On 10/14/2014 02:39 PM, Simo Sorce wrote:
On Tue, 14 Oct 2014 10:12:24 +0200
Ludwig Krispenz <lkris...@redhat.com> wrote:
ok for me, I was just straightforward reading cn=config to get
cn=config info, but I like the idea to do it via rootdse.
we have to expose the suffix(es) controlled by the topology plugin
and the entry point for the shared config info.
I was thinking in rootDSE we'd expose just if the feature was available.
For IPA that would suffice, for generic 389ds then you'd have top look
at configuration to find DNs.
I am not sure exposing DNs directly from rootDSE is necessary.
I had two cases in mind, which I think would apply to IPA.
- in an IPA installation in many scenarios you two suffixes:
"dc=.....,dc=com" and "o=ipaca". It could be possible to use the plugin
to manage "dc=.." only. Or do you say it's all or nothing ?
If there is a choice, client utilities need to be able to find out which
suffix is managed.
- even in an ipa installation nobody prevents an admin to add other
backends to the directory server for other usage, so you might have
"dc=example,dc=com"
"dc=test,dc=com"
"dc=anotherbackend,dc=com"
"o=ipaca"
in which suffix is the shared topology data ? should we query each
suffix to see if something useful is returned ?
Simo.
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel