On ke, 16 joulu 2020, Karim Bourenane via FreeIPA-users wrote:
Hello François, team
Thanks for the feedback.
What I want or want is to deploy replica IPA servers in each zone, so that
this replication is not complete.
The goal is to manage exclusively and independently of each zone, the users
auth. / dns / certificates, in short the local authentications to this zone.
I found, on the freeipa.org site, the command:
ipa toplogysuffix-add
But this command does not exist on my version of IPA server 4.6.5.
Is this a plugin that I need to install? Can you orient me?
No. As Francois said, there is no support for multiple distinct suffixes
in FreeIPA for the purpose of selective replication. This is against
FreeIPA design principles.
Topology suffix management is for a different task of organizing
existing replicas into a mesh with specific connections between
replicas. There are two suffixes in IPA: primary one for everything and
CA suffix for certificate management.
In short, you are not going to be able to achieve that with a single
FreeIPA deployment and there are no plans to provide this functionality
in FreeIPA for a single deployment.
Would this command be used to create another suffix on my master IPA server?
Thank you for your feedback.
Regards
Bien à vous
Mr Karim Bourenane
Le mer. 16 déc. 2020 à 08:39, François Cami <[email protected]> a écrit :
Hi,
No, this is not possible.
What you seem to want to achieve will be best served when the FreeIPA to
FreeIPA domain trust is available.
This is not the case today.
François
On Tue, Dec 15, 2020 at 6:07 PM Karim Bourenane via FreeIPA-users <
[email protected]> wrote:
Hello Team
I have a special question, about a partial replication branch domain LDAP
into a FreeIPA v. 4.6.2 on Centos 7.7.1908.
I want to deploy several FreeIPA into several network zones.
Its possible to only replicate a branch of data, to manage only an ipa
client / dns / certificat to this zone ?
I want to segment data replication for security reasons.
Perhaps I took my project in a bad way ?
Regards / Bien à vous
Mr Karim Bourenane
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to
[email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
