Re: [Freeipa-devel] Ubuntu interests in FreeIPA

Mon, 27 Jul 2009 22:51:35 -0700 

On 07/22/2009 11:11 AM, Mathias Gug wrote:

Hi,

Sorry for not following up earlier on this, but this topic has been
recently brought on the Ubuntu freeipa team mailing list [1]

[1]: https://lists.launchpad.net/freeipa/msg00009.html

Here are my comments mainly related to supporting openldap instead of
389DS in FreeIPA:

On Tue, Jun 30, 2009 at 9:30 AM, Simo Sorce<sso...@redhat.com>  wrote:

On Mon, 2009-06-29 at 19:20 -0400, Mathias Gug wrote:

  * replace 389 Directory Server with openldap.

  The main reason being that the 389 Directory server is not available in
  the Ubuntu archive yet (there is a work in progress to get it included
  in Debian/Ubuntu) while openldap is already in the archive and the
  currently recommended directory solution in Ubuntu.

  My question is how tight are FreeIPA and 389 Directory Server coupled?

Very, we use many features of 389DS and a good amount of plugins not
available for openldap. It would require a quite substantial amount of
work and testing just to port the slapi plugins.




<snip>

  * ipa-memberof: IPA memberof plugin

There is a similar overlay in openldap:

       The memberof overlay to slapd(8) allows automatic reverse group memberā€
       ship maintenance.  Any time a group entry is modified, its members  are
       modified  as  appropriate  in  order to keep a DN-valued "is member of"
       attribute updated with the DN of the group.
My understanding is that the memberOf overlay does not deal with nested membership. It is strictly a 1:1 relationship (forward pointer, reverse pointer). The 389 memberOf plug-in maintains reverse pointers for inherited membership, which IPA 
takes advantage of.

Take this with a grain of salt as I haven't confirmed this by looking at the
overlay code personally.

<snip>

--
Mathias Gug
Ubuntu Developer  http://www.ubuntu.com

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to