On Wed, 2013-02-13 at 11:27 -0500, Simo Sorce wrote: > This is why I proposed a plugin that is limited to users and calls the > framework so we can use common code. > The *simpler* way would be to simply replicate the core framework > login > in the 389ds plugin or even *move* it there. > > But we want to keep the logic in the framework as it is more flexible > and easier to work with and extend, so I proposed a 389ds plugin that > just *asks* the framwrok for the data. This keeps the busienss loginc > in the python framewrok, yet it allows an LDAP driver to add users > properly in IPA just using LDAP calls. > > I do not see this as a slippery slope, as it would be limited to user > creation by definition. > Btw as a bonus you get an API that user can use to 'test' user creation w/o actually creating users, I think this may come useful as well for people experimenting with creating plugins, as they can tweak their plugin configuration rapidly w/o actually touching LDAP. And only use the real creation path once they are happy with the results returned by the new API. It's not a reason in itself to add this stuff but it is a nice byproduct.
Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-devel mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-devel