On 10/19/2011 03:14 PM, Sigbjorn Lie wrote:
> Has there been given any thought to the concept of sites within IPA to
> improve cross-site implementations? This should be easy to implement
> as you are already using DNS SRV records to locate the ldap/kerberos
> Site: Boston
> Site: London
> Create a subdomain of the IPA dns domain named _sites, and a subdomain
> of _sites for each site.
> Boston._sites.ipa.domain.com would contain the srv entries for IPA
> servers in Boston:
> _ldap._tcp in srv 0 100 389 boston-ipa-server1
> _ldap._tcp in srv 0 100 389 boston-ipa-server2
> London._sites.ipa.domain.com would contain the srv entries for IPA
> serers in London:
> _ldap._tcp in srv 0 100 389 london-ipa-server1
> _ldap._tcp in srv 0 100 389 london-ipa-server2
> Now point the client's DNS "search" entry to point to the local site
> first, then search the full name space:
> Boston client's /etc/resolv.conf:
> search Boston._sites.ipa.domain.com ipa.domain.com
> London client's /etc/resolv.conf:
> search London._sites.ipa.domain.com ipa.domain.com
> The main ipa.domain.com could still contain srv records for all IPA
> servers, or selected IPA servers at the central hub.
> I know I can do this manually within the DNS managment in IPA today,
> however it would be a lot easier to maintain "Sites" within the IPA
> webui/cli. *blink* ;)
> What's your thoughts on this?
Please file an RFE in BZ.
> Freeipa-users mailing list
Sr. Engineering Manager IPA project,
Red Hat Inc.
Looking to carve out IT costs?
Freeipa-users mailing list