[389-devel] Re: [discuss] composable object types in lib389

2019-01-28 Thread Ludwig
On 01/22/2019 08:57 AM, Anuj Borah wrote: @Ludwig Krispenz   , exactly, Please check attached script , how it is implemented . Filter role and aci combination . I tried to run this, but after a sequence of failures I gave up, first it tried to import

[389-devel] Re: [discuss] composable object types in lib389

2019-01-22 Thread Ludwig
On 01/22/2019 09:51 AM, Anuj Borah wrote: @Ludwig Krispenz   The script i have attached in my previous mail was ported from the TET script . Now i am attaching the main bash script , please check it out. I'll do it once again, but William and I had asked several

[389-devel] Re: [discuss] composable object types in lib389

2019-01-22 Thread Anuj Borah
@Ludwig Krispenz The script i have attached in my previous mail was ported from the TET script . Now i am attaching the main bash script , please check it out. On Tue, Jan 22, 2019 at 1:48 PM Ludwig wrote: > > > On 01/22/2019 08:57 AM, Anuj Borah wrote: > > @Ludwig Krispenz , exactly,

[389-devel] Re: [discuss] composable object types in lib389

2019-01-22 Thread Ludwig
On 01/22/2019 08:57 AM, Anuj Borah wrote: @Ludwig Krispenz   , exactly, Please check attached script , how it is implemented . Filter role and aci combination . But this is not testing role based acis, your bind rule always is userdn=, and you are using the

[389-devel] Re: [discuss] composable object types in lib389

2019-01-21 Thread Anuj Borah
@Ludwig Krispenz , exactly, Please check attached script , how it is implemented . Filter role and aci combination . On Tue, Jan 22, 2019 at 1:13 PM Ludwig wrote: > > > On 01/21/2019 11:01 PM, William Brown wrote: > > > >> On 21 Jan 2019, at 17:08, Anuj Borah wrote: > >> > >> One small

[389-devel] Re: [discuss] composable object types in lib389

2019-01-21 Thread Ludwig
On 01/21/2019 11:01 PM, William Brown wrote: On 21 Jan 2019, at 17:08, Anuj Borah wrote: One small correction here : using newly created nsUserAccountRole and nsUserAccountRoles ( Will be used only to create filter role ) , i am creating filter roles only . This is the confusion here ,

[389-devel] Re: [discuss] composable object types in lib389

2019-01-21 Thread William Brown
> On 21 Jan 2019, at 17:08, Anuj Borah wrote: > > One small correction here : > > using newly created nsUserAccountRole and nsUserAccountRoles ( Will be used > only to create filter role ) , i am creating filter roles only . This is the > confusion here , we should remember filter roles are

[389-devel] Re: [discuss] composable object types in lib389

2019-01-20 Thread Anuj Borah
One small correction here : using newly created nsUserAccountRole and nsUserAccountRoles ( Will be used only to create filter role ) , i am creating filter roles only . This is the confusion here , we should remember filter roles are nothing but entries with o='something'. I am not touching any

[389-devel] Re: [discuss] composable object types in lib389

2019-01-17 Thread William Brown
> On 17 Jan 2019, at 19:40, Ludwig Krispenz wrote: > > > Maybe I do not understand how it works because of some lib389 magic, but I > think this is not how roles work. > > You are creating cn=tuser1 and cn=Anju and they will have the role > objectclasses, but the benefit of roles is that

[389-devel] Re: [discuss] composable object types in lib389

2019-01-17 Thread Ludwig Krispenz
On 01/17/2019 09:57 AM, Anuj Borah wrote: Hay William. Here i am not using nsUserAccount in nsUserAccountRole as it requires 'uid' which is not allowed in nsFilteredRoleDefinition and nsRoleDefinition . Below are usages:

[389-devel] Re: [discuss] composable object types in lib389

2019-01-17 Thread Anuj Borah
Hay William. RDN = 'cn' class nsUserAccountRole(Account): def __init__(self, instance, dn=None): super(nsUserAccountRole, self).__init__(instance, dn) self._rdn_attribute = RDN self._create_objectclasses = [ 'top', 'LDAPsubentry',

[389-devel] Re: [discuss] composable object types in lib389

2019-01-14 Thread William Brown
> On 14 Jan 2019, at 19:28, Anuj Borah wrote: > > Hi William , > > Just find out a way to do it . This isn’t quite what I had in mind. Remember, we should be able to compose nsRole types to various other objects if required (despite my dislike of nsRoles …). We have

[389-devel] Re: [discuss] composable object types in lib389

2019-01-14 Thread Anuj Borah
Hi William , Just find out a way to do it . class UserAccountnsRole(Account): def __init__(self, instance, dn=None): super(UserAccountnsRole, self).__init__(instance, dn) self._rdn_attribute = RDN self._create_objectclasses = [ 'top',