Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-dbus-interfaces / a58489312b9bd804500fbee13c3259f2c92a4b17^! / . / xyz / openbmc_project / User / PrivilegeMapper.interface.yaml
commita58489312b9bd804500fbee13c3259f2c92a4b17[log] [tgz]
authorTom Joseph <tomjoseph@in.ibm.com>Sun Sep 30 16:00:54 2018 +0530
committerTom Joseph <tomjoseph@in.ibm.com>Thu Oct 04 15:36:45 2018 +0530
treef8bc6f8e24bd62a3d2d8598c4df9a0a73c5ff56d
parentbf21cfa8640c968a5e825b141866b858118fb1a1 [diff] [blame]
Modify the PrivilegeMapperEntry interface

The object path for the privilege mapper cannot have LDAP group name
in the path name. The D-Bus object path should only contain the ASCII
characters [A-Z][a-z][0-9]_. According to RFC 2253, the LDAP group name
can have additional special characters. A unique identifier is added to
the D-Bus object path and the group name is a property of the privilege
mapper.

Change-Id: If1c511bee7a492887eb45e7ce00fdfc55e98c073
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>

diff --git a/xyz/openbmc_project/User/PrivilegeMapper.interface.yaml b/xyz/openbmc_project/User/PrivilegeMapper.interface.yaml
index 5b4f511..aac9fc0 100644
--- a/xyz/openbmc_project/User/PrivilegeMapper.interface.yaml
+++ b/xyz/openbmc_project/User/PrivilegeMapper.interface.yaml

@@ -3,11 +3,17 @@
     group name. The users in the group will inherit the privilege mapping of
     the group. The Create method on success creates the object which implements
     xyz.openbmc_project.User.PrivilegeMapperEntry. For example in the case of
-    LDAP, the object path will be /xyz/openbmc_project/user/ldap/<GroupName>.
-    If the privilege mapping already exists then it throws the exception
+    LDAP, the object path will be
+    /xyz/openbmc_project/user/ldap/privilege_mapper/<id>. The <id> will be
+    a unique number generated by the application. If the privilege mapping
+    already exists then it throws the exception
     xyz.openbmc_project.User.Common.Error.PrivilegeMappingExists. To modify the
     privilege for a mapping which already exists, the Privilege property in the
     xyz.openbmc_project.User.PrivilegeMapperEntry interface needs to be set.
+    Any application consuming the privilege mapping should not cache the object
+    path and use the GetManagedObjects method on the
+    org.freedesktop.DBus.ObjectManager interface to figure out the D-Bus object
+    path associated with the group name.
 
 methods:
     - name: Create
@@ -18,8 +24,7 @@
           type: string
           description: >
               Group Name to which the privilege is to be assigned. In the case
-              of LDAP, the GroupName will be the LDAP group the user is part
-              of.
+              of LDAP, the GroupName will be the LDAP group the user is part of.
         - name: Privilege
           type: string
           description: >
@@ -31,7 +36,7 @@
               https://github.com/openbmc/docs/blob/master/user_management.md
       returns:
         - name: Path
-          type: string
+          type: path
           description: >
             The path for the created privilege mapping object.