[Freeipa-devel] Adding indices and permissions to FreeIPA
Martin Kosek
mkosek at redhat.com
Tue May 15 06:51:33 UTC 2012
On Tue, 2012-05-15 at 09:15 +0930, William Brown wrote:
> Hi,
>
>
> I am currently working on adding DHCP support, so that FreeIPA can
> control an ISC-DHCP server.
>
>
> As part of this, I need to add a number of indices to 389ds, as well
> as a number of permissions (ACIs) and groups to manage these.
>
>
> Is there a specific way to add these? Should they be added as part of
> the DHCP feature installation process, or should they be part of the
> base server install?
Hello William,
in FreeIPA there are 2 common ways to add indices to the DS:
1) LDIFs in the installation process (ipa-server-install)
You can see for example install/share/replica-s4u2proxy.ldif in our git
repo. In ipaserver/install/dsinstance.py shows how it is sent to LDAP.
2) LDAP update files that are used to update an already installed IPA
server when freeipa-server package is being updated. These update files
are created when there are changes to the LDIFs that were used in
standard IPA installation.
An example: install/updates/30-s4u2proxy.update
Since you are implementing a new feature that is not present on already
installed IPA servers, I think the best approach would be to implement
an install script "ipa-dhcp-install" (analogous to
install/tools/ipa-dns-install) which could be used to optionally install
this feature to running IPA server. This script would do all the needed
set up and add the necessary DS indices via LDIFs as I described in case
1).
HTH,
Martin
More information about the Freeipa-devel
mailing list