[Freeipa-devel] Proposed changes to the HBAC grammar

Stephen Gallagher sgallagh at redhat.com
Thu Nov 18 21:02:11 UTC 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/18/2010 09:55 AM, Dmitri Pal wrote:
> Steve can you summarize where we are and what we agreed to, please, and
> identify the questions that we need to answer.


Simo, Adam and I had a long discussion on IRC regarding the time rules
today (complete log attached).

The short version is that we're going to continue (mostly) with the
current grammar for the time rules, with a few changes.

1) We need to replace week-of-the-month with day-of-the-septet. This day
should not be a range or multi-valued to eliminate confusion
2) We need to replace the time range with a duration
3) We should add startDate and endDate as attributes on the HBAC object
(separate from the accessTime). I propose these should be in LDAP
generalizedTime so that it's possible to construct filters around them.
This effectively sets the beginning and end of a periodic schedule.


I've drawn up a new grammar definition and published it to the SSSD wiki
(not currently linked from anywhere):
https://fedorahosted.org/sssd/wiki/HBAC_Grammar

Please review and give feedback.


- -- 
Stephen Gallagher
RHCE 804006346421761

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkzllFMACgkQeiVVYja6o6PNIwCfQeLMCrWS0dW3t+pD8raTJ7d5
/7oAmwUAFMY1XAb289ysIGzSq3sPMjJF
=a0mt
-----END PGP SIGNATURE-----
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: hbac_timerules_discussion.txt
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20101118/1d30420f/attachment.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hbac_timerules_discussion.txt.sig
Type: application/pgp-signature
Size: 72 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20101118/1d30420f/attachment.sig>

More information about the Freeipa-devel mailing list