On 06/02/2011 11:39 AM, JR Aquino wrote:
> I need feed back from the group regarding how we should present the output 
> for Clarity, the 389 Directory Server Auto Membership Plugin...
>
> Currently, the output looks like this:
>
> ---=== EXAMPLE ===---
> [root@auth2 ~]# ipa clarityrule-show testrule --all
>   dn: cn=testrule,cn=automember,cn=etc,dc=expertcity,dc=com
>   Clarity Rule: testrule
>   Membership filter: objectclass=ipaHost
>   Default Group: cn=orphans,cn=hostgroups,cn=accounts,dc=expertcity,dc=com
>   Inclusive Regex: 
> cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com::fqdn=^web[1-9]+.example.com,
>  
> cn=mailservers,cn=hostgroups,cn=accounts,dc=example,dc=com::fqdn=^mail[1-9]+.example.com,
>                    
> cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com::fqdn=^www[1-9]+.example.com
>   Exclusive Regex: 
> cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com:blacklist 
> www5:fqdn=^www5\.example\.com
>   automembergroupingattr: member:dn
>   automemberscope: dc=expertcity,dc=com
>   objectclass: top, automemberdefinition
> ---=== EXAMPLE ===---
>
> Each rule in the definition object is broken down into 3 distinct parts: 
> Group to modify, Description, Attribute + Regular Expression to match.
>
> As time progresses it will be likely that these rules could get long and 
> visually unappealing.  I would like to know how we might better represent 
> this info.
>
> Perhaps a breakout with indentation for each unique group defined in each 
> rule?
>
> ---===SUGGESTION===---
> [root@auth2 ~]# ipa clarityrule-show testrule --all
>   dn: cn=testrule,cn=automember,cn=etc,dc=expertcity,dc=com
>   Clarity Rule: testrule
>   Membership filter: objectclass=ipaHost
>   Default Group: cn=orphans,cn=hostgroups,cn=accounts,dc=expertcity,dc=com
>   Inclusive Regex: 
>         cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com
>             FrontEnd: fqdn=^web[1-9]+.example.com,
>             MainSite: fqdn=^www[1-9]+.example.com            
>         cn=mailservers,cn=hostgroups,cn=accounts,dc=example,dc=com
>             SMTP: fqdn=^mail[1-9]+.example.com,
>   Exclusive Regex: 
>         cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com
>             blacklist: www5:fqdn=^www5\.example\.com
>   automembergroupingattr: member:dn
>   automemberscope: dc=expertcity,dc=com
>   objectclass: top, automemberdefinition
> ---===SUGGESTION===---
>

This presentation assumes that the description is not empty.
In general case it is not true so I would suggest fixed labels even if
the values would have duplicates.

  Group: cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com
  Description:
  Regex: fqdn=^web[1-9]+.example.com
  -----
  Group: cn=mailservers,cn=hostgroups,cn=accounts,dc=example,dc=com
  Description:
  Regex: fqdn=^mail[1-9]+.example.com
  -----
  Group: cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com
  Description:
  Regex: fqdn=^www[1-9]+.example.com
  -----

Keep the indent that you proposed, it looks OK with the indent.

> Using these rules, the Auto Membership Plugin monitors for insertions into 
> the LDAP directory matching the Membership Filter; In this example, 
> objectclass=ipaHost
>
> The object matching the filter is then compared against the exclusive rules 
> to make sure there is not a marker which indicates the object should NOT be a 
> member of a given group.
>
> Then the object is compared against the inclusive rules to determine if there 
> is a match.
> If there is a match, the object is added to the group defined in the matching 
> rule.
> If all rules are exhausted, the object is optionally added to the group 
> defined by the Default Group attribute of the Definition.
>
> You can view the design document here for more details on the how the rules 
> are represented within the raw directory.
> http://directory.fedoraproject.org/wiki/Auto_Membership_Design
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Jr Aquino, GCIH | Information Security Specialist
> Citrix Online | 7408 Hollister Avenue | Goleta, CA 93117
> T:  +1 805.690.3478
> jr.aqu...@citrixonline.com
> http://www.citrixonline.com
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
>


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to