[Freeipa-devel] [Patch] Re-base memberOf plug-in off of current FDS memberOf plug-in
Nathan Kinder
nkinder at redhat.com
Fri Jul 18 15:59:03 UTC 2008
Rob Crittenden wrote:
> Nathan Kinder wrote:
>> This fixes many, many issues with the memberOf plug-in.
>>
>> -NGK
>>
>>
>
> Wow, a lot to go through. I think I grok most of this.
>
> A couple of comments/questions.
>
> Most of the functions are renamed in a more generic way, I'm presuming
> to make it easier to keep in sync with the FDS version of the plugin,
> right?
Yes. I want to make it as easy as possible to diff between the IPA and
FDS memberOf plug-in code. This should help in any future fix porting work.
>
> But some functions weren't renamed, ipamo_postop_init() for one. Do we
> want to go ahead and do that?
This one function is the entry function for the plug-in. The
configuration entry in dse.ldif has an attribute with this function name
that is used to load the plug-in. I didn't want to do anything that
required us to change the configuration entry since we'd need to handle
making those changes during an upgrade.
>
> Some comment blocks look really strange in the patch too:
>
> - * Online tasks interface (to support import, export, etc)
> - * After some cleanup, we could consider making these public.
> - */
> + * * Online tasks interface (to support import, export, etc)
> + * * After some cleanup, we could consider making these public.
> + * */
That's caused by vim trying to be smart. We can clean those up.
>
> What is the purpose of dont_allow_that()?
The FDS memberof plug-in allows dynamic configuration changes. In IPA,
we are hardcoding the attribute that memberOf uses, but I wanted to
leave the dynamic config code in place for the most part. We register
callback functions to be invoked when one performs different operations
against the memberOf plug-in's config entry. We don't want to allow
anyone to modify, rename, or delete our config entry while the server is
running, so we register dont_allow_that() as the callback for these
types of operations. This will result in a DSE_UNWILLING_TO_PERFORM
being returned to the client attempting to modify the config entry.
-NGK
>
> rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3254 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20080718/183312d5/attachment.bin>
More information about the Freeipa-devel
mailing list