Hello,

On 21.5.2014 13:31, Davis Goodman wrote:
ldapsearch -D "cn=Directory Manager” -W -LLL -x -b
cn=ipa-ldap-delegation,cn=s4u2proxy,cn=etc,dc=ddistrict,dc=int""


Please note that domain shadowing/hijacking/name collisions are *strongly* discouraged.

You *should not* use domain names you don't own. (According to
http://www.iana.org/cgi-bin/intreg/intreg.pl
domain name 'ddistrict.int' is not registered. Policy for .int registration is on http://www.iana.org/domains/int/policy)

It will cause problems with DNSSEC and it also prevents you from accessing resources on Internet under the colliding name.


I guess that you want to have an internal sub-tree in DNS.
The recommended practice is to use sub-domain of your public (properly registered) domain. E.g.:

'int.digital-district.ca'
or even shorter
'i.digital-district.ca'

I hope this will help you to avoid serious problems in the future.

Have a nice day!

--
Petr^2 Spacek

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to