Hi all,

Thanks for the quick respone. Too bad, but that's the way it is. I'll
come back to this question in a few years....


-----Oorspronkelijke bericht-----

Datum: Thu, 6 Jul 2017 12:47:29 +0300
Onderwerp: [Freeipa-users] Re: FreeIPA Multitenancy
Cc: Winfried de Heiden <w...@dds.nl>, Alexander Bokovoy <abokovoy@redhat
Aan: FreeIPA users list <freeipa-users@lists.fedorahosted.org>
Reply-to: FreeIPA users list <freeipa-users@lists.fedorahosted.org>
Van: Alexander Bokovoy via FreeIPA-users <freeipa-users@lists.fedorahos
Hi Winfried,

On to, 06 heinä 2017, Winfried de Heiden via FreeIPA-users wrote:
> Hi all,
> There's a nice litle article on http://www.freeipa.org/page/V3/Multit
> en
> ancy:
> Multi-tenancy  is an aspect of Identity Management (IdM) where
> multiple 
> parties use the same resource without learn any information about
> each 
> other.   The example is two rival companies who both operate servers 
> hosted in a public cloud.  Neither company should be aware of the 
> existance of the other users presence in the web  using, and they 
> definitely should not be able to enumerate either the users or the
> hosts
>  of the other company  due to information leaks inside the cloud 
> services.
> The article is rather old and Multitenancy seems not possible in
> FreeIPA 4.x. 
> Is there any progress on this, future plans? Multitenancy for IPA
> should be a very nice feature!

While it may sound as a nice feature, it is very hard to implement, as
that article tells you that it would go against current FreeIPA LDAP
DIT design and assumptions in the code.

We are not planning to work on that feature in short to mid-term time.
In fact, we are planning to reduce amount of new features being added
for next few major releases, to concentrate on making FreeIPA bullet-

 - better handling of error conditions
 - better support for various installation needs with Ansible
 - better diagnosing tools
 - etc

we have enough features already for most common use cases that
concentrating on day to day operations' predictability becomes
before we move forward.

This does not mean we would stop with new features. Rather, we want to
make a solid platform to deliver features as add-ons at some point in

/ Alexander Bokovoy
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to