On 04/25/2011 12:00 PM, Simo Sorce wrote:
> On Mon, 2011-04-25 at 14:59 +0000, JR Aquino wrote:
>> On Apr 25, 2011, at 6:43 AM, Simo Sorce wrote:
>>> On Thu, 2011-04-21 at 23:28 +0000, JR Aquino wrote:
>>>> Both Private Groups and the Hostgroup -> Netgroup Managed Entries
>>>> create objects in the container:
>>>> cn=Managed Entries,cn=plugins,cn=config
>>>> Each Ldif contains 2 ldap objects. One that lives in the main $SUFFIX,
>>>> and one in the cn=config
>>>> How will these be treated by replication and the multi masters?
>>> Only the common objects in the public suffix are replicated.
>>> I think at some point we discussed that we should use a filter in the
>>> private config entry made so that we could enable/disable the plugin by
>>> simply making the filter result true/false.
>>> Thus not ever touch the entries in cn=config but simply
>>> "enable"/"disable" the functionality by (not)adding the appropriate
>>> attributes to objects so that filters would (not) match.
>> This tool works by toggling the originfilter: objectclass=disabled in order
>> to turn off the plugin.
> But this is backwards, because originfilter is defined in the
> configuration entry stored in cn=config
> Meaning as soon as you change it one server will behave differently from
> the others until you go and change it on each and every server.
This is a problem with the place where we store the configuration since
it is not replicated. But I am concerned about moving it to some other
Any ideas of what would be a "proper" solution to make the change affect
Sr. Engineering Manager IPA project,
Red Hat Inc.
Looking to carve out IT costs?
Freeipa-devel mailing list