directory-fortress mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vyacheslav Vakhlyuev <vvakhly...@mirantis.com>
Subject Re: [Apache Fortress] [FC-144] Questions on implementation of Role-to-Group relationship
Date Sun, 28 Aug 2016 18:53:00 GMT
Hi Sean, folks,

I've created an initial implementation of the functionality described in
this thread.
At the moment I pushed it to my forked copy of the main repo there:
https://github.com/vvakhlyuev-work/directory-fortress-core/commit/098f0a37b69be2cf76fa8d6e23ef3d250ccf58fc
Could you please review it and provide a feedback?

There's still more work to do: add REST managers, update console managers,
add new unit-tests etc., but I want to make sure that I'm on the right way.
Thank you in advance!

On Tue, Aug 23, 2016 at 3:22 PM, Shawn McKinney <smckinney@apache.org>
wrote:

>
> > On Aug 23, 2016, at 6:52 AM, Vyacheslav Vakhlyuev <
> vvakhlyuev@mirantis.com> wrote:
> >
> >> "Now that I think more, the userroles may need boolean isGroup field, in
> >> addition to session, so that it is clear the value in userid field maps
> to
> >> group name."
> >
> > Wouldn't this confuse clients-side programmers? Would it be a good idea
> to
> > rename it to "memberId" and introduce a switch?
> >
>
> Yes it is confusing.  The name of the entity class userroles, is as well.
> Let’s think about it a bit more, we’ll figure something out.
>
> >
> > On Aug 23, 2016, at 6:52 AM, Vyacheslav Vakhlyuev <
> vvakhlyuev@mirantis.com> wrote:
> >
> >
> > "I don’t think we have to modify the ldap schema at all.  The current
> group
> >> object class should work.  Again it will contains role dn’s instead of
> user
> >> dn’s.  The only question in my mind is should we add a new container,
> i.e.
> >> ou=rolegroups.  I am leaning towards ‘yes’."
> >
> > I'm not quite clear why we might need this container. Could you please
> > explain? I.e. we still should be able to search for Role groups in groups
> > container by filtering with memberId and type attributes.
>
> The new container, i.e. ou=rolegroups, isn’t strictly needed.  It could
> reside alongside the user groups under the ou=groups container and be
> filtered just as you say.  The separation would be for clarity.
>
> >
> > On Aug 23, 2016, at 6:52 AM, Vyacheslav Vakhlyuev <
> vvakhlyuev@mirantis.com> wrote:
> >
> > "You will want to get comfortable running the junit tests.  Any new
> methods
> >> will need tests to verify their functionality.  Will mirantis be
> >> contributing this code?"
> >
> > I will definitely cover new code with tests. Also, I was trying to assign
> > https://issues.apache.org/jira/browse/FC-144 to myself, but it seems
> that I
> > don't have permissions.
>
> Vyacheslav you have been added as a contributor of this project (in JIRA)
> and the ticket has been assigned to you.  Welcome aboard!
>
> Shawn




-- 
Kind Regards,
Vyacheslav Vakhlyuev
Software Engineer
Mirantis, Inc
www.mirantis.com
Skype: vahluev.vyacheslav

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message