Re: Any C coders want to help me with something?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, May 01, 2009 at 08:57:22AM -0500, Mike McGrath wrote:
> On Fri, 1 May 2009, Axel Thimm wrote:
> 
> > On Fri, May 01, 2009 at 02:54:08AM -0400, Ricky Zhou wrote:
> > > On 2009-05-01 09:11:11 AM, Axel Thimm wrote:
> > > > Maybe if someone gives some detail on why the LDAP setup looked like
> > > > too hacky we could find a better solution and use LDAP?
> >
> > > We were basically trying to use LDAP like a relational DB instead of a
> > > directory, so we were trying to force our entire sponsorship system to
> > > be totally contained in LDAP.  Looking back at this, the best approach
> > > with LDAP would probably have been a DB for sponsorship data, and LDAP
> > > for holding approved user/group data.  As I mentioned, I'd be interested
> > > in exploring this approach a bit more in the future.
> >
> > With details I mean something more like what exact bits where not
> > mapping naturally into some LDAP structure, existent or custom schema
> > made.
> >
> 
> Both ldap groups basically suggested to us to have 3 groups for each
> 'group'.  SO if you have a sysadmin group we'd have 'sysadmin'
> 'sysadmin-sponsors' and 'sysadmin-admins'.  Then we'd move people from
> one group to another.

Where is the information "*-vanilla" vs "*-sponsors" vs "*-admins"
needed? If nothing else outside of FAS needs it, then I'd simply add a
custom attribute. If you would need to export this information to say
filesystem ACLs to allow different access to sysadmin-sponsors and
sysadmin-admins, then you would have to split into these subgroups
anyway somewhere in the FAS -> filesystem ACLs process.

> Then there was the concept of marking who sponsored who in that group.  So
> if Axel joined the sysadmin group and I sponsored him in that group, that
> I be able to track that information.

That really sounds like a simple custom attribute, possibly not even
needed anywhere else outside of FAS scope.

> Those two requirements together make ldap a poor solution in our use
> case.

Why? Custom schemes are quite often found in LDAP world, and it is
really just two attributes you are adding to typical PosixAccounts.
-- 
Axel.Thimm at ATrpms.net

Attachment: pgpQRMAw6r4tn.pgp
Description: PGP signature

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux