[Freeipa-devel] [PATCH] ldif and acis for config
Simo Sorce
ssorce at redhat.com
Tue Oct 23 15:04:54 UTC 2007
On Tue, 2007-10-23 at 07:38 -0700, Pete Rowley wrote:
> Kevin McCarthy wrote:
> > Simo Sorce wrote:
> >
> >> On Mon, 2007-10-22 at 14:08 -0700, Kevin McCarthy wrote:
> >>
> >>> This is a proposal for config entries. I've created a global and
> >>> local entry. The idea (which will be coded next) is to read the
> >>> global entry first, then overwrite with values in local (if any).
> >>> So each ipa "node" could tweek independently.
> >>>
> >> but cn=etc is replicated globally in all its contents now ... maybe
> >> you can have a container with the server own name to do non-global
> >> conf, but just using "local" on all nodes is not going to help you :)
> >>
> >>
> >>> Also, I've currently created anonymous access to the config entries.
> >>> I'd ideally like to cache the config at startup, or maybe first hit.
> >>>
> >> Is there a reason why? Who is going to be the consumer ?
> >>
> >
> > Pete mentioned it as an idea, but didn't really "bake" how it should be.
> > That's why I threw this out though, to get some ideas/feedback.
> >
> >
> cn=local should be an unreplicated backend.
No, it would make management of many servers more difficult as then you
have to contact each IPA Server, both to check what are the settings and
to change them.
It would be a non-starter.
Keeping a container named after the server resolves the problem and
keeps stuff easily manageable and audit-able.
Simo.
More information about the Freeipa-devel
mailing list