[Freeipa-devel] Re: things to be stored

Rich Megginson rmeggins at redhat.com
Thu Nov 15 18:41:00 UTC 2007 

Simo Sorce wrote:
> On Tue, 2007-11-13 at 15:09 -0500, Rob Crittenden wrote:
>   
>> Rob Crittenden wrote:
>>     
>>> I could care less how the configuration is stored in LDAP, either as a 
>>> extensibleObject or with its own schema, but here is the stuff I need 
>>> stored somewhere:
>>>
>>> userSearchFields, a list of attributes e.g. 
>>> uid,givenName,sn,telephoneNumber,ou,title
>>>
>>> searchTimeLimit, an integer, e.g. 2
>>>
>>> customFields, a set of tuple of the form (label, attribute, required). 
>>> All are strings. required is a boolean but will contain "true" or 
>>> "false". This needs to be extensible as at some point we'll add a 
>>> validator as well, and who knows what else, maybe things to limit field 
>>> length, min/max size, etc.
>>>
>>> The current hardcoded version, in python, looks like:
>>>
>>>         schema = [
>>>           { 'label': 'See Also',
>>>             'field': 'seeAlso',
>>>             'required': 'true', } ,
>>>           { 'label': 'O O O',
>>>             'field': 'o',
>>>             'required': 'false', } ,
>>>         ]
>>>
>>> Another thing we need to think about is how I'll fetch this from the 
>>> server. Currently all requests to the server need to be authenticated 
>>> but it would probably be better performance-wise to grab this at startup 
>>> time. So should we allow unauthenticated requests to the XML-RPC 
>>> interface? Currently the whole thing requires SSL and kerberos.
>>>       
>> Found some more things to store:
>>
>> - root of home directory (e.g. /home, /u, /export1/home, whatever)
>> - default shell (going with /bin/bash by default)
>> - default group that new users are automatically added to (ipausers by 
>> default)
>>     
>
>
> This schema might do it:
> http://simo.fedorapeople.org/ipa-config-schema.ldif
>
> Rich I'd like a comment from you as well if you have time.
>   
Looks good.  It looks similar to the DUA Config Profile schema - 
http://tools.ietf.org/html/rfc4876
> Simo.
>
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20071115/2a651cb7/attachment.bin>

More information about the Freeipa-devel mailing list