[Freeipa-devel] [PATCH] radius work, please review

Simo Sorce ssorce at redhat.com
Thu Nov 29 23:56:18 UTC 2007 

On Thu, 2007-11-29 at 18:21 -0500, John Dennis wrote:
> Simo Sorce wrote:
> > On Thu, 2007-11-29 at 13:00 -0500, John Dennis wrote:
> >>    bootstrap-template.ldif: adds radius clients and profiles
> >> containers
> >>    under cn=services,cn=etc
> > 
> > Replying just to this right now.
> > It seem you are going to have quite some data there, I think it may be
> > more appropriate to have your own cn=radius tree, and put that stuff
> > there, like we do with the kerberos stuff under cn=kerberos
> 
> Argh, it is under it's own radius tree, the above was a cut-n-paste 
> error on my part when I wrote the email, it is cn=radius,cn=services,cn=etc.

I mean s/,cn=services,cn=etc// 

> > cn=etc is meant to be the place where you put the system configuration
> > data, not the systems applications data.
> 
> Well, I had wanted to do this (from a previous email of mine):
> 
>  > > I think the appropriate place is just under the suffix in a node
>  > > called 'services' then each service can add their name below it and
>  > > their data below that. For example:
>  > >
>  > > dn: cn=radius,cn=services,$SUFFIX
>  > > dn: cn=clients,cn=radius,cn=services,$SUFFIX

Not sure we really need to prefix radius with services, but this is
better, yes.

> But then Pete Rowley wrote in his review:
> 
>  > I think cn=services should be in cn=etc
> 
> so that's what I did, maybe Pete didn't understand this was service 
> data, not configuration data.

Yes I think Pete thought you were talking about the service
configuration not the service data.

> I guess the kerberos data landed in:
> 
> dn: cn=kerberos,$SUFFIX

Most of it, not all, Kerberos data is in each user and service entry as
well, and will be in every computer entry too.

> I would argue (as I suggested above) it should be instead be located 
> under services and not as a child of the root, e.g.:
> 
> dn: cn=kerberos,cn=services,$SUFFIX

Kerberos is so fundamental it deserves it's own container.

> But that's me wanting to use tree structure, which I guess is out of 
> fashion :-)

No, trees are ok, I love nature :-P

Seriously though, a tree structure is ok, but not to be abused.

Simo.

Simo.

-- 
| Simo S Sorce |
| Sr.Soft.Eng. |
| Red Hat, Inc |
| New York, NY |

More information about the Freeipa-devel mailing list