[Freeipa-devel] [RFE] List of IPA realm domains
Sumit Bose
sbose at redhat.com
Thu Feb 7 13:38:32 UTC 2013
On Thu, Feb 07, 2013 at 01:57:18PM +0100, Petr Spacek wrote:
> On 7.2.2013 13:38, Sumit Bose wrote:
> >On Wed, Feb 06, 2013 at 06:27:26PM +0100, Ana Krivokapic wrote:
> >>Hello,
> >>
> >>Below is a design page for ticket:
> >>https://fedorahosted.org/freeipa/ticket/2945.
> >>
> >>There are a couple of questions in the text.
> >
> >about 'Do we also need to check if the domain is accessible through
> >DNS?' I think it would be good to print a warning that no SOA or NS
> >record was found for the domain. But I think there might be cases where
> >the domain is added to the realmdomains first and then the DNS zone is
> >created. So my suggestion would be either
> >- not fail and print a warning or
> >- fail but allow to skip the check with a --force option.
> +1 for --force option
>
> I added questions about interaction with "ipa dnszone-add" to design document:
> http://www.freeipa.org/page/V3/Realm_Domains
>
> Should dnszone-del delete associatedDomain when whole DNS zone is being deleted?
I think no, because the related host and service objects will still be
available. E.g. the zone will be deleted because it will be managed by a
different DNS server of the hosts are still in IPA.
>
> Should dnszone-add offer an option to create associatedDomain
> attribute for the new zone?
yes, that would be useful. Although I think the hook suggested by Ana
during 'ipa host-add' is good, because at this stage the domain is
really used in the sense that there is a Kerberos principal with the
domain in it.
bye,
Sumit
>
> Petr^2 Spacek
>
> >I think you should discuss in 'Updates and Upgrades' if and how cn=Realm
> >Domains,cn=ipa,cn=etc,$SUFFIX is created during updates.
> >
> >bye,
> >Sumit
> >>
> >>Thoughts, comments welcome!
> >>
> >>http://www.freeipa.org/page/V3/Realm_Domains
>
> --
> Petr^2 Spacek
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
More information about the Freeipa-devel
mailing list