On Wed, 2013-02-13 at 11:27 -0500, Simo Sorce wrote:
> This is why I proposed a plugin that is limited to users and calls the
> framework so we can use common code.
> The *simpler* way would be to simply replicate the core framework
> login
> in the 389ds plugin or even *move* it there.
> 
> But we want to keep the logic in the framework as it is more flexible
> and easier to work with and extend, so I proposed a 389ds plugin that
> just *asks* the framwrok for the data. This keeps the busienss loginc
> in the python framewrok, yet it allows an LDAP driver to add users
> properly in IPA just using LDAP calls.
> 
> I do not see this as a slippery slope, as it would be limited to user
> creation by definition.
> 
Btw as a bonus you get an API that user can use to 'test' user creation
w/o actually creating users, I think this may come useful as well for
people experimenting with creating plugins, as they can tweak their
plugin configuration rapidly w/o actually touching LDAP. And only use
the real creation path once they are happy with the results returned by
the new API.
It's not a reason in itself to add this stuff but it is a nice
byproduct.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to