Udo,
On Fri, 11 May 2018, Udo Rader via FreeIPA-users wrote:
[...] Our current setup looks like this:
OpenLDAP used as storage for user, DHCP and DNS information:
#1 users are either regular Unix (Linux, FreeBSD) shell users
#2 or they are users accessing our mail services (dovecot/postfix)
#3 (a low number of) certificates are currently handled by TinyCA
#4 DHCP is handled by multiple, distributed ISC DHCP servers, configured
to pull their configuration from OpenLDAP (network definitions, routers,
NTP servers, MAC addresses etc.)
#5 DNS is handled by multiple, distributed PowerDNS instances, which
again retrieve their DNS data from OpenLDAP
As far as I can understand, FreeIPA can easily handle #1, #2 and #3.
But what about DHCP and DNS? I understand that FreeIPA's backbone is the
389 DS. I guess migrating our DHCP DIT into 389 is doable, but what
about administration of those entries? Can this be done by FreeIPA?
Regarding DHCP, all I found were some older documents describing
intentions to implement it [1], but I'm uncertain if that ever happened.
Regarding DNS, I am aware that FreeIPA comes with bind, but if possible,
I'd really like to stay with PowerDNS. Is that possible? And if not, how
tightly integrated is bind into FreeIPA? One mandatory requirement is
that we need to have multiple, geographically distributed nameservers
that hold various amounts of DNS data (currently determined by LDAP
filters). I of course understand that bind is perfectly capable of doing
this, but depending on the level of integration between FreeIPA and
bind, I'm not exactly sure how "easy" this can be done.
our IPA-Installation is completely separated from both our DHCP- and
DNS-Servers, that are maintained using Netdot [1]. All I needed to do was
to add a certain set of DNS-entries to our DNS zone files. Those entries
can be displayed with
---
ipa dns-update-system-records --dry-run
---
[1] https://github.com/cvicente/Netdot
Mit freundlichen Gruessen/With best regards,
--Daniel.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
