[Freeipa-devel] user interfaces & default values = problem
Petr Spacek
pspacek at redhat.com
Mon Feb 11 11:57:16 UTC 2013
Hello list,
I realized one general problem we have with user interfaces for IPA & default
values for various configuration options.
Let me use DNS dynamic update as an example:
- We have "built-in" default configuration (disabled)
- We have "global" configuration object (ipaDnsConfig)
- We have "per-object" configuration (in each DNS zone)
IMHO user interface would be more usable if user can *see* which value is
effective for particular service (and more generally any other object).
At the moment, command "ipa dnszone-show example.com" will not show "dynamic
update" value if it is not configured in the zone itself.
E.g.
[root at ipa1 ~]# ipa dnszone-show example.com
Zone name: example.com
Authoritative nameserver: ipa1.example.com.
Administrator e-mail address: hostmaster.example.com.
SOA serial: 1360583295
SOA refresh: 3600
SOA retry: 900
SOA expire: 1209600
SOA minimum: 3600
Active zone: TRUE
Allow query: any;
Allow transfer: none;
# No "Dynamic update" value is shown above ...
$ ipa dnsconfig-show
[root at ipa1 ~]# ipa dnsconfig-show
---------------------------------
Global DNS configuration is empty
---------------------------------
What is the built-in default? It is in bind-dyndb-ldap documentation ...
It is hard to debug things when you can't *see* effective value. IMHO it would
be good to add lines like:
Dynamic update: FALSE (inherited built-in default)
and
Dynamic update: FALSE (inherited global configuration)
+ some graphical representation of same thing to WebUI.
Exactly same problem applies to PAC type for each service etc, so some general
solution would be nice.
Microsoft has something called "Resultant Set of Policy" for this purpose.
--
Petr^2 Spacek
More information about the Freeipa-devel
mailing list