On 04/08/2011 09:07 AM, Dmitri Pal wrote:
On 04/08/2011 11:49 AM, JR Aquino wrote:
Is there any way to capture a description associated with the regex -> group
mapping?
I was thinking that after time, it would be important to look back on rules and
know why they were put there.
Particularly in the case of regex, since it may not be completely obvious by
looking back at alphabet soup.
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
The more I think about current design the more I want to normalize things.
I would rather instead of:
dn: cn=Hostgroups,cn=Auto Membership Plugin,cn=plugins,cn=config
objectclass: autoMemberDefinition
autoMemberScope: dc=example,dc=com
autoMemberFilter: objectclass=ipaHost
autoMemberExclusiveRegex:
cn=webservers,cn=hostgroups,dc=example,dc=com:fqdn=^www5\.example\.com
autoMemberInclusiveRegex:
cn=webservers,cn=hostgroups,dc=example,dc=com:fqdn=^www[1-9]+\.example\.com
autoMemberInclusiveRegex:
cn=webservers,cn=hostgroups,dc=example,dc=com:fqdn=^web[1-9]+\.example\.com
autoMemberInclusiveRegex:
cn=mailservers,cn=hostgroups,dc=example,dc=com:fqdn=^mail[1-9]+\.example\.com
autoMemberDefaultGroup: cn=orphans,cn=hostgroups,dc=example,dc=com
autoMemberGroupingAttr: member:dn
Have something like:
dn: cn=Hostgroups,cn=Auto Membership Plugin,cn=plugins,cn=config
objectclass: autoMemberDefinition
objectclass: cnContainer
autoMemberScope: dc=example,dc=com
autoMemberFilter: objectclass=ipaHost
autoMemberRegexRule: cn=Webserver Inclusion Rule,cn=Hostgroups,cn=Auto
Membership Plugin,cn=plugins,cn=config
autoMemberRegexRule: cn=Mailserver Inclusion Rule,cn=Hostgroups,cn=Auto
Membership Plugin,cn=plugins,cn=config
autoMemberRegexRule: cn=Desktop exclusion Rule,cn=Hostgroups,cn=Auto Membership
Plugin,cn=plugins,cn=config
autoMemberDefaultGroup: cn=orphans,cn=hostgroups,dc=example,dc=com
autoMemberGroupingAttr: member:dn
dn: cn=Webserver Inclusion Rule,cn=Hostgroups,cn=Auto Membership
Plugin,cn=plugins,cn=config
objectclass: autoMemberDefinitionRegexRule
cn: Webserver Inclusion Rule
description: Rule contains regular expression to include webserver hosts into
the webserver group.
include: yes<- include or exclude
memberGroup: cn=webservers,cn=hostgroups,dc=example,dc=com
arrtibuteToMath: fgdn
expressionToMatch: ^www[1-9]+\.example\.com
Or something along those lines...
It's a nice logical layout, but it would be hard for an administrator to
figure out what exactly would happen if they were to add a host with a
specific hostname. Since the config is spread over so many entries, one
would have to look at the top level config entry to find each rule DN,
fetch each rule DN to look at the regexes. All of the information is so
spread out that you can't just look in one place to see the rules that
will be used. This could make things difficult from a troubleshooting
perspective.
The description issue is a tough one to deal with if we have the config
in the form that is currently described in the design doc. Since we
want a description per regex rule, we should need to make the
description be a part of the regex rule value instead of a separate
description attribute. I don't necessarily like this approach, as the
readability of the config will not be nice.
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users