On Apr 25, 2011, at 9:00 AM, Simo Sorce wrote: > On Mon, 2011-04-25 at 14:59 +0000, JR Aquino wrote: >> On Apr 25, 2011, at 6:43 AM, Simo Sorce wrote: >> >>> On Thu, 2011-04-21 at 23:28 +0000, JR Aquino wrote: >>>> Hmmm >>>> Both Private Groups and the Hostgroup -> Netgroup Managed Entries >>>> create objects in the container: >>>> cn=Managed Entries,cn=plugins,cn=config >>>> >>>> Each Ldif contains 2 ldap objects. One that lives in the main $SUFFIX, >>>> and one in the cn=config >>>> >>>> How will these be treated by replication and the multi masters? >>> >>> Only the common objects in the public suffix are replicated. >>> I think at some point we discussed that we should use a filter in the >>> private config entry made so that we could enable/disable the plugin by >>> simply making the filter result true/false. >>> Thus not ever touch the entries in cn=config but simply >>> "enable"/"disable" the functionality by (not)adding the appropriate >>> attributes to objects so that filters would (not) match. >>> >>> Simo. >> >> This tool works by toggling the originfilter: objectclass=disabled in order >> to turn off the plugin. > > But this is backwards, because originfilter is defined in the > configuration entry stored in cn=config > > Meaning as soon as you change it one server will behave differently from > the others until you go and change it on each and every server.
Finally able to revisit this Patch / Ticket: (To be used in conjunction with Patch 38) 25 Create Tool for Enabling/Disabling Managed Entry Plugins https://fedorahosted.org/freeipa/ticket/1181 Remove legacy ipa-host-net-manage Add ipa-managed-entries tool Add man page for ipa-managed-entries tool
_______________________________________________ Freeipa-devel mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-devel