[Freeipa-devel] [PATCH] Initial Radius Work
Simo Sorce
ssorce at redhat.com
Sun Nov 4 01:10:32 UTC 2007
On Sat, 2007-11-03 at 16:15 -0400, John Dennis wrote:
> Simo Sorce wrote:
> > On Sat, 2007-11-03 at 13:59 -0400, John Dennis wrote:
> >> + # FIXME: ldap_server should be derived, not hardcoded to
> >> localhost, also should it be a URL?
> >> + radius.create_instance(realm_name, host_name, 'localhost')
> >> +
> >
> > If at all possible, you should let ldap libraries use DNS discovery to
> > find the ldap server, and not force one on them. this will allow
> > automatic fallback eventually. Unells we want to tie a radiuserver to
> > the local master for some other reasons, in which case you must use
> > gethostname as you need the hostname of the server to get the right
> > kerberos ticket.
> >
>
> Sure, makes sense, but let me ask this then:
>
> The mechanism for discovery is IPADiscovery right? But, but that is used
> in an client, the code you called out is in a server install, albeit
> towards the end, will IPADiscovery work correctly this early on. e.g.
> before the server install completes?
No need ldap libraries can use DNS discovery by themselves as long as
you do not provide a specific server name (AFAIK).
> Also, if you look at funcs.py you'll see this:
>
> class IPAServer:
>
> def __init__(self):
> global _LDAPPool
> # FIXME, this needs to be auto-discovered
> self.host = 'localhost'
> self.port = 389
>
> Should that be using IPADiscovery?
It might just use dnsclient.py to search for the SRV record pointed to
by the _ldap._tcp.<domain name> DNS record, the whole IPADiscovery do a
lot of checks that are not necessary for normal use.
Simo.
More information about the Freeipa-devel
mailing list