Re: [Freeipa-users] Auto membership plugin

Wed, 30 Mar 2011 11:24:56 -0700 

On 03/30/2011 08:03 AM, Dmitri Pal wrote:

On 03/30/2011 10:39 AM, Nathan Kinder wrote:

On 03/30/2011 06:00 AM, Dmitri Pal wrote:

Hello,

Please find the design for the auto membership plugin:
https://fedorahosted.org/freeipa/ticket/753
Here: http://directory.fedoraproject.org/wiki/Auto_Membership_Design

I have some comments and questions:
1) Is the AND functionality for inclusion criteria required?

I'm not sure.  Is there a use case for it?

2) How the attributes are escaped? Do they need to? Probably there will
be cases when they should be escaped

Where exactly are you thinking that they need to be escaped? Why do
you think they might need to be escaped?

Wild cards and regular expression might have special symbols like "="
"\" slashes etc.
If we decode to support AND it would probably be solved by concatenating
multiple attr=regex pairs in one attribute. I am concerned it will be a
challenge to parse.
We use libpcre elsewhere in 389 to allow regular expressions to be used. We actually have a public regular expression API within SLAPI (the slapi_re_* functions). We would leverage these functions in this plug-in. The SASL mapping code already uses these for something similar, so there is not a new problem to solve here. 
3) Parsing pairs in the value as a bit of overhead. I wonder if there is
any way to avoid it?

Do you mean parsing the pair contained in the "autoMemberGroupingAttr"
attribute in the config definition entry?  This will only be parsed
when the definition entry is loaded at startup or when it is
modified.  It would be stored in a different form that is more
efficient to use when we actually need to perform auto membership
operations.

Yes I am concerned about parsing pairs for the purposes of the modify
operation in CLI/UI.
This is only done when loading the config, so it's a one-time penalty at startup or when the config is modified (which should be fairly rare). I wouldn't worry about this. 
-NGK

4) I have concerns about the UI and CLI, do you see any good ways to
mange such entries?


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users






_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to