On 06/07/11 05:32, William Schumann wrote:
Dave, Doug Leavitt, Frank, et al,
Doug, does it offer any substantial benefit to allow the user to
configure all of DNS+NIS+LDAP (as opposed to only DNS+NIS and DNS+LDAP
discussed below)?
No. In fact we don't technically support DNS+NIS+LDAP at the same time
because the configuration
management is generally too hard. For instance both NIS and LDAP
require setting nis/domain.
And their usage is often different. with NIS nis/domain (specifically
SI_SET_SRPC_DOMAIN) is used
as the domainname using with bind to find to. At sun that was often
based on
local subnet domains (aka mpklabs.sfbay.sun.com). While in LDAP it is
directly related to the
LDAP base DN (at sun it was sun.com or sfbay.sun.com aka
dc=sfbay,dc=sun.dc=com) on the
same mpklabs.sfbay.sun.com subdomain. So in Sun's case they could not
be combined without
first restructuring all of NIS on SWAN.
I believe the admin guide specifically states that we currently don't
support configurations like this.
Side note:
Technically the code does work, and technically we do test this each
time nss2 is run in PIT/DIYPIT
but, it has never been supported because the administration tools
(ldapclient, ypinti etc.) are not
up to the task.
The duckwater project was going to try to clean this up, but it never
saw the light of day.
In the phase 2 work for nss2smf work I would like us to fix some of the
issues (such as decoupling
ldap/client and fixing it so that it does not have dependency on
nis/domain). Thats why I chose
nis/domain to be nis/domain and not naming/domain etc. LDAP use of
SI_SET_SRPC_DOMAIN
is IMO a flaw stemming back to Solaris8/9.
So for now we only support files/dns/etc and one of either NIS or LDAP
at a time.
On 06/ 3/11 05:22 PM, Dave Miner wrote:
On 06/ 3/11 04:44 AM, William Schumann wrote:
In order to provide more than one name service in the text
installer/SCI
tool, proposing modifications to the UI. Please review and comment on
this rough draft.
Change name service selection screen, (which presently allows the user
to choose only one among DNS, LDAP, NIS, or None):
offer check boxes instead of a single selection. The user will be
subsequently prompted for configuration of whichever name services were
checked.
It's not clear that a DNS+NIS+LDAP is required, or even sensible.
I'd like Doug and the naming team's feedback there. DNS+NIS or
DNS+LDAP is known to be useful, which is what I'd suggested initially.
The intent of offering the checkbox list was not to expressly include
support for DNS+NIS+LDAP, nor was it disregarding your initial
suggestion, but it seems cleaner from a UI standpoint to have the user
check the desired services and later be prompted for information
related to that service, while allowing detailed source definition.
Closer to your suggestion, consider this modification to the proposal:
Modify the Name Service selection screen as follows:
-------------------------
Name Service
Configure DNS?
Yes (default)
No
Configure a name service from the list below:
None (default)
LDAP
NIS
---------------------
Navigation for a text-based UI may be an issue here: if the user
wants DNS + LDAP or NIS, what sequence must be typed to effect this
(without accidentally disabling DNS, that is)? tab, down-arrow? These
could be separated on different screens for clarity.
None/NIS/LDAP should be "pick one of". See above.
Add another screen after all name service-specific prompting for the
user to enter name service sources, per nsswitch.conf(4).
I'm not a fan of adding this screen. I don't want to be in the
business of full customization/management of nameservices, we provide
initial setup only because it's often necessary to get the system to
operate reasonably correctly.
OK
If we're going to do anything with nsswitch, I'd consider just
prompting for a profile URL rather than the default profile that will
be applied based on the previous selection.
This sounds nice. It does, however, rely upon networking to be up and
could not be effected by SCI tool directly.
Consider the following sources for svc:network/name-service-switch,
adapted from an earlier suggestion from Dave (either not displayed to
user, or perhaps included on summary screen):
for LDAP + DNS:
default: files dns
printers: user files ldap
for LDAP + DNS
default: files ldap
host: files dns
printer: user files ldap
for NIS + DNS
default: files dns
printers: user files nis
Similarly for DNS + NIS
default: files nis
host: files dns
printer: user files nis
Doug.
Thank you,
William
_______________________________________________
caiman-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/caiman-discuss
