[Freeipa-devel] [PATCH] 25 Create Tool for Enabling Disabling Managed Entry
Dmitri Pal
dpal at redhat.com
Mon Apr 25 16:12:26 UTC 2011
On 04/25/2011 12:00 PM, Simo Sorce wrote:
> On Mon, 2011-04-25 at 14:59 +0000, JR Aquino wrote:
>> On Apr 25, 2011, at 6:43 AM, Simo Sorce wrote:
>>
>>> On Thu, 2011-04-21 at 23:28 +0000, JR Aquino wrote:
>>>> Hmmm
>>>> Both Private Groups and the Hostgroup -> Netgroup Managed Entries
>>>> create objects in the container:
>>>> cn=Managed Entries,cn=plugins,cn=config
>>>>
>>>> Each Ldif contains 2 ldap objects. One that lives in the main $SUFFIX,
>>>> and one in the cn=config
>>>>
>>>> How will these be treated by replication and the multi masters?
>>> Only the common objects in the public suffix are replicated.
>>> I think at some point we discussed that we should use a filter in the
>>> private config entry made so that we could enable/disable the plugin by
>>> simply making the filter result true/false.
>>> Thus not ever touch the entries in cn=config but simply
>>> "enable"/"disable" the functionality by (not)adding the appropriate
>>> attributes to objects so that filters would (not) match.
>>>
>>> Simo.
>> This tool works by toggling the originfilter: objectclass=disabled in order to turn off the plugin.
> But this is backwards, because originfilter is defined in the
> configuration entry stored in cn=config
>
> Meaning as soon as you change it one server will behave differently from
> the others until you go and change it on each and every server.
>
> Simo.
>
This is a problem with the place where we store the configuration since
it is not replicated. But I am concerned about moving it to some other
place.
Any ideas of what would be a "proper" solution to make the change affect
all replicas?
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-devel
mailing list