[Freeipa-devel] "Commit comments log" functionality in IPA

Sumit Bose sbose at redhat.com
Fri Nov 7 16:55:43 UTC 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dmitri Pal schrieb:
> 
>>>>  
>>> Nathan, Rich. Is it a better approach from a pure technical angle?
>> That would give you a lot more flexibility in terms of schema,
>> indexing, sorting, searching, etc.  And the comments would still be
>> associated with the data, although not as tightly coupled.
>>
>> Minuses:
>> * comments not included directly with the data - not as tightly
>> coupled as having the comments in the same entry as the data -
>> operations to the same entry in LDAP are atomic, but operations to
>> multiple entries are not atomic (we have no LDAP transactions)
>> * the sub-entries might turn up in subtree searches, which may confuse
>> some applications - we might be able to "hide" these entries by making
>> them a subclass of ldapSubEntry objectclass - then you would only see
>> them if you ask for them explicitly
>> * more data to manage - larger databases, indexes, more entries, etc.
>>>
> Thanks Rich. I am still struggling with understanding why we would need
> search and indexing capabilities for these comments. With generic

To be able to search for dates or user could have benefits with respect to:
- - Configuration management: if something broke and I knew it works a
week ago, I can search for changes happen during last week and with the
comments I can hopefully see which change broke my system.
- - Security/Audit: if the account of an administration was compromised I
can check what changes were made under this account

> ordered attribute we probably need. But with comments we do not. As I
> see the use case one would be interested in commit comments for an entry
> in general and would not want to search an entry in the DS that
> contained some special string (for example ticket number) by that
> string. The case is the reverse. I have the entry and what to know how
> its evolution was authorized.
> 
> I guess I am struggling with comparing the benefits of this approach and
> minuses to the mine original proposal. One of the reasons I can't assess
> the amount of work.
> I will think more about it. It seems a bit too heavy but one would argue
> that plugins are too heavy. May be. That is why I need to give it a try
> and play with it more.
> 
> 
> Thanks
> Dmitri

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkkUcwsACgkQUDGHpI6P4rr/EQCgkP0hncDRHugCRrJ6xSslMSBL
+YoAoPDqr2+1rp1SZhbNdEIT46gnPTrJ
=LcP4
-----END PGP SIGNATURE-----

More information about the Freeipa-devel mailing list