[Freeipa-users] Auto membership plugin

[Dmitri Pal]

On 03/30/2011 10:39 AM, Nathan Kinder wrote:
> On 03/30/2011 06:00 AM, Dmitri Pal wrote:
>> Hello,
>>
>> Please find the design for the auto membership plugin:
>> https://fedorahosted.org/freeipa/ticket/753
>> Here: http://directory.fedoraproject.org/wiki/Auto_Membership_Design
>>
>> I have some comments and questions:
>> 1) Is the AND functionality for inclusion criteria required?
> I'm not sure.  Is there a use case for it?
>> 2) How the attributes are escaped? Do they need to? Probably there will
>> be cases when they should be escaped
> Where exactly are you thinking that they need to be escaped? Why do
> you think they might need to be escaped?

Wild cards and regular expression might have special symbols like "="
"\" slashes etc.
If we decode to support AND it would probably be solved by concatenating
multiple attr=regex pairs in one attribute. I am concerned it will be a
challenge to parse.

>> 3) Parsing pairs in the value as a bit of overhead. I wonder if there is
>> any way to avoid it?
> Do you mean parsing the pair contained in the "autoMemberGroupingAttr"
> attribute in the config definition entry?  This will only be parsed
> when the definition entry is loaded at startup or when it is
> modified.  It would be stored in a different form that is more
> efficient to use when we actually need to perform auto membership
> operations.

Yes I am concerned about parsing pairs for the purposes of the modify
operation in CLI/UI.

>
> -NGK
>> 4) I have concerns about the UI and CLI, do you see any good ways to
>> mange such entries?
>>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/