Hello Alexander, thank you very much for the quick response Marco
Il giorno ven 27 set 2024 alle ore 13:33 Alexander Bokovoy < [email protected]> ha scritto: > On Пят, 27 вер 2024, Marco Naimoli via FreeIPA-users wrote: > >Hello, I've setup freeipa for domain and realm > >mydomain.com > >I would like to manage, with the same instance, subdomains like > >staff.mydomain.com > >guests.mydomain.com > > That's possible. > > >and people should authenticate using accounts like: > >[email protected] > >[email protected] > > That's not possible. > > > >I see I can add realms, under "IPA server" -> "Realm domain" and I've > >added the new realms staff.mydomain.com and guests.mydomain.com, but > >when I create a new user user, it is created under mydomain.com and I > >cannot change it > > "Realm domains" are not used for the purpose you want. It is a > misunderstanding from your side. Realm domains are a way to communicate > to trusted Active Directory forest that IPA deployment controls > corresponding DNS domains in terms of Active Directory forest topology. > > > > >So is it possibile to create and manage multiple domains under a single > >freeipa instance ? If not, is there a way to manage multiple domains > >(e.g. using a freeipa instance for every realm and create a trust among > >them) so that clients can be configured to permit user login from all > >of the subdomains ? > > Using multiple DNS domains for enrolled hosts as a part of the same > realm is possible. But the realm still will be the same and all > users/groups will be in the same single namespace. Having multiple > identity domains as a part of the same deployment is currently not > possible. > > Ability to have multiple identity domains trusting each other is > currently under development. > > > >I have found a multi tenancy documentation, but it's not very clear > > FreeIPA does not support multitenancy and will not support multitenancy. > The document you refer to is an old investigation of what multitenance > might require. It is *not* a description of what is implemented or even > considered to be implemented. In fact, all pages under /V<something> > namespace on FreeIPA wiki are just that -- design documents that may or > may not be implemented. > > This was more clear when we used MediaWiki for freeipa.org. > > > > -- > / Alexander Bokovoy > Sr. Principal Software Engineer > Security / Identity Management Engineering > Red Hat Limited, Finland > >
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
