[Freeipa-devel] [PATCH 0072] Provide ipa-client-advise tool

Tomas Babej tbabej at redhat.com
Wed Jun 19 18:37:55 UTC 2013 

On 06/19/2013 08:30 PM, Rob Crittenden wrote:
> Tomas Babej wrote:
>> [big snip]
>>
>> Providing new version which should address mentioned issues:
>>    - advice plugins now inherit directly from Plugin, initial approach
>> via Method class was abandoned
>>    - new Namespace api.Advice collects all the advice plugins
>>    - tool renamed to ipa-advise to express a more general use case
>>
>> Additional improvements:
>>    - keywords are now generated out of Advice class's name, where
>> underscores are replaced by hyphens
>>    - rewritten the example plugin in the docs, and provided more
>> information there
>>    - instead of --setup option to provide configuration, ipa-advise
>> takes one positional argument
>>    - renamed to ipa-advise
>>
>> Concerns:
>>    - man page might need more improvements
>>
>> I'll craft a design page for plugin authors, might be useful, even if
>> the info is in the package docs.
>>
>> -----------------------------------------------
>> Here's a little preview:
>>
>> [tbabej at vm-001 ~]$ sudo ipa-advise fedora-authconfig
>> ------------------------------------------------------------------------------------------------ 
>>
>>
>> Authconfig instructions for configuring Fedora 18/19 client with IPA
>> server without use of SSSD.
>> ------------------------------------------------------------------------------------------------ 
>>
>>
>> /sbin/authconfig --enableldap --ldapserver=vm-001.idm.com
>> --enablerfc2307bis --enablekrb5
>>
>> [tbabej at vm-001 ~]$ sudo ipa-advise fedora-authconfig4
>> invalid 'setup': No instructions are available for 'fedora_authconfig4'.
>> See the list of available configuration advices using the --list option.
>>
>> [tbabej at vm-001 ~]$ sudo ipa-advise
>> -------------------------
>> List of available advices
>> -------------------------
>>      fedora-authconfig : Authconfig instructions for configuring Fedora
>> 18/19 client with IPA server without use of SSSD.
>
> If it's just providing advise why does it need root access? Or is it 
> expected to provide advise based on current configuration?
>
> rob
>
Original purpose I had in mind was to provide an option for plugin 
authors to connect via autobind to the LDAP.

Now there's also a option of using our api commands, e.g. to read 
trust-related information out of the tree. However some parts of the 
tree are not exposed, so if some plugin needs to access information, 
about replica topology for example, I guess they would need to use this 
approach.

Tomas

More information about the Freeipa-devel mailing list