[Freeipa-devel] "Commit comments log" functionality in IPA
Rich Megginson
rmeggins at redhat.com
Fri Nov 7 15:23:25 UTC 2008
Dmitri Pal wrote:
> Sumit Bose wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hi,
>>
>> here are my 0.02$
>>
>> - - for the policies it would be possible to have the commit comments
>> inside the XML file, like
>> <commit><comment>...</comment><comment>...</comment></commit>.
>>
>>
>
> Why do we need the comments inside the policy itself? Comments inside
> the policy do not male much sense to me.
> The policies are sent to the clients. So comments would be extraneous
> information that will be sent to clients for no value.
> It will also cause more replication since policies a compressed XMLs.
> Change to a comment will trigger the update of the whole attribute.
> I was thinking to have the comments stored in the object that is a
> link to the policy.
> I think they belong there as a part of an entry or a child entry (as
> you suggested), if put into DS at all.
> We also have description attribute of the link so some comments can be
> put there.
>
>> - - although I have not made up my mind if I like the idea of storing
>> the
>> commit comments in the DS or not, I would suggest to think about storing
>> the data not in a multi value attribute of the object, but in child
>> objects with an own objectclass. Then you can store who and when and
>> what into specific attributes where it would be easy to search or select
>> specific data.
>>
> Nathan, Rich. Is it a better approach from a pure technical angle?
That would give you a lot more flexibility in terms of schema, indexing,
sorting, searching, etc. And the comments would still be associated
with the data, although not as tightly coupled.
Minuses:
* comments not included directly with the data - not as tightly coupled
as having the comments in the same entry as the data - operations to the
same entry in LDAP are atomic, but operations to multiple entries are
not atomic (we have no LDAP transactions)
* the sub-entries might turn up in subtree searches, which may confuse
some applications - we might be able to "hide" these entries by making
them a subclass of ldapSubEntry objectclass - then you would only see
them if you ask for them explicitly
* more data to manage - larger databases, indexes, more entries, etc.
>
>
>> bye,
>> Sumit
>>
>>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
More information about the Freeipa-devel
mailing list