[Freeipa-devel] [Update] Time-Based Account Policies
Stanislav Laznicka
slaznick at redhat.com
Fri Aug 21 09:26:49 UTC 2015
Hi all,
I have been working on the changes regarding the time-based policies
that were proposed earlier this month on this mailing list. The minor
change was the addition of the 'dayofyear' and 'weekofyear' language
keywords and their functionality. A rather major change was the addition
of a behavior similar to the one of the iCalendar recurrence rules.
The minor change is obvious, let me elaborate on the bigger one. It was
implemented as I proposed earlier on this list. Language-wise, it works
like this:
repeat=<date1>[-<date2>]+<num><type>
where <dateX> takes the form of YYYYMMDD, date1 is the starting date,
date2 is the ending date and is optional. The <num> after '+' denotes
the length of each repetition and <type> is one of d/w/m/y which stands
for daily/weekly/monthly/yearly. Therefore, "+1d" means every day (from
the starting day), "+2w" every other week etc.
The limits set by the 'repeat' keyword can be extended/limited similarly
as in iCalendar using the current language, e.g. 'dayofweek' can be used
to extend ranges in weekly/monthly/yearly from one certain day in
week/month/year for a set of these days but it limits the days
applicable in daily mode. For more information, see either
http://tools.ietf.org/html/rfc5545#section-3.3.10 or, preferably, the
code (sssd - 0004 patch, the check_repeat function).
I should also mention that the COUNT feature from iCalendar is not
implemented for reasons I stated in my last mail
(https://www.redhat.com/archives/freeipa-devel/2015-August/msg00075.html).
I would also like to ask someone from SSSD to have at least a brief look
at the code I am posting now, especially the changes in patches 1,2 and
4. I wonder if I should make a separate post on sssd-devel for that.
If you have any notes or suggestions on the current state of the time
rules, please, let me know.
Many thanks,
Standa Laznicka
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-stlaz-0001-Added-time-based-policies-types-to-LDAP-schema.patch
Type: text/x-patch
Size: 3072 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150821/a10bf8be/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-stlaz-0002-Added-methods-for-setting-time-based-policies.patch
Type: text/x-patch
Size: 31309 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150821/a10bf8be/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-stlaz-0003-Created-basic-UI-for-setting-time-policies-at-HBAC-r.patch
Type: text/x-patch
Size: 17682 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150821/a10bf8be/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-stlaz-0004-Added-the-repeat-keyword.patch
Type: text/x-patch
Size: 4215 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150821/a10bf8be/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sssd-stlaz-0001-Added-caching-of-time-policies-for-IPA-HBAC-rules.patch
Type: text/x-patch
Size: 11566 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150821/a10bf8be/attachment-0004.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sssd-stlaz-0002-Added-evaluation-of-time-policies-in-HBAC-objects.patch
Type: text/x-patch
Size: 21959 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150821/a10bf8be/attachment-0005.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sssd-stlaz-0003-Added-Python-bindings-for-FreeIPA-time-policies.patch
Type: text/x-patch
Size: 34653 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150821/a10bf8be/attachment-0006.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sssd-stlaz-0004-IPA-Added-the-repeat-keyword-functionality.patch
Type: text/x-patch
Size: 25696 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150821/a10bf8be/attachment-0007.bin>
More information about the Freeipa-devel
mailing list