Can Freeipa accommodate a mufti-tennant environment? i.e. I work for a managed service provider that currently uses LDAP for authentication for both our users and our customer's users. But Customer A cannot see Customer B's data due to access control on our directory. Each customer has at least one LDAP service account in their container in the tree that can only view that customer's container and my company container.
Would we have to do something like create realms for each customer? Then configure trusts from customer realm to ours? EXAMPLE.COM - our realm CUSTOMERA.EXAMPLE.COM - customer a realm ... so on What about data within the directory? Currently our DIT is like: o=MyCompany,dc=example,dc=com o=CustomerA,dc=excample,dc=com Would seperating by realms automatically divide that up? What about would Customer A be able to see any Customer B users using multiple realms alone or would we have to take additional precautions? Regards, -Alan ============================ Posted on behalf of Alan -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
