[Freeipa-devel] [PATCH 0072] Provide ipa-client-advise tool

Alexander Bokovoy abokovoy at redhat.com
Wed Jun 19 18:56:56 UTC 2013 

On Wed, 19 Jun 2013, Rob Crittenden wrote:
>Tomas Babej wrote:
>>[big snip]
>>
>>Providing new version which should address mentioned issues:
>>   - advice plugins now inherit directly from Plugin, initial approach
>>via Method class was abandoned
>>   - new Namespace api.Advice collects all the advice plugins
>>   - tool renamed to ipa-advise to express a more general use case
>>
>>Additional improvements:
>>   - keywords are now generated out of Advice class's name, where
>>underscores are replaced by hyphens
>>   - rewritten the example plugin in the docs, and provided more
>>information there
>>   - instead of --setup option to provide configuration, ipa-advise
>>takes one positional argument
>>   - renamed to ipa-advise
>>
>>Concerns:
>>   - man page might need more improvements
>>
>>I'll craft a design page for plugin authors, might be useful, even if
>>the info is in the package docs.
>>
>>-----------------------------------------------
>>Here's a little preview:
>>
>>[tbabej at vm-001 ~]$ sudo ipa-advise fedora-authconfig
>>------------------------------------------------------------------------------------------------
>>
>>Authconfig instructions for configuring Fedora 18/19 client with IPA
>>server without use of SSSD.
>>------------------------------------------------------------------------------------------------
>>
>>/sbin/authconfig --enableldap --ldapserver=vm-001.idm.com
>>--enablerfc2307bis --enablekrb5
>>
>>[tbabej at vm-001 ~]$ sudo ipa-advise fedora-authconfig4
>>invalid 'setup': No instructions are available for 'fedora_authconfig4'.
>>See the list of available configuration advices using the --list option.
>>
>>[tbabej at vm-001 ~]$ sudo ipa-advise
>>-------------------------
>>List of available advices
>>-------------------------
>>     fedora-authconfig : Authconfig instructions for configuring Fedora
>>18/19 client with IPA server without use of SSSD.
>
>If it's just providing advise why does it need root access? Or is it 
>expected to provide advise based on current configuration?
Exactly. Getting ranges, configured trusts, etc. Not all of that
information may be available under non-privileged account, especially if
somebody would decide to plug in advices for backup or CA
handling/configuration of advanced features.


-- 
/ Alexander Bokovoy

More information about the Freeipa-devel mailing list