On Пят, 27 вер 2024, Marco Naimoli via FreeIPA-users wrote:
Hello, I've setup freeipa for domain and realm mydomain.com I would like to manage, with the same instance, subdomains like staff.mydomain.com guests.mydomain.com
That's possible.
and people should authenticate using accounts like: [email protected] [email protected]
That's not possible.
I see I can add realms, under "IPA server" -> "Realm domain" and I've added the new realms staff.mydomain.com and guests.mydomain.com, but when I create a new user user, it is created under mydomain.com and I cannot change it
"Realm domains" are not used for the purpose you want. It is a misunderstanding from your side. Realm domains are a way to communicate to trusted Active Directory forest that IPA deployment controls corresponding DNS domains in terms of Active Directory forest topology.
So is it possibile to create and manage multiple domains under a single freeipa instance ? If not, is there a way to manage multiple domains (e.g. using a freeipa instance for every realm and create a trust among them) so that clients can be configured to permit user login from all of the subdomains ?
Using multiple DNS domains for enrolled hosts as a part of the same realm is possible. But the realm still will be the same and all users/groups will be in the same single namespace. Having multiple identity domains as a part of the same deployment is currently not possible. Ability to have multiple identity domains trusting each other is currently under development.
I have found a multi tenancy documentation, but it's not very clear
FreeIPA does not support multitenancy and will not support multitenancy. The document you refer to is an old investigation of what multitenance might require. It is *not* a description of what is implemented or even considered to be implemented. In fact, all pages under /V<something> namespace on FreeIPA wiki are just that -- design documents that may or may not be implemented. This was more clear when we used MediaWiki for freeipa.org. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
