Re: [Freeipa-devel] expanding the LDAP tree

John Dennis wrote:
I would like to add a new branch to our LDAP tree to store radius configuration information and I thought I would sanity check where I expect it belongs and how to add it. Yes/No/Comments welcome.

I think the appropriate place is just under the suffix in a node called 'services' then each service can add their name below it and their data below that. For example:

dn: cn=radius,cn=services,$SUFFIX
dn: cn=clients,cn=radius,cn=services,$SUFFIX

Sound reasonable?

I also presume bootstrap-template.ldif is the place to create these, right?

I also presume we would want to set an Admin Write ACL on cn=services,$SUFFIX and Read ACS on each of it's children limited to the service and admin.

Sounds good.


