[Freeipa-devel] [PATCH] 25 Create Tool for Enabling Disabling Managed Entry
Simo Sorce
ssorce at redhat.com
Mon Apr 25 17:32:34 UTC 2011
On Mon, 2011-04-25 at 12:12 -0400, Dmitri Pal wrote:
> This is a problem with the place where we store the configuration
> since
> it is not replicated. But I am concerned about moving it to some other
> place.
> Any ideas of what would be a "proper" solution to make the change
> affect
> all replicas?
In order to avoid changing all plugins I am thinking we might create a
cn=plugin subtree under the shared cn=etc tree.
And have a new IPA plugin monitor it.
This plugin will act on any change done to this tree and copy any change
to the non-shared cn=config tree in order to reconfigure plugins.
This still leaves open the fact that someone may change directly what's
in cn=config instead of modifying the shared subtree.
Not sure how to cope with that best. One way could be to immediately
reset back the values to what's in the shared tree, but this means
intercepting also changes to cn=config.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list