[Freeipa-devel] "Commit comments log" functionality in IPA

Rich Megginson rmeggins at redhat.com
Fri Nov 7 15:23:25 UTC 2008 

Dmitri Pal wrote:
> Sumit Bose wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hi,
>>
>> here are my 0.02$
>>
>> - - for the policies it would be possible to have the commit comments
>> inside the XML file, like
>> <commit><comment>...</comment><comment>...</comment></commit>.
>>
>>   
>
> Why do we need the comments inside the policy itself? Comments inside 
> the policy do not male much sense to me.
> The policies are sent to the clients. So comments would be extraneous 
> information that will be sent to clients for no value.
> It will also cause more replication since policies a compressed XMLs. 
> Change to a comment will trigger the update of the whole attribute.
> I was thinking to have the comments stored in the object that is a 
> link to the policy.
> I think they belong there as a part of an entry or a child entry (as 
> you suggested), if put into DS at all.
> We also have description attribute of the link so some comments can be 
> put there.
>
>> - - although I have not made up my mind if I like the idea of storing 
>> the
>> commit comments in the DS or not, I would suggest to think about storing
>> the data not in a multi value attribute of the object, but in child
>> objects with an own objectclass. Then you can store who and when and
>> what into specific attributes where it would be easy to search or select
>> specific data.
>>   
> Nathan, Rich. Is it a better approach from a pure technical angle?
That would give you a lot more flexibility in terms of schema, indexing, 
sorting, searching, etc.  And the comments would still be associated 
with the data, although not as tightly coupled.

Minuses:
* comments not included directly with the data - not as tightly coupled 
as having the comments in the same entry as the data - operations to the 
same entry in LDAP are atomic, but operations to multiple entries are 
not atomic (we have no LDAP transactions)
* the sub-entries might turn up in subtree searches, which may confuse 
some applications - we might be able to "hide" these entries by making 
them a subclass of ldapSubEntry objectclass - then you would only see 
them if you ask for them explicitly
* more data to manage - larger databases, indexes, more entries, etc.
>
>
>> bye,
>> Sumit
>>
>>   
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel

More information about the Freeipa-devel mailing list