[Freeipa-users] Auto membership plugin
Rob Crittenden
rcritten at redhat.com
Wed Mar 30 13:32:17 UTC 2011
Dmitri Pal wrote:
> Hello,
>
> Please find the design for the auto membership plugin:
> https://fedorahosted.org/freeipa/ticket/753
> Here: http://directory.fedoraproject.org/wiki/Auto_Membership_Design
>
> I have some comments and questions:
> 1) Is the AND functionality for inclusion criteria required?
> 2) How the attributes are escaped? Do they need to? Probably there will
> be cases when they should be escaped
> 3) Parsing pairs in the value as a bit of overhead. I wonder if there is
> any way to avoid it?
> 4) I have concerns about the UI and CLI, do you see any good ways to
> mange such entries?
>
Because the configuration is stored in cn=config we would need to bind
as DM to be able to manage it (unless we want to make an exception and
allow writing here. Could a bad config could prevent 389-ds from starting).
I assume a restart would be needed whenever a configuration change is made?
What happens if the target in automembertargetgroup gets removed?
rob
More information about the Freeipa-users
mailing list