Re: [Freeipa-devel] FreeIPA Auto Membership CLI
On Jun 2, 2011, at 12:59 PM, Rob Crittenden wrote: > Dmitri Pal wrote: >> On 06/02/2011 11:39 AM, JR Aquino wrote: >>> I need feed back from the group regarding how we should present the output >>> for Clarity, the 389 Directory Server Auto Membership Plugin... >>> >>> Currently, the output looks like this: >>> >>> ---=== EXAMPLE ===--- >>> [root@auth2 ~]# ipa clarityrule-show testrule --all >>> dn: cn=testrule,cn=automember,cn=etc,dc=expertcity,dc=com >>> Clarity Rule: testrule >>> Membership filter: objectclass=ipaHost >>> Default Group: cn=orphans,cn=hostgroups,cn=accounts,dc=expertcity,dc=com >>> Inclusive Regex: >>> cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com::fqdn=^web[1-9]+.example.com, >>> >>> cn=mailservers,cn=hostgroups,cn=accounts,dc=example,dc=com::fqdn=^mail[1-9]+.example.com, >>> >>> cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com::fqdn=^www[1-9]+.example.com >>> Exclusive Regex: >>> cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com:blacklist >>> www5:fqdn=^www5\.example\.com >>> automembergroupingattr: member:dn >>> automemberscope: dc=expertcity,dc=com >>> objectclass: top, automemberdefinition >>> ---=== EXAMPLE ===--- >>> >>> Each rule in the definition object is broken down into 3 distinct parts: >>> Group to modify, Description, Attribute + Regular Expression to match. >>> >>> As time progresses it will be likely that these rules could get long and >>> visually unappealing. I would like to know how we might better represent >>> this info. >>> >>> Perhaps a breakout with indentation for each unique group defined in each >>> rule? >>> >>> ---===SUGGESTION===--- >>> [root@auth2 ~]# ipa clarityrule-show testrule --all >>> dn: cn=testrule,cn=automember,cn=etc,dc=expertcity,dc=com >>> Clarity Rule: testrule >>> Membership filter: objectclass=ipaHost >>> Default Group: cn=orphans,cn=hostgroups,cn=accounts,dc=expertcity,dc=com >>> Inclusive Regex: >>> cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com >>> FrontEnd: fqdn=^web[1-9]+.example.com, >>> MainSite: fqdn=^www[1-9]+.example.com >>> cn=mailservers,cn=hostgroups,cn=accounts,dc=example,dc=com >>> SMTP: fqdn=^mail[1-9]+.example.com, >>> Exclusive Regex: >>> cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com >>> blacklist: www5:fqdn=^www5\.example\.com >>> automembergroupingattr: member:dn >>> automemberscope: dc=expertcity,dc=com >>> objectclass: top, automemberdefinition >>> ---===SUGGESTION===--- >>> >> >> This presentation assumes that the description is not empty. >> In general case it is not true so I would suggest fixed labels even if >> the values would have duplicates. >> >> Group: cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com >> Description: >> Regex: fqdn=^web[1-9]+.example.com >> - >> Group: cn=mailservers,cn=hostgroups,cn=accounts,dc=example,dc=com >> Description: >> Regex: fqdn=^mail[1-9]+.example.com >> - >> Group: cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com >> Description: >> Regex: fqdn=^www[1-9]+.example.com >> - >> >> Keep the indent that you proposed, it looks OK with the indent. > > Just note that the code that does the rendering is extremely simplistic so > control over indention may require a fair bit of work. I think indention is > handled via nesting, so returning data as lists of lists may do the trick. Excellent! That is really good to know! I was worried I'd have to override output_for_cli() I'll repost once I have the suggested layout implemented. Thanks guys! > > That or you are going to have to override output_for_cli() and do all the > output manually but that should be a last resort. > > rob > > ___ > Freeipa-devel mailing list > Freeipa-devel@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] FreeIPA Auto Membership CLI
On 06/02/2011 03:59 PM, Rob Crittenden wrote: > Dmitri Pal wrote: >> On 06/02/2011 11:39 AM, JR Aquino wrote: >>> I need feed back from the group regarding how we should present the >>> output for Clarity, the 389 Directory Server Auto Membership Plugin... >>> >>> Currently, the output looks like this: >>> >>> ---=== EXAMPLE ===--- >>> [root@auth2 ~]# ipa clarityrule-show testrule --all >>>dn: cn=testrule,cn=automember,cn=etc,dc=expertcity,dc=com >>>Clarity Rule: testrule >>>Membership filter: objectclass=ipaHost >>>Default Group: >>> cn=orphans,cn=hostgroups,cn=accounts,dc=expertcity,dc=com >>>Inclusive Regex: >>> cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com::fqdn=^web[1-9]+.example.com, >>> cn=mailservers,cn=hostgroups,cn=accounts,dc=example,dc=com::fqdn=^mail[1-9]+.example.com, >>> >>> >>> cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com::fqdn=^www[1-9]+.example.com >>>Exclusive Regex: >>> cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com:blacklist >>> www5:fqdn=^www5\.example\.com >>>automembergroupingattr: member:dn >>>automemberscope: dc=expertcity,dc=com >>>objectclass: top, automemberdefinition >>> ---=== EXAMPLE ===--- >>> >>> Each rule in the definition object is broken down into 3 distinct >>> parts: Group to modify, Description, Attribute + Regular Expression >>> to match. >>> >>> As time progresses it will be likely that these rules could get long >>> and visually unappealing. I would like to know how we might better >>> represent this info. >>> >>> Perhaps a breakout with indentation for each unique group defined in >>> each rule? >>> >>> ---===SUGGESTION===--- >>> [root@auth2 ~]# ipa clarityrule-show testrule --all >>>dn: cn=testrule,cn=automember,cn=etc,dc=expertcity,dc=com >>>Clarity Rule: testrule >>>Membership filter: objectclass=ipaHost >>>Default Group: >>> cn=orphans,cn=hostgroups,cn=accounts,dc=expertcity,dc=com >>>Inclusive Regex: >>> cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com >>> FrontEnd: fqdn=^web[1-9]+.example.com, >>> MainSite: fqdn=^www[1-9]+.example.com >>> cn=mailservers,cn=hostgroups,cn=accounts,dc=example,dc=com >>> SMTP: fqdn=^mail[1-9]+.example.com, >>>Exclusive Regex: >>> cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com >>> blacklist: www5:fqdn=^www5\.example\.com >>>automembergroupingattr: member:dn >>>automemberscope: dc=expertcity,dc=com >>>objectclass: top, automemberdefinition >>> ---===SUGGESTION===--- >>> >> >> This presentation assumes that the description is not empty. >> In general case it is not true so I would suggest fixed labels even if >> the values would have duplicates. >> >>Group: cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com >>Description: >>Regex: fqdn=^web[1-9]+.example.com >>- >>Group: cn=mailservers,cn=hostgroups,cn=accounts,dc=example,dc=com >>Description: >>Regex: fqdn=^mail[1-9]+.example.com >>- >>Group: cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com >>Description: >>Regex: fqdn=^www[1-9]+.example.com >>- >> >> Keep the indent that you proposed, it looks OK with the indent. > > Just note that the code that does the rendering is extremely > simplistic so control over indention may require a fair bit of work. I > think indention is handled via nesting, so returning data as lists of > lists may do the trick. > > That or you are going to have to override output_for_cli() and do all > the output manually but that should be a last resort. Yeah, please do not make it more complex than needed. Creating a nested list and letting it render is probably the right approach. > > rob > > ___ > Freeipa-devel mailing list > Freeipa-devel@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel > > -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] FreeIPA Auto Membership CLI
Dmitri Pal wrote: On 06/02/2011 11:39 AM, JR Aquino wrote: I need feed back from the group regarding how we should present the output for Clarity, the 389 Directory Server Auto Membership Plugin... Currently, the output looks like this: ---=== EXAMPLE ===--- [root@auth2 ~]# ipa clarityrule-show testrule --all dn: cn=testrule,cn=automember,cn=etc,dc=expertcity,dc=com Clarity Rule: testrule Membership filter: objectclass=ipaHost Default Group: cn=orphans,cn=hostgroups,cn=accounts,dc=expertcity,dc=com Inclusive Regex: cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com::fqdn=^web[1-9]+.example.com, cn=mailservers,cn=hostgroups,cn=accounts,dc=example,dc=com::fqdn=^mail[1-9]+.example.com, cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com::fqdn=^www[1-9]+.example.com Exclusive Regex: cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com:blacklist www5:fqdn=^www5\.example\.com automembergroupingattr: member:dn automemberscope: dc=expertcity,dc=com objectclass: top, automemberdefinition ---=== EXAMPLE ===--- Each rule in the definition object is broken down into 3 distinct parts: Group to modify, Description, Attribute + Regular Expression to match. As time progresses it will be likely that these rules could get long and visually unappealing. I would like to know how we might better represent this info. Perhaps a breakout with indentation for each unique group defined in each rule? ---===SUGGESTION===--- [root@auth2 ~]# ipa clarityrule-show testrule --all dn: cn=testrule,cn=automember,cn=etc,dc=expertcity,dc=com Clarity Rule: testrule Membership filter: objectclass=ipaHost Default Group: cn=orphans,cn=hostgroups,cn=accounts,dc=expertcity,dc=com Inclusive Regex: cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com FrontEnd: fqdn=^web[1-9]+.example.com, MainSite: fqdn=^www[1-9]+.example.com cn=mailservers,cn=hostgroups,cn=accounts,dc=example,dc=com SMTP: fqdn=^mail[1-9]+.example.com, Exclusive Regex: cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com blacklist: www5:fqdn=^www5\.example\.com automembergroupingattr: member:dn automemberscope: dc=expertcity,dc=com objectclass: top, automemberdefinition ---===SUGGESTION===--- This presentation assumes that the description is not empty. In general case it is not true so I would suggest fixed labels even if the values would have duplicates. Group: cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com Description: Regex: fqdn=^web[1-9]+.example.com - Group: cn=mailservers,cn=hostgroups,cn=accounts,dc=example,dc=com Description: Regex: fqdn=^mail[1-9]+.example.com - Group: cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com Description: Regex: fqdn=^www[1-9]+.example.com - Keep the indent that you proposed, it looks OK with the indent. Just note that the code that does the rendering is extremely simplistic so control over indention may require a fair bit of work. I think indention is handled via nesting, so returning data as lists of lists may do the trick. That or you are going to have to override output_for_cli() and do all the output manually but that should be a last resort. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] FreeIPA Auto Membership CLI
On 06/02/2011 11:39 AM, JR Aquino wrote: > I need feed back from the group regarding how we should present the output > for Clarity, the 389 Directory Server Auto Membership Plugin... > > Currently, the output looks like this: > > ---=== EXAMPLE ===--- > [root@auth2 ~]# ipa clarityrule-show testrule --all > dn: cn=testrule,cn=automember,cn=etc,dc=expertcity,dc=com > Clarity Rule: testrule > Membership filter: objectclass=ipaHost > Default Group: cn=orphans,cn=hostgroups,cn=accounts,dc=expertcity,dc=com > Inclusive Regex: > cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com::fqdn=^web[1-9]+.example.com, > > cn=mailservers,cn=hostgroups,cn=accounts,dc=example,dc=com::fqdn=^mail[1-9]+.example.com, > > cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com::fqdn=^www[1-9]+.example.com > Exclusive Regex: > cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com:blacklist > www5:fqdn=^www5\.example\.com > automembergroupingattr: member:dn > automemberscope: dc=expertcity,dc=com > objectclass: top, automemberdefinition > ---=== EXAMPLE ===--- > > Each rule in the definition object is broken down into 3 distinct parts: > Group to modify, Description, Attribute + Regular Expression to match. > > As time progresses it will be likely that these rules could get long and > visually unappealing. I would like to know how we might better represent > this info. > > Perhaps a breakout with indentation for each unique group defined in each > rule? > > ---===SUGGESTION===--- > [root@auth2 ~]# ipa clarityrule-show testrule --all > dn: cn=testrule,cn=automember,cn=etc,dc=expertcity,dc=com > Clarity Rule: testrule > Membership filter: objectclass=ipaHost > Default Group: cn=orphans,cn=hostgroups,cn=accounts,dc=expertcity,dc=com > Inclusive Regex: > cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com > FrontEnd: fqdn=^web[1-9]+.example.com, > MainSite: fqdn=^www[1-9]+.example.com > cn=mailservers,cn=hostgroups,cn=accounts,dc=example,dc=com > SMTP: fqdn=^mail[1-9]+.example.com, > Exclusive Regex: > cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com > blacklist: www5:fqdn=^www5\.example\.com > automembergroupingattr: member:dn > automemberscope: dc=expertcity,dc=com > objectclass: top, automemberdefinition > ---===SUGGESTION===--- > This presentation assumes that the description is not empty. In general case it is not true so I would suggest fixed labels even if the values would have duplicates. Group: cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com Description: Regex: fqdn=^web[1-9]+.example.com - Group: cn=mailservers,cn=hostgroups,cn=accounts,dc=example,dc=com Description: Regex: fqdn=^mail[1-9]+.example.com - Group: cn=webservers,cn=hostgroups,cn=accounts,dc=example,dc=com Description: Regex: fqdn=^www[1-9]+.example.com - Keep the indent that you proposed, it looks OK with the indent. > Using these rules, the Auto Membership Plugin monitors for insertions into > the LDAP directory matching the Membership Filter; In this example, > objectclass=ipaHost > > The object matching the filter is then compared against the exclusive rules > to make sure there is not a marker which indicates the object should NOT be a > member of a given group. > > Then the object is compared against the inclusive rules to determine if there > is a match. > If there is a match, the object is added to the group defined in the matching > rule. > If all rules are exhausted, the object is optionally added to the group > defined by the Default Group attribute of the Definition. > > You can view the design document here for more details on the how the rules > are represented within the raw directory. > http://directory.fedoraproject.org/wiki/Auto_Membership_Design > > > ~ > Jr Aquino, GCIH | Information Security Specialist > Citrix Online | 7408 Hollister Avenue | Goleta, CA 93117 > T: +1 805.690.3478 > jr.aqu...@citrixonline.com > http://www.citrixonline.com > > > ___ > Freeipa-devel mailing list > Freeipa-devel@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel > > -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
