I realized one general problem we have with user interfaces for IPA & default
values for various configuration options.
Let me use DNS dynamic update as an example:
- We have "built-in" default configuration (disabled)
- We have "global" configuration object (ipaDnsConfig)
- We have "per-object" configuration (in each DNS zone)
IMHO user interface would be more usable if user can *see* which value is
effective for particular service (and more generally any other object).
At the moment, command "ipa dnszone-show example.com" will not show "dynamic
update" value if it is not configured in the zone itself.
[root@ipa1 ~]# ipa dnszone-show example.com
Zone name: example.com
Authoritative nameserver: ipa1.example.com.
Administrator e-mail address: hostmaster.example.com.
SOA serial: 1360583295
SOA refresh: 3600
SOA retry: 900
SOA expire: 1209600
SOA minimum: 3600
Active zone: TRUE
Allow query: any;
Allow transfer: none;
# No "Dynamic update" value is shown above ...
$ ipa dnsconfig-show
[root@ipa1 ~]# ipa dnsconfig-show
Global DNS configuration is empty
What is the built-in default? It is in bind-dyndb-ldap documentation ...
It is hard to debug things when you can't *see* effective value. IMHO it would
be good to add lines like:
Dynamic update: FALSE (inherited built-in default)
Dynamic update: FALSE (inherited global configuration)
+ some graphical representation of same thing to WebUI.
Exactly same problem applies to PAC type for each service etc, so some general
solution would be nice.
Microsoft has something called "Resultant Set of Policy" for this purpose.
Freeipa-devel mailing list