[Freeipa-devel] automount in LDAP

[Simo Sorce]

On Fri, 2008-11-07 at 20:35 -0500, Dmitri Pal wrote:

> > Determining the location of the client is indeed only a precondition to
> > determine which services to use. Depending on the service you want to
> > use, policies on which server is appropriate to contact may vary.
> >
> > Simo.
> >
> >   
> I would say they are two independent things: which server to connect and 
> which policies to get.

I think you misunderstood my comment, I will try to rephrase.

Depending on what kind of service (not server) you want to connect to
(ldap, nfs, http, ssh, ftp, mysql, voip, imap, smtp, ....) the admins
may decide that different servers are the ones you should connect to,
depending on which location your machine is located.

If you are in Europe and there are servers in Madrid, Berlin, London
that offer nfs and imap, admins may have a policy (not in the sense of
IPA policies, I mean company policy) for which nfs is always going to be
served from the server in Madrid, while imap can be served either from
London or Berlin, whichever is closest to you.

So for this decision to happen, location is just a precondition, further
configuration directives are needed to determine what should be the
client preferences. (For some services this will be done through DNS
discovery, while in some cases an IPA policy might override DNS
mechanisms).

(I am willfully completely ignoring the fact that currently most Linux
apps cannot dynamically change their configuration this way, but IPA
components should move toward this goal).

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York