[Freeipa-devel] Re: things to be stored

[Rob Crittenden]

Rob Crittenden wrote:
> I could care less how the configuration is stored in LDAP, either as a 
> extensibleObject or with its own schema, but here is the stuff I need 
> stored somewhere:
> 
> userSearchFields, a list of attributes e.g. 
> uid,givenName,sn,telephoneNumber,ou,title
> 
> searchTimeLimit, an integer, e.g. 2
> 
> customFields, a set of tuple of the form (label, attribute, required). 
> All are strings. required is a boolean but will contain "true" or 
> "false". This needs to be extensible as at some point we'll add a 
> validator as well, and who knows what else, maybe things to limit field 
> length, min/max size, etc.
> 
> The current hardcoded version, in python, looks like:
> 
>         schema = [
>           { 'label': 'See Also',
>             'field': 'seeAlso',
>             'required': 'true', } ,
>           { 'label': 'O O O',
>             'field': 'o',
>             'required': 'false', } ,
>         ]
> 
> Another thing we need to think about is how I'll fetch this from the 
> server. Currently all requests to the server need to be authenticated 
> but it would probably be better performance-wise to grab this at startup 
> time. So should we allow unauthenticated requests to the XML-RPC 
> interface? Currently the whole thing requires SSL and kerberos.

Found some more things to store:

- root of home directory (e.g. /home, /u, /export1/home, whatever)
- default shell (going with /bin/bash by default)
- default group that new users are automatically added to (ipausers by 
default)

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20071113/3c7ef160/attachment.bin>