> > Brian, > for non user/group/host objects you fully own and control you can use > whatever directory structure you want as long as you do not put them > under the cn=accounts subtree and keep them generally away from any IPA > controlled subtree. > > ah - well if that's the case, then I asked my initial question very poorly, as that's ultimately what I was trying to find out. If I can do things outside of that area then I it will do what I need; I was just concerned that the "completely flat DIT" might object to a tree next to it in the same 389-DS. Having kerberized systems would improve more workflow issues around here than I can even comprehend, and there are other features of the IPA I am very interested in as well that will help solve other issues...once I get around to having enough time to get to those tasks.
Apologies, as mentioned I'm quite ldap-rusty. Brian LaMere
_______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users