map(str::to_string)
-            .ok_or(OperationError::InvalidEntryState)?;
+            .unwrap_or_else(|| format!("Kanidm {}", domain_name));
 
         let domain_ldap_allow_unix_pw_bind = domain_entry
             .get_ava_single_bool(Attribute::LdapAllowUnixPwBind)