[Fedora-directory-users] Proposed new features for 1.3

[Andrey Ivanov]

>
>
>>    One of the drawbacks of groups is that they do not apply to the
>>    sub-tree - makes it difficult in general to replicate them.
>>     Roles/CoS are scoped along with the data they apply to, so they
>>    go along with replication quite easily.
>>
>> Yep.You're talking about the drawbacks concerning the difficulty of the
>> code development.  But for us the sub-tree application that was an essential
>> limitation of Roles - we couldn't use it to make the same thing as memberof,
>> that's why i was looking forward eagerly for the memberof  plugin...
>>
> Do you want to do something like this
> dc=example,dc=com
> +ou=people
> +ou=roles
> ++cn=my role
>
> And have cn=my role be a role that applies to users under ou=people?  e.g.
> by adding a roleSubtree: ou=people,dc=example,dc=com to the role definition?

Yes. An attribute like that is already a good step forward that would permit
to organise the roles in the way that is independent of the sub-trees to
which they are applied.


For example, automatic generation of a virtual attribute describing the
> location (or type) of the person by applying regex to his/her
> telephoneNumber (first n digits). But then again you are right about
> indexing and filters with these attributes... Another example: in our
> production environment we have a "ou" attribute containing the DNs of the
> units where the person belongs. It would be nice to convert it automatically
> to an attribute "displayOu" with slashes instead of ",ou=":
>
> ou: ou=lpp,ou=lab,ou=dgar,ou=dg,ou=organisation,dc=example,dc=com
> displayOu: LPP/LAB/DGAR/DG
>
> Today we are using scripts. This type of attribute conversion can easily be
> made inside an application if you write it internally, otherwise one needs
> to add this type of "converted" attributes...
>
Ok.  So something like CoS, but with a couple of additional attributes:
> cosDestinationAttribute - grab the value from cosAttribute, but write to
> this attribute instead
> cosRegex - apply this regex to the value e.g.
> cosAttribute: ou
> cosDestinationAttribute: displayOu
> cosRegex: s|ou=(\S)+,ou=(\S)+,ou=(\S+),ou=(\S+)|\1/\2/\3/\4/|

Yes, something like that.


>
>
> It would be difficult to create indexes on these (e.g. if you wanted to do
> searches like (displayOu=LPP/*)

Exactly. That why i have told that it is not a high-order priority for us
but it would be a nice feature in one of the future versions...


>
> Something like that would be useful for posix homeDirectory too
> cosAttribute: uid
> cosDestinationAttribute: homeDirectory
> cosRegex: s,(.+),/home/\1,
>
yes, in our production environment we often need attributes that are
generated automatically from other ones...

Thank you for taking your time to understand our needs and to formalize the
requests! :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20090416/459c2811/attachment.html>