Good morning. (It’s morning where I am.)
I’ve written several plugins for my deployment, including a DHCP plugin, and
I’m trying to figure out the best way to deploy them onto production servers.
Let’s start with the schema. I could copy a schema file (e.g., 89dhcp.ldif and
others) into /etc/dirsrv/slapd-REALM/schema and do a schema reload, or I could
use ldapmodify to write the schema directly into the running system so it gets
written into /etc/dirsrv/slapd-REALM/schema/99user.ldif.
Is there any reason to prefer one over the other? Doing it the first way seems
more tidy to me, but it has to be done on each server separately, which makes
me wonder if it might cause things to get weird with respect to replication
during that short span of time when one server has the schema and the other
doesn’t. The Red Hat Directory Server documentation stops short of saying that
local schemata should always be installed with ldapmodify into 99user.ldif, but
it seems to kind of head-fake in that direction, so I’m not sure what the right
method is.
Then there are the update files. For the DHCP plugin, for instance, I have a
short update file that initializes a few objects (see below). Is it better to
just RUN this update against a live server with ipa-ldap-updater, or is it
better to INSTALL this file in /usr/share/ipa/updates so it stays on the server
permanently? Will the second approach be better in case of upgrades or whatever?
Thanks very much for taking the time. I hope my questions made sense.
Jeffery
DHCP update file for reference, if necessary:
dn: cn=dhcp,$SUFFIX
add: objectClass: top
add: objectClass: dhcpService
add: dhcpStatements: authoritative
add: dhcpStatements: default-lease-time 43200
add: dhcpStatements: max-lease-time 86400
add: dhcpStatements: one-lease-per-client on
dn: cn=dhcpHosts,cn=Schema Compatibility,cn=plugins,cn=config
add: objectClass: top
add: objectClass: extensibleObject
add: schema-compat-container-group: cn=hosts,cn=dhcp,$SUFFIX
add: schema-compat-search-base: cn=computers,cn=accounts,$SUFFIX
add: schema-compat-search-filter: (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
add: schema-compat-entry-rdn: cn=%{fqdn}
add: schema-compat-entry-attribute: objectClass=dhcpHost
add: schema-compat-entry-attribute: dhcpHWAddress=ethernet %{macAddress}
add: schema-compat-entry-attribute: dhcpStatements=fixed-address %{fqdn}
add: schema-compat-entry-attribute: dhcpOption=host-name "%{fqdn}"
dn: cn=DHCP Administrators,cn=privileges,cn=pbac,$SUFFIX
add: objectClass: top
add: objectClass: groupofnames
add: objectClass: nestedgroup
only: description: DHCP Administrators
plugin: update_managed_permissions
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
