[Freeipa-devel] Proposal about ACI management in IPA v2

[Simo Sorce]

On Sun, 10 Oct 2010 23:27:33 -0400
Dmitri Pal <dpal at redhat.com> wrote:

> Actually the whole thing was inspired by the ACI UI from the LDAP book
> that is based on Netscape DS.
> Rob you say "What it lacks is a way to *output* an aci so it can be
> easily represented in a UI or on the command line. That is where our
> focus should be." But I do not understand what the problem is. You
> either have to display a raw ACI or some abstraction. But how you map
> the abstraction that you need to show to the raw ACI you have in the
> system? I was trying to solve exactly this problem. And I really do
> not see a way to do it differently. Do you?

The strongest objection is against creating a new LDAP object to hold a
duplicate of the ACIs. And I fully agree with the objection we do not
need duplicates in the Directory. Especially since parsing the object
is already done in the code, so the "objectified" form is not an issue.

Rob, what about creating a hash table per ACI that has named attributes
for each component of the ACI ? Would that be easier to pass to the UI ?
To we have a way to pass arrays of hash tables ? (each element of the
array is an ACI in hash table format).

Would this actually help at all? Or would it be too complex for the UI
to interpret ?

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York