[Freeipa-devel] things to be stored
Simo Sorce
ssorce at redhat.com
Fri Nov 2 16:59:38 UTC 2007
On Fri, 2007-11-02 at 11:52 -0400, Rob Crittenden wrote:
> I could care less how the configuration is stored in LDAP, either as a
> extensibleObject or with its own schema, but here is the stuff I need
> stored somewhere:
>
> userSearchFields, a list of attributes e.g.
> uid,givenName,sn,telephoneNumber,ou,title
Do this need to be ordered? Or will a multivalued attribute suffices?
> searchTimeLimit, an integer, e.g. 2
>
> customFields, a set of tuple of the form (label, attribute, required).
> All are strings. required is a boolean but will contain "true" or
> "false". This needs to be extensible as at some point we'll add a
> validator as well, and who knows what else, maybe things to limit field
> length, min/max size, etc.
>
> The current hardcoded version, in python, looks like:
>
> schema = [
> { 'label': 'See Also',
> 'field': 'seeAlso',
> 'required': 'true', } ,
> { 'label': 'O O O',
> 'field': 'o',
> 'required': 'false', } ,
> ]
ok all these strings seem to have a well defined syntax, can you do it
with a multivalued attribute like?
IpaGuiCustomField: See Also$seeAlso$true
IpaGuiCustomField: My attribute$myAttr$false
Do they need to be ordered?
can $ be a valid value in a Label ?
> Another thing we need to think about is how I'll fetch this from the
> server. Currently all requests to the server need to be authenticated
> but it would probably be better performance-wise to grab this at startup
> time. So should we allow unauthenticated requests to the XML-RPC
> interface? Currently the whole thing requires SSL and kerberos.
The server itslef accepts anonymous connections, so we have 2 options I
guess:
1) let's permit anonymous searches on the IPA GUI conf container
2) let's give turbogear a keytab (it can probably just use the apache
keytab anyway) to access this information.
Simo.
More information about the Freeipa-devel
mailing list