[Freeipa-devel] [PATCH] Add new env variables. 'container_dns' for DNS plugin, 'use_ldap2' for new LDAP backend debugging.
Martin Nagy
mnagy at redhat.com
Tue Apr 21 14:57:52 UTC 2009
On Tue, 21 Apr 2009 10:35:54 -0400, Rob Crittenden
<rcritten at redhat.com> wrote:
> Martin Nagy wrote:
> > On Tue, 21 Apr 2009 10:21:17 -0400, Rob Crittenden
> > <rcritten at redhat.com> wrote:
> >
> >> Martin Nagy wrote:
> >>> On Tue, 21 Apr 2009 10:02:07 -0400, Rob Crittenden
> >>> <rcritten at redhat.com> wrote:
> >>>
> >>>> Pavel Zuna wrote:
> >>>>> container_dns is required by the DNS plugin (currently being
> >>>>> reviewed).
> >>>>>
> >>>>> use_ldap2 is for testing purposes: just a temporary and should
> >>>>> be deleted after we switch completely to the new LDAP backend.
> >>>>>
> >>>>> Pavel
> >>>>>
> >>>> What will be stored in cn=dns? I haven't seen the plugin.
> >>> DNS records for the bind LDAP plug-in.
> >>>
> >> Ok, maybe this has been discussed before and I've forgotten, but
> >> is there going to be any linkage between DNS host entries and
> >> cn=hosts? Should any referential integrity be done? It is quite a
> >> rat hole if we start down that path.
> >
> > IIRC we (me, Simo and Dmitri) agreed that there won't be any
> > linkage. At best, we could provide a link from one to the other in
> > the Web UI, but that's not necessary at all. Everything under
> > cn=dns will be used by the DNS server, so there might actually be
> > records that IPA has no idea about. It's basically just a
> > replacement for flat zone files.
> >
> > Martin
>
> Ok, we can always add that in the future too.
>
> So in v1 when creating principals we would do a DNS lookup to ensure
> that the host existed. Is it safe to say that this can be replaced
> with an internal lookup for the host or should we stick with DNS?
Let's stick with DNS. We want to be able to support external DNS
servers.
Martin
More information about the Freeipa-devel
mailing list