> On Aug 23, 2016, at 6:52 AM, Vyacheslav Vakhlyuev <[email protected]> > wrote: > >> "Now that I think more, the userroles may need boolean isGroup field, in >> addition to session, so that it is clear the value in userid field maps to >> group name." > > Wouldn't this confuse clients-side programmers? Would it be a good idea to > rename it to "memberId" and introduce a switch? >
Yes it is confusing. The name of the entity class userroles, is as well. Let’s think about it a bit more, we’ll figure something out. > > On Aug 23, 2016, at 6:52 AM, Vyacheslav Vakhlyuev <[email protected]> > wrote: > > > "I don’t think we have to modify the ldap schema at all. The current group >> object class should work. Again it will contains role dn’s instead of user >> dn’s. The only question in my mind is should we add a new container, i.e. >> ou=rolegroups. I am leaning towards ‘yes’." > > I'm not quite clear why we might need this container. Could you please > explain? I.e. we still should be able to search for Role groups in groups > container by filtering with memberId and type attributes. The new container, i.e. ou=rolegroups, isn’t strictly needed. It could reside alongside the user groups under the ou=groups container and be filtered just as you say. The separation would be for clarity. > > On Aug 23, 2016, at 6:52 AM, Vyacheslav Vakhlyuev <[email protected]> > wrote: > > "You will want to get comfortable running the junit tests. Any new methods >> will need tests to verify their functionality. Will mirantis be >> contributing this code?" > > I will definitely cover new code with tests. Also, I was trying to assign > https://issues.apache.org/jira/browse/FC-144 to myself, but it seems that I > don't have permissions. Vyacheslav you have been added as a contributor of this project (in JIRA) and the ticket has been assigned to you. Welcome aboard! Shawn
