[Freeipa-devel] Re: things to be stored
Simo Sorce
ssorce at redhat.com
Thu Nov 15 18:32:53 UTC 2007
On Tue, 2007-11-13 at 15:09 -0500, Rob Crittenden wrote:
> Rob Crittenden wrote:
> > I could care less how the configuration is stored in LDAP, either as a
> > extensibleObject or with its own schema, but here is the stuff I need
> > stored somewhere:
> >
> > userSearchFields, a list of attributes e.g.
> > uid,givenName,sn,telephoneNumber,ou,title
> >
> > searchTimeLimit, an integer, e.g. 2
> >
> > customFields, a set of tuple of the form (label, attribute, required).
> > All are strings. required is a boolean but will contain "true" or
> > "false". This needs to be extensible as at some point we'll add a
> > validator as well, and who knows what else, maybe things to limit field
> > length, min/max size, etc.
> >
> > The current hardcoded version, in python, looks like:
> >
> > schema = [
> > { 'label': 'See Also',
> > 'field': 'seeAlso',
> > 'required': 'true', } ,
> > { 'label': 'O O O',
> > 'field': 'o',
> > 'required': 'false', } ,
> > ]
> >
> > Another thing we need to think about is how I'll fetch this from the
> > server. Currently all requests to the server need to be authenticated
> > but it would probably be better performance-wise to grab this at startup
> > time. So should we allow unauthenticated requests to the XML-RPC
> > interface? Currently the whole thing requires SSL and kerberos.
>
> Found some more things to store:
>
> - root of home directory (e.g. /home, /u, /export1/home, whatever)
> - default shell (going with /bin/bash by default)
> - default group that new users are automatically added to (ipausers by
> default)
This schema might do it:
http://simo.fedorapeople.org/ipa-config-schema.ldif
Rich I'd like a comment from you as well if you have time.
Simo.
More information about the Freeipa-devel
mailing list