[Freeipa-devel] [Patch] Re-base memberOf plug-in off of current FDS memberOf plug-in
Rob Crittenden
rcritten at redhat.com
Fri Jul 18 16:47:04 UTC 2008
Nathan Kinder wrote:
> Rob Crittenden wrote:
>> Nathan Kinder wrote:
>>> This fixes many, many issues with the memberOf plug-in.
>>>
>>> -NGK
>>>
>>>
>>
>> Wow, a lot to go through. I think I grok most of this.
>>
>> A couple of comments/questions.
>>
>> Most of the functions are renamed in a more generic way, I'm presuming
>> to make it easier to keep in sync with the FDS version of the plugin,
>> right?
> Yes. I want to make it as easy as possible to diff between the IPA and
> FDS memberOf plug-in code. This should help in any future fix porting
> work.
>>
>> But some functions weren't renamed, ipamo_postop_init() for one. Do we
>> want to go ahead and do that?
> This one function is the entry function for the plug-in. The
> configuration entry in dse.ldif has an attribute with this function name
> that is used to load the plug-in. I didn't want to do anything that
> required us to change the configuration entry since we'd need to handle
> making those changes during an upgrade.
>>
>> Some comment blocks look really strange in the patch too:
>>
>> - * Online tasks interface (to support import, export, etc)
>> - * After some cleanup, we could consider making these public.
>> - */
>> + * * Online tasks interface (to support import, export, etc)
>> + * * After some cleanup, we could consider making these public.
>> + * */
> That's caused by vim trying to be smart. We can clean those up.
>>
>> What is the purpose of dont_allow_that()?
> The FDS memberof plug-in allows dynamic configuration changes. In IPA,
> we are hardcoding the attribute that memberOf uses, but I wanted to
> leave the dynamic config code in place for the most part. We register
> callback functions to be invoked when one performs different operations
> against the memberOf plug-in's config entry. We don't want to allow
> anyone to modify, rename, or delete our config entry while the server is
> running, so we register dont_allow_that() as the callback for these
> types of operations. This will result in a DSE_UNWILLING_TO_PERFORM
> being returned to the client attempting to modify the config entry.
>
> -NGK
Ok, then ack
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20080718/b28e5909/attachment.bin>
More information about the Freeipa-devel
mailing list