www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Henning Schmiedehausen <henn...@schmiedehausen.org>
Subject Re: CLAs and LDAP
Date Sun, 07 Dec 2008 20:02:41 GMT
On Sat, 2008-12-06 at 15:09 +0200, Graham Leggett wrote:
> Paul Querna wrote:
> > In the ldap schema, we likely need some way to mark someone as having a 
> > CLA or not.
> > 
> > We have a couple ASF members, who have never contributed code before, so 
> > while they would be in the ASF members group, they have not signed a CLA 
> > -- and therefore should _not_ have access to the public svn code areas.
> > 
> > Maybe having a CLA is just another group?
> There are two approaches you can take with this.
> The first is to add an attribute to the person's object, probably with 
> something sensible in it like the URL of the CLA. The catch is that you 
> need to add something to the schema for this.
> The second is to create a group representing people with CLAs on file as 
> you suggested. This doesn't require any schema change.

The first one restricts you to having a "CLA attribute". Which means,
when we need a new thing, you need to add another attribute and another
and another. 

The second one restricts you on how to organize the tree.

What you *want* is a custom object class representing the CLA, e.g.
"CLAPerson". This contains all required attributes (e.g. "CLA on file"
as a boolean and "scannedCLA" as a binary attribute) and if a person is
eligible to a CLA, you just add it to its object classes. Make claOnFile
mandatory and scannedCLA optional and you are good to go.

And if you look for all the CLA holders, you do a query on

At least that is my understanding on how LDAP should be used.


Dipl.-Inf. (Univ.) Henning P. Schmiedehausen       -- Java, J2EE, Linux
Mail: henning@schmiedehausen.org    -- Consultant, Architect, Developer
Web:  http://henning.schmiedehausen.org/

View raw message