On Wed, 2011-10-19 at 15:24 -0400, Dmitri Pal wrote: > On 10/19/2011 03:14 PM, Sigbjorn Lie wrote: > > Hi, > > > > Has there been given any thought to the concept of sites within IPA to > > improve cross-site implementations? This should be easy to implement > > as you are already using DNS SRV records to locate the ldap/kerberos > > servers. > > > > E.g. > > Site: Boston > > Site: London > > > > > > Create a subdomain of the IPA dns domain named _sites, and a subdomain > > of _sites for each site. > > > > Boston._sites.ipa.domain.com would contain the srv entries for IPA > > servers in Boston: > > _ldap._tcp in srv 0 100 389 boston-ipa-server1 > > _ldap._tcp in srv 0 100 389 boston-ipa-server2 > > ..... > > > > London._sites.ipa.domain.com would contain the srv entries for IPA > > serers in London: > > _ldap._tcp in srv 0 100 389 london-ipa-server1 > > _ldap._tcp in srv 0 100 389 london-ipa-server2 > > .... > > > > Now point the client's DNS "search" entry to point to the local site > > first, then search the full name space: > > Boston client's /etc/resolv.conf: > > search Boston._sites.ipa.domain.com ipa.domain.com > > > > London client's /etc/resolv.conf: > > search London._sites.ipa.domain.com ipa.domain.com > > > > > > The main ipa.domain.com could still contain srv records for all IPA > > servers, or selected IPA servers at the central hub. > > > > I know I can do this manually within the DNS managment in IPA today, > > however it would be a lot easier to maintain "Sites" within the IPA > > webui/cli. *blink* ;) > > > > What's your thoughts on this? > > > > > > > Please file an RFE in BZ.
Please take a look at this document before filing any bz: http://freeipa.org/page/DNS_Location_Discovery Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
