Can Freeipa accommodate a mufti-tennant environment?  i.e. I work for
a managed service provider that currently uses LDAP for authentication
for both our users and our customer's users.  But Customer A cannot
see Customer B's data due to access control on our directory.  Each
customer has at least one LDAP service account in their container in
the tree that can only view that customer's container and my company

Would we have to do something like create realms for each customer?
Then configure trusts from customer realm to ours?

EXAMPLE.COM - our realm
CUSTOMERA.EXAMPLE.COM - customer a realm
... so on

What about data within the directory?  Currently our DIT is like:


Would seperating by realms automatically divide that up?  What about
would Customer A be able to see any Customer B users using multiple
realms alone or would we have to take additional precautions?


Posted on behalf of Alan

Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.

Looking to carve out IT costs?

Freeipa-users mailing list

Reply via email to