Looking through the AdminMgr methods, I'd propose the following methods be added to the interface (I'll turn it into a Jira issue when we're done with the discussion):
User addUser(User user, EntryCallback<User> callback); void deleteUser(User user, EntryCallback<User> callback); User updateUser(User user, EntryCallback<User> callback); The User class would need one additional method - this would be very useful just to further inspect retrieved objects but is also required within an EntryCallback: Entry getEntry(); The EntryCallback interface would look something like: @FunctionalInterface public interface EntryCallback<T extends FortressEntity> { Entry transform(T fortressEntity) throws FortressOperationAbortedException; } I originally excluded the use of a callback on the delete operation but having a callback allows the operation to be aborted (Based on values in the entry? Or when referential integrity with other entries might be violated?). As noted, having access to the underlying groupOfNames entry would also be useful. I'd argue that you would commonly expect User and Group to be more complex than Fortress' view of them since it's common to write schema extensions for them. I'd also argue that Roles, Permissions, etc are specifically Fortress implementations of the RBAC specification and they should remain black boxes to other LDAP operations. What do you think? Steve "And so I pretend not to hear her. And go out to get an envelope because I'm going to have a hell of a good time in the process of buying one envelope. I meet a lot of people. And, see some great looking babes. And a fire engine goes by. And I give them the thumbs up. And, and ask a woman what kind of dog that is. And, and I don't know. The moral of the story is, is we're here on Earth to fart around. And, of course, the computers will do us out of that. And, what the computer people don't realize, or they don't care, is we're dancing animals. You know, we love to move around. And, we're not supposed to dance at all anymore." - Kurt Vonnegut ----- Original Message ----- From: "Shawn McKinney" <smckin...@apache.org> To: fortress@directory.apache.org Sent: Thursday, October 20, 2016 9:00:51 AM Subject: Re: Custom object classes and attributes > On Oct 20, 2016, at 1:29 AM, Patrick Brunmayr <p.brunm...@linzag.at> wrote: > > - Please consider the possibility also for Groups or Roles I get groups but why roles? Can you provide a specific use case of what those attributes would be and why? > > On Oct 20, 2016, at 1:29 AM, Patrick Brunmayr <p.brunm...@linzag.at> wrote: > > - It should also be possible to set/get these extra data through the > REST interface Agreed. Everything that can be done via api call must also be doable via rest.