On 04/04/2011 04:12 AM, Jan-Frode Myklebust wrote: > On Fri, Mar 25, 2011 at 05:14:02PM -0400, Rob Crittenden wrote: >> Shouldn't be too bad. Here is our beta documentation on migration: >> >> http://obriend.fedorapeople.org/freeIPA2.0/Identity_and_Policy_Management_Guide/html-single/#chap-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA > Ok, good, that looks like it should cover the bulk of our migration. > > The other problems I'm looking at are probably more of design issues. > Are there a deployment guide somewhere as well ?
No not yet. This manual is what we have. But we will be very interested in hearing your opinion on what topics other than those we already have in the manual we should cover. > Currently we use netgroups for servers and users, mainly to manage who > can log in to which server trough pam_access/access.conf plus for sudo > rules. Should we continue using netgroups, or will the "user groups" and > "host groups" in IPA cover this ? We recommend using groups and host groups. Both support nesting. For the migration purposes a netgroup with the same name is created by default for any host group you create. This netgroup is jusr a pointer to the host group sort of a shell. This would allow you to use host groups in the admin model while the clients can continue to leverage notgroups until they get smart to use host groups directly. At that moment you would be able to turn off the automatic creation of the netgroups. But this will be a quite distant future. > Does the user groups allow nesting of > posix groups ? I.e. user1 is member of group1 which automatically make him > member of group2 and group3? Yes the groups are nested and you can mix posix and nonposix groups. > Some guides for configuring roles/privileges would be very interesting. > We want to have "group admins" who are allowed to add/remove members of > the groups this admin admins... Also we might want to allow team leaders > to add new users.. We do not have enough "solutions" worked out yet. Any contributions about your experience with IPA will be valuable. > Oh.. and are there any training available/planned for IPA (v2)? We will be giving presentation on the Summit. The training schedule is not yet worked out. > > -jf > > _______________________________________________ > Freeipa-users mailing list > Freeipafirstname.lastname@example.org > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users