JR Aquino wrote:
On Aug 2, 2011, at 5:55 AM, "Rob Crittenden"<rcrit...@redhat.com>  wrote:
JR Aquino wrote:

I am fairly opposed to removing 'default' attrs which the rules are applied 
to...  I am happy to provide a means to override them.

While it may be second nature for all of us to know that there is an fqdn 
attribute, etc, our consumers are likely not going to intrinsically know our 
schema.  We also deliberately mask the real attribute names in the framework. 
(fqdn = Host name)

Providing a default feels like a happy medium which allows for ease of use and 
somewhat of a safety belt against users defining an incorrect attribute name.

It also might get somewhat tiring to constantly provide --key=fqdn every time 
you add a hostname regex?

Ok, but when you display rules fqdn is displayed. How are users to know
they shouldn't include fqdn= when removing existing rules?

I guess my preference would be to heavily document, in the example, the plugin, 
and the docs...

My concern is that without a default, a typo in the attr would produce 
unintended results.  Without a schema checker, it's kinda tough to take an attr 
at face value from a user.  Does the python ldap implementation have a means to 
check schema in order to verify an attribute?

The design of the automember pluginhHaving the attr in the Regex does make for 
some complexity....


We do have a schema checker. You can test for existence of an attribute with something like:

import ldap as _ldap
obj = ldap.schema.get_obj(_ldap.schema.AttributeType, attr)
if obj is None:
    # Error, no such attribute

rob

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to