[Freeipa-devel] [PATCH] configure bind+ldap driver
Simo Sorce
ssorce at redhat.com
Mon Jun 29 20:42:14 UTC 2009
On Mon, 2009-06-29 at 14:20 -0400, Rob Crittenden wrote:
> Simo Sorce wrote:
> > This creates also role/task groups to authorize the ldap driver to
> > perform DNS updates using its service principal.
> > Does not support yet installing replicas.
> >
> > Simo.
> >
>
> What is the rationale for creating the delegation entries via ldif
> rather than an update? I seem to recall a chicken-and-egg problem.
>
> Can we create just the structural portions via the ldif and leave the
> taskgroups and rolegroups as updates?
It was the first thing I tried but didn't work.
We need the groups to exist before the various *instance(0 classes are
run so that group memberships can be added.
In the case of bind I need to put the service in the right
role/taskgroup, and I was thinking of doing something similar for other
cases.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list