date:20100521

Re: [Freeipa-devel] [PATCH] 449 renumber IPA schema OIDs

2010-05-21 Thread Dmitri Pal

Rob Crittenden wrote:
> Use correct OID base for ipaVolumeKey (its an objectClass, not an
> attribute).
>
> Re-number to use contiguous values. There were some pretty big gaps.
>
> rob
> 
>
> ___
> Freeipa-devel mailing list
> Freeipa-devel@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
Nack

Here are couple suggestions:
* Let us not add schema that we do not use and do not need. The policy
schema though well desinged has not been implemented. There is a risk
that it would require some changes if ever implemented. I suggest we
keep it in the tree but not include in the install.
* The volume key management schema is not used either. I would suggest
we extract it and save in a file aside but do not add into the main
schema. As things stand not this schema will not be used.
* For v2 we should use only 3,4,5,6. 1 and are reserved for v1


So the things would look like in the attached files.
I have not had a chance to make sure they load but I hope I did not miss
anything.






-- 
Thank you,
Dmitri Pal

Engineering Manager IPA project,
Red Hat Inc.


---
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

## IPA Base OID:2.16.840.1.113730.3.8
##
## Attributes:  2.16.840.1.113730.3.8.3 - V2 base attributres
## ObjectClasses:   2.16.840.1.113730.3.8.4 - V2 base objectclasses
## Attributes:  2.16.840.1.113730.3.8.5 - V2 DNS related attributres
## ObjectClasses:   2.16.840.1.113730.3.8.6 - V2 DNS related objectclasses
##
dn: cn=schema
attributeTypes: (2.16.840.1.113730.3.8.3.1 NAME 'ipaUniqueID' DESC 'Unique 
identifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.3.2 NAME 'ipaClientVersion' DESC 'Text 
string describing client version of the IPA software installed' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.3.3 NAME 'enrolledBy' DESC 'DN of 
administrator who performed manual enrollment of the host' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.3.4 NAME 'enrollmentPwd' DESC 'Password 
used to bulk enroll machines' EQUALITY octetStringMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.40{128} X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.3.18 NAME 'fqdn' DESC 'FQDN' SYNTAX 
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.3.19 NAME 'managedBy' DESC 'DNs of 
entries allowed to manage' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA 
v2')
objectClasses: (2.16.840.1.113730.3.8.4.1 NAME 'ipaHost' AUXILIARY MUST ( fqdn 
) MAY ( userPassword $ ipaClientVersion $ enrolledBy $ memberOf) X-ORIGIN 'IPA 
v2' )
objectClasses: (2.16.840.1.113730.3.8.4.44 NAME 'ipaObject' DESC 'IPA 
objectclass' AUXILIARY MUST ( ipaUniqueId ) X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730.3.8.4.2 NAME 'ipaService' DESC 'IPA service 
objectclass' AUXILIARY MAY ( memberOf $ managedBy ) X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730.3.8.4.3 NAME 'nestedGroup' DESC 'Group that 
supports nesting' SUP groupOfNames STRUCTURAL MAY memberOf X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730.3.8.4.4 NAME 'ipaUserGroup' DESC 'IPA user 
group object class' SUP nestedGroup STRUCTURAL X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730.3.8.4.5 NAME 'ipaHostGroup' DESC 'IPA host 
group object class' SUP nestedGroup STRUCTURAL X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.3.5 NAME 'memberUser' DESC 'Reference to 
a principal that performs an action (usually user).' SUP distinguishedName 
EQUALITY distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR 
distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.3.6 NAME 'userCategory' DESC 'Additional 
classification for users' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch 
SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 
'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.3.7 NAME 'memberHost' DESC 'Reference to 
a device where the operation takes place (usually host).' SUP distinguishedName 
EQUALITY distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR 
distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.3.8 NAME 'hostCategory' DESC 'Additional 
classification for hosts' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch 
SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 
'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.3.20 NAME 'serviceCategory' DESC 
'Additional classification for services' EQUALITY caseIgnoreMatch ORDERING 
caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 
1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730.3.8.3.21

Re: [Freeipa-devel] [PATCH] 449 renumber IPA schema OIDs

2010-05-21 Thread Rob Crittenden


Dmitri Pal wrote:

Rob Crittenden wrote:

Use correct OID base for ipaVolumeKey (its an objectClass, not an
attribute).

Re-number to use contiguous values. There were some pretty big gaps.

rob


___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Nack

Here are couple suggestions:
* Let us not add schema that we do not use and do not need. The policy
schema though well desinged has not been implemented. There is a risk
that it would require some changes if ever implemented. I suggest we
keep it in the tree but not include in the install.
* The volume key management schema is not used either. I would suggest
we extract it and save in a file aside but do not add into the main
schema. As things stand not this schema will not be used.
* For v2 we should use only 3,4,5,6. 1 and are reserved for v1


So the things would look like in the attached files.
I have not had a chance to make sure they load but I hope I did not miss
anything.


I made a few slight modifications but this is basically the set of files 
you provided. Updated patch attached.


rob


freeipa-449-2-schema.patch
Description: application/mbox
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 449 renumber IPA schema OIDs

2010-05-21 Thread Dmitri Pal

Rob Crittenden wrote:
> Dmitri Pal wrote:
>> Rob Crittenden wrote:
>>> Use correct OID base for ipaVolumeKey (its an objectClass, not an
>>> attribute).
>>>
>>> Re-number to use contiguous values. There were some pretty big gaps.
>>>
>>> rob
>>> 
>>>
>>>
>>> ___
>>> Freeipa-devel mailing list
>>> Freeipa-devel@redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>> Nack
>>
>> Here are couple suggestions:
>> * Let us not add schema that we do not use and do not need. The policy
>> schema though well desinged has not been implemented. There is a risk
>> that it would require some changes if ever implemented. I suggest we
>> keep it in the tree but not include in the install.
>> * The volume key management schema is not used either. I would suggest
>> we extract it and save in a file aside but do not add into the main
>> schema. As things stand not this schema will not be used.
>> * For v2 we should use only 3,4,5,6. 1 and are reserved for v1
>>
>>
>> So the things would look like in the attached files.
>> I have not had a chance to make sure they load but I hope I did not miss
>> anything.
>
> I made a few slight modifications but this is basically the set of
> files you provided. Updated patch attached.
>
> rob
Visual ack.

-- 
Thank you,
Dmitri Pal

Engineering Manager IPA project,
Red Hat Inc.


---
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 450 fixes for HBAC services

2010-05-21 Thread Rob Crittenden

Add the ipqUniqueID object to HBAC services and make sure that they get 
the memberOf attribute if they are members of service groups.


rob


freeipa-450-hbac.patch
Description: application/mbox
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 451 fix i18n test

2010-05-21 Thread Rob Crittenden


Fix this test to work from source tree root

It would work if you ran the test from its location in tests/test_ipalib
but this isn't the most common method. If you want to run it individually
you can do:

$  ./make-test tests/test_ipalib/test_text.py

rob


freeipa-451-test.patch
Description: application/mbox
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 449 renumber IPA schema OIDs

Re: [Freeipa-devel] [PATCH] 449 renumber IPA schema OIDs

Re: [Freeipa-devel] [PATCH] 449 renumber IPA schema OIDs

[Freeipa-devel] [PATCH] 450 fixes for HBAC services

[Freeipa-devel] [PATCH] 451 fix i18n test

5 matches

Site Navigation

Mail list logo

Footer information