On 09/08/2017 12:10 PM, Simo Sorce wrote:
Unfortunately, yes in the case of the boxes we supply to our customers.
Disclaimer: This was decided on LONG before I arrived and never really
worked well anyway, hence the need to do it right this time.
On Fri, 2017-09-08 at 10:06 -0400, Mark Haney via FreeIPA-users wrote:
Probably the dumbest question you'll get all day, but we've got a
hundred or so VMs with OpenLDAP on them (as clients pointing to a
master). Are there any gotchas to replacing OpenLDAP with FreeIPA?
Do you mean that you are replicating your whole ldap directory on each
using Ansible to push the client install to the VMs, with a task for
uninstalling OpenLDAP prior to IPA setup.
Does this plan sound cunning enough? Or am I missing something?
ENOINFO to comment on whether this is genius or madness :-)
Maybe I should clarify. We're moving away from a full OpenLDAP server
running on customer servers (which is really small, mainly the 5 or 6
Operations accounts that need logins) and replacing it with FreeIPA
client setups. The Ansible playbook would be (more or less) 3 tasks:
Uninstall openldap-servers package (these are all Centos 6 boxes)
Run the unattended setup with all settings passed as variables.
I can't see any issues with this method, but I like having other eyes go
over it when it's something I've never had to do before.
Network Engineer at NeoNova
919-460-3330 option 1
FreeIPA-users mailing list -- email@example.com
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org