mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
18a6ab356a
Problem: When some facet perform action which modifies data, some other facet may become expired. Example: User modifies group's description. Now group search facet contains old data and has to be refreshed. Solution: New event was added to facet: on_update. It should be executed when facet performs action which modifies data ie: details facet update or add entry to dnsrecord. Then entity policies were introduced. Entity policies are a objects which are stored in entity.policies. They have similar function as facet_policies - performing communications and other functionality between facets. This way facets don't have to contain such logic and thus they aren't dependant on each other. This patch adds IPA.facet_update_policy, IPA.adder_facet_update_policy, IPA.search_facet_update_policy, IPA.details_facet_update_policy. IPA.facet_update_policy: On facets_created it bind itself to [current entity].[source facet].[event]. Default event is on_update. When the event is executed it sets expiration flag to [dest entity].[dest facet]. IPA.search_facet_update_policy: IPA.facet_update_policy where source facet = search, dest facet = details, dest entity = current entity. Its a default policy for updatein changes from search facet to details facet. Right now it isn't needed but it will be needed when action lists come to play. IPA.details_facet_update_policy: same as IPA.search_facet_update_policy just reversed. Very important. IPA.adder_facet_update_policy: similar functionality, just source of the event is dialog. Default event is added (new event in entity_adder_dialog). Entity policies should be specified in entity's spec object. If none are specified a default ones are used. Default policies are: IPA.search_facet_update_policy and IPA.details_facet_update_policy. https://fedorahosted.org/freeipa/ticket/2075
IPA Server
What is it?
-----------
For efficiency, compliance and risk mitigation, organizations need to
centrally manage and correlate vital security information including:
* Identity (machine, user, virtual machines, groups, authentication
credentials)
* Policy (configuration settings, access control information)
* Audit (events, logs, analysis thereof)
Since these are not new problems. there exist many approaches and
products focused on addressing them. However, these tend to have the
following weaknesses:
* Focus on solving identity management across the enterprise has meant
less focus on policy and audit.
* Vendor focus on Web identity management problems has meant less well
developed solutions for central management of the Linux and Unix
world's vital security info. Organizations are forced to maintain
a hodgepodge of internal and proprietary solutions at high TCO.
* Proprietary security products don't easily provide access to the
vital security information they collect or manage. This makes it
difficult to synchronize and analyze effectively.
The Latest Version
------------------
Details of the latest version can be found on the IPA server project
page under <http://www.freeipa.org/>.
Documentation
-------------
The most up-to-date documentation can be found at
<http://freeipa.org/page/Documentation/>.
Quick Start
-----------
To get started quickly, start here:
<https://fedorahosted.org/freeipa/wiki/QuickStartGuide>
Licensing
---------
Please see the file called COPYING.
Contacts
--------
* If you want to be informed about new code releases, bug fixes,
security fixes, general news and information about the IPA server
subscribe to the freeipa-announce mailing list at
<https://www.redhat.com/mailman/listinfo/freeipa-interest/>.
* If you have a bug report please submit it at:
<https://bugzilla.redhat.com>
* If you want to participate in actively developing IPA please
subscribe to the freeipa-devel mailing list at
<https://www.redhat.com/mailman/listinfo/freeipa-devel/> or join
us in IRC at irc://irc.freenode.net/freeipa