[Freeipa-devel] [PATCH] radius work, please review
Simo Sorce
ssorce at redhat.com
Thu Nov 29 23:56:18 UTC 2007
On Thu, 2007-11-29 at 18:21 -0500, John Dennis wrote:
> Simo Sorce wrote:
> > On Thu, 2007-11-29 at 13:00 -0500, John Dennis wrote:
> >> bootstrap-template.ldif: adds radius clients and profiles
> >> containers
> >> under cn=services,cn=etc
> >
> > Replying just to this right now.
> > It seem you are going to have quite some data there, I think it may be
> > more appropriate to have your own cn=radius tree, and put that stuff
> > there, like we do with the kerberos stuff under cn=kerberos
>
> Argh, it is under it's own radius tree, the above was a cut-n-paste
> error on my part when I wrote the email, it is cn=radius,cn=services,cn=etc.
I mean s/,cn=services,cn=etc//
> > cn=etc is meant to be the place where you put the system configuration
> > data, not the systems applications data.
>
> Well, I had wanted to do this (from a previous email of mine):
>
> > > I think the appropriate place is just under the suffix in a node
> > > called 'services' then each service can add their name below it and
> > > their data below that. For example:
> > >
> > > dn: cn=radius,cn=services,$SUFFIX
> > > dn: cn=clients,cn=radius,cn=services,$SUFFIX
Not sure we really need to prefix radius with services, but this is
better, yes.
> But then Pete Rowley wrote in his review:
>
> > I think cn=services should be in cn=etc
>
> so that's what I did, maybe Pete didn't understand this was service
> data, not configuration data.
Yes I think Pete thought you were talking about the service
configuration not the service data.
> I guess the kerberos data landed in:
>
> dn: cn=kerberos,$SUFFIX
Most of it, not all, Kerberos data is in each user and service entry as
well, and will be in every computer entry too.
> I would argue (as I suggested above) it should be instead be located
> under services and not as a child of the root, e.g.:
>
> dn: cn=kerberos,cn=services,$SUFFIX
Kerberos is so fundamental it deserves it's own container.
> But that's me wanting to use tree structure, which I guess is out of
> fashion :-)
No, trees are ok, I love nature :-P
Seriously though, a tree structure is ok, but not to be abused.
Simo.
Simo.
--
| Simo S Sorce |
| Sr.Soft.Eng. |
| Red Hat, Inc |
| New York, NY |
More information about the Freeipa-devel
mailing list