[Freeipa-devel] [PATCH] 34 Create FreeIPA CLI Plugin for the 389 Auto Membership plugin
Rob Crittenden
rcritten at redhat.com
Wed Aug 3 14:32:53 UTC 2011
JR Aquino wrote:
> On Aug 2, 2011, at 5:55 AM, "Rob Crittenden"<rcritten at redhat.com> wrote:
>> JR Aquino wrote:
>>>
>>> I am fairly opposed to removing 'default' attrs which the rules are applied to... I am happy to provide a means to override them.
>>>
>>> While it may be second nature for all of us to know that there is an fqdn attribute, etc, our consumers are likely not going to intrinsically know our schema. We also deliberately mask the real attribute names in the framework. (fqdn = Host name)
>>>
>>> Providing a default feels like a happy medium which allows for ease of use and somewhat of a safety belt against users defining an incorrect attribute name.
>>>
>>> It also might get somewhat tiring to constantly provide --key=fqdn every time you add a hostname regex?
>>
>> Ok, but when you display rules fqdn is displayed. How are users to know
>> they shouldn't include fqdn= when removing existing rules?
>
> I guess my preference would be to heavily document, in the example, the plugin, and the docs...
>
> My concern is that without a default, a typo in the attr would produce unintended results. Without a schema checker, it's kinda tough to take an attr at face value from a user. Does the python ldap implementation have a means to check schema in order to verify an attribute?
>
> The design of the automember pluginhHaving the attr in the Regex does make for some complexity....
>
We do have a schema checker. You can test for existence of an attribute
with something like:
import ldap as _ldap
obj = ldap.schema.get_obj(_ldap.schema.AttributeType, attr)
if obj is None:
# Error, no such attribute
rob
More information about the Freeipa-devel
mailing list