On Wed, 2011-10-19 at 15:24 -0400, Dmitri Pal wrote:
> On 10/19/2011 03:14 PM, Sigbjorn Lie wrote:
> > Hi,
> >
> > Has there been given any thought to the concept of sites within IPA to
> > improve cross-site implementations? This should be easy to implement
> > as you are already using DNS SRV records to locate the ldap/kerberos
> > servers.
> >
> > E.g.
> > Site: Boston
> > Site: London
> >
> >
> > Create a subdomain of the IPA dns domain named _sites, and a subdomain
> > of _sites for each site.
> >
> > Boston._sites.ipa.domain.com would contain the srv entries for IPA
> > servers in Boston:
> > _ldap._tcp        in    srv    0 100 389 boston-ipa-server1
> > _ldap._tcp        in    srv    0 100 389 boston-ipa-server2
> > .....
> >
> > London._sites.ipa.domain.com would contain the srv entries for IPA
> > serers in London:
> > _ldap._tcp        in    srv    0 100 389 london-ipa-server1
> > _ldap._tcp        in    srv    0 100 389 london-ipa-server2
> > ....
> >
> > Now point the client's DNS "search" entry to point to the local site
> > first, then search the full name space:
> > Boston client's /etc/resolv.conf:
> > search Boston._sites.ipa.domain.com ipa.domain.com
> >
> > London client's /etc/resolv.conf:
> > search London._sites.ipa.domain.com ipa.domain.com
> >
> >
> > The main ipa.domain.com could still contain srv records for all IPA
> > servers, or selected IPA servers at the central hub.
> >
> > I know I can do this manually within the DNS managment in IPA today,
> > however it would be a lot easier to maintain "Sites" within the IPA
> > webui/cli. *blink* ;)
> >
> > What's your thoughts on this?
> >
> >
> >
> Please file an RFE in BZ.

Please take a look at this document before filing any bz:
http://freeipa.org/page/DNS_Location_Discovery

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to