[Freeipa-devel] [PATCH] ldif and acis for config

Kevin McCarthy kmccarth at redhat.com
Wed Oct 24 15:16:42 UTC 2007 

Simo Sorce wrote:
> On Tue, 2007-10-23 at 15:21 -0700, Kevin McCarthy wrote:
> >   dn=name=yi,.....,dc=freeipa,dc=org
> >   objectClass=???
> >   name=er
> >   value=san
> >   comment=chinese numbers are fun
> 
> This way of handling things have huge problems.
> 
> 1. No way to control the attribute value syntax.
> 2. No way to search all options with a single query on an object
> 3. Uncontrollable proliferation of objects
> 4. impossible to validate syntax of both attribute names and values
> 
> Can you list exactly what you would like to set in conf options for real
> so that we can evaluate why you are asking for this kind of schema?

Sure, some of the values we want to store were in the patch starting
this thread:

userSearchFields: uid,givenName,sn,telephoneNumber,ou,title
searchTimeLimit: 2
maxUidLength: 8
passwordExpireNotifyDays: 7

I'm sure there will be others.

The idea was just to take miscellaneous configs from webgui code out of
the code and into an externally modifiable place.

However, if it's that big of a headache I'm inclined to just leave them
in the code!  :-)

In all seriousness, I think you and Pete need to chat and work out
something with Rob.  I think it will take a bit more time to think this
through and I'm not sure it's worth it for Milestone 5 or V1.

-Kevin

> 
> > You raised some excellent points though - about local vs global, and
> > policy vs gui config values.  I don't think either Rob or have a good
> > idea how to design that.  We're looking to Pete/you for input as to a
> > good hierarchy for that.  So the second question is, where exactly
> > should we put the webgui entries in the hierarchy?  Should we even
> > worry
> > about global/local for now?
> 
> Yes we should, things can't be easily changed later, but the hierarchy
> thing is not a real problem just make your code configurable so that you
> can pass an arbitrary base dn.
> I am more worried about your request to be free from a schema.
> 
> Simo.
> 
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4054 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20071024/d265f30e/attachment.bin>

More information about the Freeipa-devel mailing list