[Freeipa-devel] [PATCHES] 0080-0081 Add userClass attributes for users and hosts
Ana Krivokapic
akrivoka at redhat.com
Tue Nov 12 12:27:53 UTC 2013
On 10/30/2013 09:56 PM, Martin Kosek wrote:
> ----- Original Message -----
>> From: "Simo Sorce" <simo at redhat.com>
>> To: "Ana Krivokapic" <akrivoka at redhat.com>
>> Cc: "Martin Kosek" <mkosek at redhat.com>, "freeipa-devel" <freeipa-devel at redhat.com>
>> Sent: Wednesday, October 30, 2013 7:11:20 PM
>> Subject: Re: [Freeipa-devel] [PATCHES] 0080-0081 Add userClass attributes for users and hosts
>>
>> On Wed, 2013-10-30 at 19:01 +0100, Ana Krivokapic wrote:
>>> On 10/29/2013 02:04 PM, Simo Sorce wrote:
>>>> On Tue, 2013-10-29 at 12:42 +0100, Martin Kosek wrote:
>>>>> On 10/29/2013 10:49 AM, Ana Krivokapic wrote:
>>>>>> Hello,
>>>>>>
>>>>>> Patch 0080 adds userClass attribute for users to IPA CLI.
>>>>>> Patch 0081 adds userClass attribute for users and hosts to the web UI.
>>>>>>
>>>>>> Design page:
>>>>>> http://www.freeipa.org/page/V3/Integration_with_a_provisioning_systems
>>>>>>
>>>>>> Tickets:
>>>>>> https://fedorahosted.org/freeipa/ticket/3588
>>>>>> https://fedorahosted.org/freeipa/ticket/3590
>>>>> NACK to just extending posixAccount objectclass. This is a standard
>>>>> objectclass
>>>>> defined by RFC 2307 and we cannot just simply extend and overwrite it as
>>>>> we wish.
>>>> Uhh indeed this is a big No-no.
>>>>
>>>>> We will need to come up with some custom objectclass, like ipaUser. This
>>>>> is the
>>>>> reason why I wrote to ticket "A second goal of this ticket is to review
>>>>> current
>>>>> objectClass hierarchy of users and do changes if needed." so that we can
>>>>> pick
>>>>> the best option where to place it.
>>>> userClass is used in ipaHost, so I guess it could be instead add to an
>>>> ipa objectclass. ipaObject might be used perhaps, otherwise we'll need a
>>>> new ipaUser objectlass.
>>>>
>>>> Simo.
>>>>
>>> If there are no objections to using the ipaObject objectclass, the attached
>>> patches implement this approach.
>> After some thinking ipaObject is more generic than just users, not sure
>> that attaching userClass there is appropriate. I think we really need
>> ipaUser at this point.
> +1. I also do not think that ipaObject is the right OC to place the attribute, it is just too general.
>
> Let's go with the ipaUser objectClass, looking something like that:
>
> ( <OID> NAME 'ipaUser' AUXILIARY MUST ( uid ) MAY ( userClass ) X-ORIGIN 'IPA v3' )
>
> We will need to add the OC when needed, we cannot just add it to default list. Ideally, we could also implement
> https://fedorahosted.org/freeipa/ticket/3922
> in scope of this effort as this need to add additional OCs is piling up.
>
> Martin
This implementation introduces a new objectclass 'ipaUser'.
--
Regards,
Ana Krivokapic
Associate Software Engineer
FreeIPA team
Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-akrivoka-0080-03-Add-userClass-attribute-for-users.patch
Type: text/x-patch
Size: 13437 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20131112/f489d697/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-akrivoka-0081-02-WebUI-Add-userClass-attribute-to-user-and-host-pages.patch
Type: text/x-patch
Size: 2223 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20131112/f489d697/attachment-0001.bin>
More information about the Freeipa-devel
mailing list