Hello list,

I realized one general problem we have with user interfaces for IPA & default values for various configuration options.

Let me use DNS dynamic update as an example:
- We have "built-in" default configuration (disabled)
- We have "global" configuration object (ipaDnsConfig)
- We have "per-object" configuration (in each DNS zone)

IMHO user interface would be more usable if user can *see* which value is effective for particular service (and more generally any other object).

At the moment, command "ipa dnszone-show example.com" will not show "dynamic update" value if it is not configured in the zone itself.

[root@ipa1 ~]# ipa dnszone-show example.com
  Zone name: example.com
  Authoritative nameserver: ipa1.example.com.
  Administrator e-mail address: hostmaster.example.com.
  SOA serial: 1360583295
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  Active zone: TRUE
  Allow query: any;
  Allow transfer: none;

# No "Dynamic update" value is shown above ...

$ ipa dnsconfig-show
[root@ipa1 ~]# ipa dnsconfig-show
Global DNS configuration is empty

What is the built-in default? It is in bind-dyndb-ldap documentation ...

It is hard to debug things when you can't *see* effective value. IMHO it would be good to add lines like:
  Dynamic update: FALSE (inherited built-in default)
  Dynamic update: FALSE (inherited global configuration)

+ some graphical representation of same thing to WebUI.

Exactly same problem applies to PAC type for each service etc, so some general solution would be nice.

Microsoft has something called "Resultant Set of Policy" for this purpose.

Petr^2 Spacek

Freeipa-devel mailing list

Reply via email to