[Freeipa-devel] where should the BindDNGroup be located
Rob Crittenden
rcritten at redhat.com
Mon Nov 24 18:14:06 UTC 2014
Ludwig Krispenz wrote:
> in DS we implemented the feature that in a replica objetct it is
> possible to define a group of bind dns, instead or in addition to the
> use of nsds5ReplicaBindDn. This allows to maintain a group of ldap
> principals ad add new replication agreements without having to modify
> the replication object.
> I want to use it in the topology plugin an it will probably be used in
> the 4.2 replioca deployment.
>
> So to start with, if I create this group where should it be located in
> the shared tree: below "cn=ipa,cn=etc,$SUFFIX" ? inside cn=masters or
> cn=replicas or in a new container (the replication topology info is in
> cn=topology, cn=ipa,cn=etc,... ) or in cn=groups,cn=accounts,... ?
Can you just use a hostgroup for this?
We'd probably want a bit more access control around that particular
group though.
rob
More information about the Freeipa-devel
mailing list