On Apr 25, 2011, at 9:00 AM, Simo Sorce wrote:

> On Mon, 2011-04-25 at 14:59 +0000, JR Aquino wrote:
>> On Apr 25, 2011, at 6:43 AM, Simo Sorce wrote:
>>> On Thu, 2011-04-21 at 23:28 +0000, JR Aquino wrote:
>>>> Hmmm
>>>> Both Private Groups and the Hostgroup -> Netgroup Managed Entries
>>>> create objects in the container:
>>>> cn=Managed Entries,cn=plugins,cn=config
>>>> Each Ldif contains 2 ldap objects. One that lives in the main $SUFFIX,
>>>> and one in the cn=config
>>>> How will these be treated by replication and the multi masters?
>>> Only the common objects in the public suffix are replicated.
>>> I think at some point we discussed that we should use a filter in the
>>> private config entry made so that we could enable/disable the plugin by
>>> simply making the filter result true/false.
>>> Thus not ever touch the entries in cn=config but simply
>>> "enable"/"disable" the functionality by (not)adding the appropriate
>>> attributes to objects so that filters would (not) match.
>>> Simo.
>> This tool works by toggling the originfilter: objectclass=disabled in order 
>> to turn off the plugin.
> But this is backwards, because originfilter is defined in the
> configuration entry stored in cn=config
> Meaning as soon as you change it one server will behave differently from
> the others until you go and change it on each and every server.

Finally able to revisit this Patch / Ticket:
(To be used in conjunction with Patch 38)

25 Create Tool for Enabling/Disabling Managed Entry
Plugins https://fedorahosted.org/freeipa/ticket/1181

Remove legacy ipa-host-net-manage
Add ipa-managed-entries tool
Add man page for ipa-managed-entries tool

Attachment: binnZSMRerxG0.bin
Description: freeipa-jraquino-0025-Create-Tool-for-Enabling-Disabling-Managed-Entries.patch

Freeipa-devel mailing list

Reply via email to