Re: [Freeipa-devel] Adding indices and permissions to FreeIPA
On Wed, 2012-05-16 at 20:21 +0930, William Brown wrote: On 16/05/12 19:50, Petr Viktorin wrote: On 05/16/2012 12:13 PM, William Brown wrote: Hi, do you have a public repo you are pushing your work to ? It would be nice to have early access so we can check your implementation is in line with FreeIPA. It will allow your contribution to get in more easily if we can comment early on around schema, DIT and other behavior you need to implement. I haven't had much time to focus on this so far, So I only have a limited amount of work completed. It has mainly been learning the FreeIPA code, adding some skeleton files, and working out the schema. //snip As a workaround, Bitbucket seems to work: https://bitbucket.org/encukou/freeipa https://bitbucket.org/Firstyear/freeipa-dhcp I have pushed what I currently have into this repository. Happy to recieve comments. I probably won't get a lot of time to work on this in the next few days, but I plan to put some time into it on the weekend. Your repository is private, please go to its Admin section and make it public: https://bitbucket.org/Firstyear/freeipa-dhcp/admin I could have sworn I marked it public earlier. Fixed now. I will take a look soon, however please do never do merges, please always rebase on top of master and force push. (see git rebase -i and git push -f) Also if you can split commits in small patches for each functionality you'll make our life much easier. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] Adding indices and permissions to FreeIPA
On Tue, 2012-05-15 at 09:15 +0930, William Brown wrote: Hi, I am currently working on adding DHCP support, so that FreeIPA can control an ISC-DHCP server. As part of this, I need to add a number of indices to 389ds, as well as a number of permissions (ACIs) and groups to manage these. Is there a specific way to add these? Should they be added as part of the DHCP feature installation process, or should they be part of the base server install? Hello William, in FreeIPA there are 2 common ways to add indices to the DS: 1) LDIFs in the installation process (ipa-server-install) You can see for example install/share/replica-s4u2proxy.ldif in our git repo. In ipaserver/install/dsinstance.py shows how it is sent to LDAP. 2) LDAP update files that are used to update an already installed IPA server when freeipa-server package is being updated. These update files are created when there are changes to the LDIFs that were used in standard IPA installation. An example: install/updates/30-s4u2proxy.update Since you are implementing a new feature that is not present on already installed IPA servers, I think the best approach would be to implement an install script ipa-dhcp-install (analogous to install/tools/ipa-dns-install) which could be used to optionally install this feature to running IPA server. This script would do all the needed set up and add the necessary DS indices via LDIFs as I described in case 1). HTH, Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] Adding indices and permissions to FreeIPA
On 15/05/12 16:21, Martin Kosek wrote: I think the best approach would be to implement an install script ipa-dhcp-install (analogous to install/tools/ipa-dns-install) which could be used to optionally install this feature to running IPA server. This script would do all the needed set up and add the necessary DS indices via LDIFs as I described in case 1). I have already created this script, and was planning to do as you say. I'll add the index creations into this, and just make note of this. Additionally, would you use the same approach for adding aci's and groups into cn=pbac for this feature? -- Sincerely, William Brown pgp.mit.edu http://pgp.mit.edu:11371/pks/lookup?op=vindexsearch=0x3C0AC6DAB2F928A2 signature.asc Description: OpenPGP digital signature ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] Adding indices and permissions to FreeIPA
On Tue, 2012-05-15 at 16:37 +0930, William Brown wrote: On 15/05/12 16:21, Martin Kosek wrote: I think the best approach would be to implement an install script ipa-dhcp-install (analogous to install/tools/ipa-dns-install) which could be used to optionally install this feature to running IPA server. This script would do all the needed set up and add the necessary DS indices via LDIFs as I described in case 1). I have already created this script, and was planning to do as you say. I'll add the index creations into this, and just make note of this. Great! Additionally, would you use the same approach for adding aci's and groups into cn=pbac for this feature? I would. ipa-dns-install takes the same approach in install/share/dns.ldif. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] Adding indices and permissions to FreeIPA
Hi, I am currently working on adding DHCP support, so that FreeIPA can control an ISC-DHCP server. As part of this, I need to add a number of indices to 389ds, as well as a number of permissions (ACIs) and groups to manage these. Is there a specific way to add these? Should they be added as part of the DHCP feature installation process, or should they be part of the base server install? Sincerely, William Brown pgp.mit.edu http://pgp.mit.edu:11371/pks/lookup?op=vindexsearch=0x3C0AC6DAB2F928A2 signature.asc Description: Message signed with OpenPGP using GPGMail ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel