[Fedora-directory-users] Ideas for fds
David Boreham
david_list at boreham.org
Mon Jun 13 03:06:05 UTC 2005
> From what I remember, that vpn server searched for the users dn in
> uniquemember to find a template entry, and the above is what it is
> expecting to find. How would I set up Roles and CoS entries that
> would work without changing the app (is that possible)? Can I set up
> Roles/CoS that would populate the uniquemember attribute of the
> vpntemplate entry? Is that searchable (if I remember correctly, early
> versions of CoS didn't allow you to search on cos populated
> attributes, later versions might have, and I'm not sure where in that
> line FDS is).
Yeah, I don't know about this. I was more interested in the semantics of the
checkpoint application behavior, which I think are easily implemented with
role-based cos (the end result is that the user entry has the necessary vpn
cruft on it directly, with no need to indirect to the template entry at
the client end).
If an existing application can be made to simply fetch its per-user
parameters
from attributes on the user's entry , then roles/cos will work fine.
I have no idea what proportion of deployed applications can do this,
but it seems simpler and easier than indirection via a group that acts as
a template entry. I would _hope_ that an application that supports the
fancy 'indirect via a group' thing, would also support the very simple
'read some attribute values from the user's entry' model too.
Whether or not that's a reasonable thing to hope for, I'm not sure
these days.
Just to be clear: I don't expect (nor require) that there are any
applications that 'support' roles. All the applications need to do
is to support regular ldap attributes on the user entries.
More information about the Fedora-directory-users
mailing list