[Freeipa-devel] [PATCH] 017 ACI plugin supports prefixes
Dmitri Pal
dpal at redhat.com
Wed Jan 26 15:36:54 UTC 2011
Martin Kosek wrote:
> On Wed, 2011-01-26 at 10:20 -0500, Dmitri Pal wrote:
>
>> I took a quick look.
>>
>> Rob, I thought that there are different APIs for self and delegation. Is
>> this is the case?
>> ipa permission-... functions should never deal with self service or
>> delegation acis
>> They are just for the permission ACIs connected to the target groups.
>> I do not think this is the right approach.
>> The prefix is need but it should be automatically added if you use this
>> interface.
>>
>
> Well, this patch ensures that permission-* functions will not deal with
> selfservice od delegation ACIs. Each of these plugins has its own prefix
> (e.g. "permission:" or "delegation:") which is added to the underlying
> ACI name.
>
> Because of this, the Permission, Selfservice and Delegation plugins work
> only with ACIs with "their" prefix. Prefix is not visible for user, it
> is passed to ACI functions automatically by Permission, Delegation and
> Selfservice plugins.
>
>
Add an entirely new kind of record to IPA that isn't covered by any of the --type options, creating a permission:
- ipa permission-add --permissions=add --subtree="cn=*,cn=orange,cn=accounts,dc=example,dc=com" --desc="Add Orange Entries" add_orange
+ ipa permission-add --permissions=add --subtree="cn=*,cn=orange,cn=accounts,dc=example,dc=com" --desc="Add Orange Entries" --prefix=none add_orange
This change exposes the prefix on the command line which means you can
manage ACIs with different prefixes.
Do i misread it?
> Martin
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
>
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-devel
mailing list