On Fri, 16 Sep 2011, Simo Sorce wrote:
> As a proof of concept sounds nice, but as is this would be bad, as
> changes to /etc/ipa/server.conf are not replicated through all masters.
> So a change on one server would require manual synchronization to all
> others or users create from one server will trigger something while
> users create through another will trigger something else.
> Also the issue is that this script is run as the apache user so you'd
> have to give that user access as root (passwordless private ssh key ?
> For things like this I think we should provide a more sophisticated
> mechanism in many ways, maybe we should discuss on freeipa-devel
Sure. I only wanted to show how large is amount of work to hook
something in. You can treat my POC as means to provoke discussion. :)
/ Alexander Bokovoy
Freeipa-users mailing list