On Fri, 2009-10-30 at 16:21 -0400, Dmitri Pal wrote: > Simo Sorce wrote: > > On Fri, 2009-10-30 at 15:56 -0400, Dmitri Pal wrote: > > > >> But then you have to update it on all replicas and will definitely > >> forget to do it. > >> Is it really a hassle to have it in the DS? > >> > > > > Yes it means you have to build a UI to manage that attribute, create it, > > find a place where to store it in the tree etc.. and adds cruft to the > > tree. > > > > > There are a lot of other things that we put in the cn=config replicate > but do not provide UI. > Admin will just run ldapmodify command for this attribute and this is it.
It's really not easy at all to put formatted text in an attribute in an ldif file, I wouldn't recommend something lie that. > > A file is a simple drop in and admins can easily change it at any time. > > > > True, if they forget to replicate it on other servers it will get out of > > sync, but it is also easy to fix that if it happens. We can put a > > comment in the template that reminds admins to always replicate it to > > all servers. > > > Why it should be limited to a server. This IMO will be an artificaial > limitation. It's not a limitation you can set up multiple servers if you want, but most likely you will send out just one URL organization wide. Remember it's a one-time thing. > Any server can perform migration and replicate the created kerberos keys > so why limit? Limit? Copying one file over hardly looks like a limit. What I think is that admins will "limit themselves", it make no sense for them to send out URLs to multiple servers etc for something like a one-off. > > However do you think admins will set it up on all servers ? > Yes. I do not see "set". Functionality is just there available from any > server. > They do not need to do anything to set it up. Surely we will need to configure this stuff only if there is a migration, do we want to expose this stuff if there is no migration to perform at all ? At the very least I would expect a global switch to turn this on and off ... Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel