[389-devel] Instance discovery tools in lib389

William Brown william at blackhats.net.au
Thu Aug 6 04:54:21 UTC 2015 

Hi,

I have been working on lib389 recently to bring in a number of the tools I have
developed professionally into the project so that others can benefit from this.
As you may have seen I've already submitted a few patches related to this.

I've done some of the api changes needed, but now I would like to make it a bit
easier to add command line tools that can utilise lib389. 

I would like to add a "tools" directory to lib389 with a number of the cli tools
and helpers that I have written [1]. Is this the best location for these tools?
Some of them could arguably go into the main line 389ds codebase, but I want to
use lib389 to back them.

Second, with these tools I don't want them to be complex. For example, I would
like a tool that can show what attribute can be held by what objectClass. I
would want the calling syntax to be as easy as:

attribute_query.py -i <instance name> <attribute name>

In order to achieve this there are a few changes I want to make.

First, is that there is already a DirSrv.list() function. This works well to
list instances on the system, but it's missing the instance name, so I want to
add this to the dictionary that is returned.

Second, I want to make it possible to initialise the DirSrv object from an
instance directory returned by the list() function. Normally this is done
through the allocate() function to establish the details of the connection, at
the moment the instance function doesn't return enough data to support this.

Either, I can add in functionality to the list() function to return more data
about each instance, possibly enough to just take the result from list() and put
it in as allocate(args) and have a working connection. Alternately I write a new
allocate_from_instance() (or some other name ...?) function that is able to do
the discovery of the needed data, and then call allocate. 

Which would be the preferred method.

Comments and advice is appreciated. 


[1] The tools I want to add are:
* List all known system instances
* schema query tools (list of object classes, attributes, query which
objectclasses can take which attribute)
* aci testing and manipulation tools. For example, "does aci X do what I
suspect".
* aci inversion tool. convert != aci's into == aci's to help conversion to white
lists.
* Probably many more that I haven't thought of yet to help make administration
of a 389ds instance simpler. 

-- 
William Brown <william at blackhats.net.au>

More information about the 389-devel mailing list