[Freeipa-devel] [PATCH] initial Memberof checkin

[Pete Rowley]

Initial check in of memberof plugin.

Populates the memberof attribute of those entries that allow it with the 
DNs of the groupofuniquenames groups that consider the entry a member. 
Nested groups are supported.

The plugin requires to be the "owner" of the memberof attribute and so 
memberof must not be replicated (requires fractional replication) - it 
would be possible to replicate to a read only replica and not enable 
this plugin in that case. The plugin tries to do the minimum work for 
the particular operation, to be tolerant of asynchronous changes of 
state during an operation, and to be tolerant of inconsistent (e.g. 
mid-replicated) state in general.

TODO:

* move to a persistent queue model so that interrupted operations can be 
restarted
* add a task to fix up memberof for entries so that an existing dit can 
be initialized and to recover from any other situation that might leave 
memberof inconsistent with the correct state
* make sure we have equality indices set up for uniquemember and 
memberof types.
* possibly extend the group types supported (future)

-- 
Pete

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: patch.txt
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20070810/8cd6119a/attachment.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3241 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20070810/8cd6119a/attachment.bin>