[Freeipa-users] The concept of sites...
Simo Sorce
simo at redhat.com
Wed Oct 19 19:27:07 UTC 2011
On Wed, 2011-10-19 at 15:24 -0400, Dmitri Pal wrote:
> On 10/19/2011 03:14 PM, Sigbjorn Lie wrote:
> > Hi,
> >
> > Has there been given any thought to the concept of sites within IPA to
> > improve cross-site implementations? This should be easy to implement
> > as you are already using DNS SRV records to locate the ldap/kerberos
> > servers.
> >
> > E.g.
> > Site: Boston
> > Site: London
> >
> >
> > Create a subdomain of the IPA dns domain named _sites, and a subdomain
> > of _sites for each site.
> >
> > Boston._sites.ipa.domain.com would contain the srv entries for IPA
> > servers in Boston:
> > _ldap._tcp in srv 0 100 389 boston-ipa-server1
> > _ldap._tcp in srv 0 100 389 boston-ipa-server2
> > .....
> >
> > London._sites.ipa.domain.com would contain the srv entries for IPA
> > serers in London:
> > _ldap._tcp in srv 0 100 389 london-ipa-server1
> > _ldap._tcp in srv 0 100 389 london-ipa-server2
> > ....
> >
> > Now point the client's DNS "search" entry to point to the local site
> > first, then search the full name space:
> > Boston client's /etc/resolv.conf:
> > search Boston._sites.ipa.domain.com ipa.domain.com
> >
> > London client's /etc/resolv.conf:
> > search London._sites.ipa.domain.com ipa.domain.com
> >
> >
> > The main ipa.domain.com could still contain srv records for all IPA
> > servers, or selected IPA servers at the central hub.
> >
> > I know I can do this manually within the DNS managment in IPA today,
> > however it would be a lot easier to maintain "Sites" within the IPA
> > webui/cli. *blink* ;)
> >
> > What's your thoughts on this?
> >
> >
> >
> Please file an RFE in BZ.
Please take a look at this document before filing any bz:
http://freeipa.org/page/DNS_Location_Discovery
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list