On 03/30/2011 06:32 AM, Rob Crittenden wrote:
Dmitri Pal wrote:
Hello,
Please find the design for the auto membership plugin:
https://fedorahosted.org/freeipa/ticket/753
Here: http://directory.fedoraproject.org/wiki/Auto_Membership_Design
I have some comments and questions:
1) Is the AND functionality for inclusion criteria required?
2) How the attributes are escaped? Do they need to? Probably there will
be cases when they should be escaped
3) Parsing pairs in the value as a bit of overhead. I wonder if there is
any way to avoid it?
4) I have concerns about the UI and CLI, do you see any good ways to
mange such entries?
Because the configuration is stored in cn=config we would need to bind
as DM to be able to manage it (unless we want to make an exception and
allow writing here. Could a bad config could prevent 389-ds from
starting).
No. Similar to a bad DNA or managed entry setup, an error would be
logged and the bad config entry would be skipped.
I assume a restart would be needed whenever a configuration change is
made?
Only enabling the plug-in at the top level, which we could enabled by
default. The definition entry changes would be dynamic.
What happens if the target in automembertargetgroup gets removed?
I still need to fill in the "Behavior" section in the design doc, but
this plug-in is not a referential integrity plug-in. It simply monitors
ADD operations and updates the membership accordingly. Nothing is done
for MOD, DEL, or MODRDN operations.
-NGK
rob
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
