[Freeipa-devel] More types of replica in FreeIPA
Ondrej Hamada
ohamada at redhat.com
Wed Feb 29 15:19:24 UTC 2012
Hi everyone,
I'm currently working on my thesis. It's objective is $SUBJ and we
already have ticket for that: #194
<https://fedorahosted.org/freeipa/ticket/194>. The task is to create two
more replica types - the HUB and Consumer. In 389-DS both the HUB and
Consumer are read-only. Additionally the HUB can push the data to the
Consumers.
In case of FreeIPA the server is not only providing data, but also
services like CA, NTP, DNS, Kerberos. Therefore I'm kindly asking you
for advices and opinions on that:
1. What should be the position of HUB?
I mean should it be used as an interconnection between Masters and
Consumers only, so that it will be 'hidden' in the topology and only
forwards the updates, or should the HUB be also used as a regular
Consumer which has additional ability to push the updates further to
Consumers/HUBS?
2. Which services should be available on HUB and Consumer?
I think, the priority of these replicas would be to answer to data
request by ipa whatever-(find|show) commands or to provide some LDAP
data for email addressing etc. Also it shouldn't cause much trouble to
run NTP on Consumer, but what about Kerberos or CA? Is it a good
solution to let users authenticate against these replicas? Is it correct
to leave classified data like passwords on these replicas?
Thanks in advance for your reactions
Ondra
--
Regards,
Ondrej Hamada
FreeIPA team
jabber:ohama at jabbim.cz
IRC: ohamada
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120229/8c1e11ed/attachment.htm>
More information about the Freeipa-devel
mailing list