On Tue, 10 Mar 2015, John Dennis wrote:
On 03/10/2015 11:06 AM, Jakub Hrozek wrote:
We may need to use libraries for processing iCal rules, like libical
(http://koji.fedoraproject.org/koji/buildinfo?buildID=606329)...
Is that what Alexander said, though? In his reply, I see:
"Parsing event information would produce a rule definition we would
store and SSSD would apply as HBAC rule".
I don't think iCal dependency is something we want in SSSD, the
rules should be converted from iCal to SSSD format in a layer atop
libipa_hbac..
But doesn't the iCal rule have to be evaluated in SSSD? If so that
requires linking against libical, right?
That's why I'm saying we import iCal in IPA, not that we keep using iCal
as internal representation of time/date information for HBAC rules.
I don't really want to impose iCal horror on HBAC rule parsing engine.
I believe we can do simpler and better, given HBAC is all about ALLOW
rules on the base of default DENY action.
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
