[python-ldap] syncrepl and FreeIPA
Petr Spacek
pspacek at redhat.com
Fri Sep 26 12:17:17 CEST 2014
On 25.9.2014 18:37, Michael Ströder wrote:
> Petr Spacek wrote:
>> The patch or some other alternative for end-of-refresh-phase-detection is
>> required for further development in the FreeIPA project...
>
> I'm curious:
> What's the use-case for syncrepl in FreeIPA?
In this particular case it is used for LDAP<->OpenDNSSEC integration:
LDAP is an authoritative source of DNS data but OpenDNSSEC has own (local) SQL
database.
We have a little daemon which uses syncrepl to get list of all DNS zones with
required attributes (dnssec = enabled and so on). This daemon reconfigures
OpenDNSSEC at run-time accordingly.
For this use-case we need to reconstruct complete list of zones first in LDAP
(i.e. detect end of refresh phase) and do modifications in OpenDNSSEC
configuration only if the zone was removed or added.
Obviously, this can be solved by polling if latency or higher server load are
not a problem. IPA wants to stay effective & low-latency at the same time.
I will send reply to the alternative approaches to respective threads.
--
Petr Spacek @ Red Hat
More information about the python-ldap
mailing list