[Freeipa-devel] [RFC] Creating a new plugin to make it simpler to add users via LDAP
Simo Sorce
simo at redhat.com
Wed Feb 13 16:34:28 UTC 2013
On Wed, 2013-02-13 at 16:12 +0100, Petr Viktorin wrote:
> Our own post-callback assumes the user is already in LDAP, and who
> knows what user-supplied callbacks will do. Keep in mind IPA is
> plugable; at least for outside plugins' sake (if not our own sanity's)
> we should keep the number of code paths to a minimum.
True which is why my proposal is to not use the standard user-add RPC
call, but have a separate one.
This separate call would only call the core business logic to create the
user account add operation, but none of the external plumbing.
Ideally we spit the framework flow like this:
Normal user -> Real user-add --- . . . . . . . . . --- LDAP add
\ /
-- common logic --
/ \
389ds plugin -> Mock user-add -- . . . . . . . . . --- json reply
custom plugins should be called in the custom logic an operate on the
object before the ADD is attempted.
If we do it this way then most of the code path will be in common which
is what we want, and only the mechanical operation of adding the actual
object to ldap will be different.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list