[Freeipa-devel] [PATCH] 402 Add userClass attribute for hosts

Dmitri Pal dpal at redhat.com
Thu Apr 25 16:59:23 UTC 2013 

On 04/25/2013 09:54 AM, Martin Kosek wrote:
> On 04/25/2013 12:37 PM, Petr Viktorin wrote:
>> On 04/23/2013 10:10 AM, Martin Kosek wrote:
>>> This new freeform host attribute will allow provisioning systems
>>> to add custom tags for host objects which can be later used for
>>> in automember rules or for additional local interpretation.
>>>
>>> Design page:
>>> http://www.freeipa.org/page/V3/Integration_with_a_provisioning_systems
>>> Ticket: https://fedorahosted.org/freeipa/ticket/3583
>>>
>>> -----
>>>
>>> This is how it can be used:
>>>
>>> # ipa hostgroup-add webservers
>>> Description: web servers
>>> ----------------------------
>>> Added hostgroup "webservers"
>>> ----------------------------
>>>    Host-group: webservers
>>>    Description: web servers
>>>
>>> # ipa automember-add --type=hostgroup webservers
>>> ----------------------------------
>>> Added automember rule "webservers"
>>> ----------------------------------
>>>    Automember Rule: webservers
>>>
>>> # ipa automember-add-condition --key=userclass --type=hostgroup
>>> --inclusive-regex=^webserver webservers
>>> ----------------------------------
>>> Added condition(s) to "webservers"
>>> ----------------------------------
>>>    Automember Rule: webservers
>>>    Inclusive Regex: userclass=^webserver
>>> ----------------------------
>>> Number of conditions added 1
>>> ----------------------------
>>>
>>>
>>>
>>> # ipa host-add web.example.com --force --class=webserver
>>> --class=mailserver
>>> ----------------------------
>>> Added host "web.example.com"
>>> ----------------------------
>>>    Host name: web.example.com
>>>    Principal name: host/web.example.com at EXAMPLE.COM
>>>    Class: webserver, mailserver                    <<<<<<<<<<
>>>    Password: False
>>>    Member of host-groups: webservers               <<<<<<<<<<
>>>    Indirect Member of netgroup: webservers
>>>    Keytab: False
>>>    Managed by: web.example.com
>>>
>>>
>>> Martin
>>>
>>
>> I was surprised to find that host-show doesn't show it by default. Is
>> there a
>> reason to not put userclass in default_attributes?
>>
>> Please add a test.
>>
>
> Fixed. Updated patch attached.
>
> Martin
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel

Can we use this patch to create a HOWTO on how to add and LDAP attribute
to IPA?
Also we have, I suspect a lot of metadata about attributes encoded in
the framework, right?
Why can't we use some kind of the data file(s) for it? This way one can
add attributes dynamically and the framework would pick them up.
It is clear that it would have to be done on all replicas but still it
would not require people to change the code - only configuration. Have
we ever thought about this?

-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130425/e0e8ebd8/attachment.htm>

More information about the Freeipa-devel mailing list