[Freeipa-devel] [PATCH] command-line delegation
Kevin McCarthy
kmccarth at redhat.com
Thu Oct 25 16:52:29 UTC 2007
Kevin McCarthy wrote:
> Simo Sorce wrote:
> > On Thu, 2007-10-25 at 09:41 -0700, Kevin McCarthy wrote:
> > > Simo Sorce wrote:
> > > > On Thu, 2007-10-25 at 11:49 -0400, Rob Crittenden wrote:
> > > > >
> > > > > That's easy then because all ACI's are currently going into the same
> > > > > location on the tree: cn=accounts.
> > > >
> > > > We already have ACIs elsewhere, are we limiting this at the RPC level ??
> > > > Or is this just a GUI limitation?
> > >
> > > This is just the direction Pete provided to me. Right now, the API and
> > > GUI is written to edit just here.
> >
> > Would it be difficult to modify the RPC API to add a dn parameter ?
>
> Well, the idea behind it was to hide the need for the client to "know"
> about the specific DN that contains the ACI's in order to edit them. We
> can change this assumption, but I'd rather get Pete involved in that
> disussion first, since his ideas were what I was going on. (And I think
> there are a lot of conflicting ideas about ACI's within the team).
Also, replying to myself, there is an API call get_entry_by_dn - so
nothing prevents a client from using that directly to retrieve a
different entry in the tree and directly manipulate the ACIs.
-Kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4054 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20071025/a6ac03d3/attachment.bin>
More information about the Freeipa-devel
mailing list