Hi,


Just how many Linux desktops and servers do you have? sure with say 5 or so 
linux and if you dont care about security its easy to AD ie access no 
authorisation...however I cant see any method to manage large quantities of 
Linux via AD without expensive addon tools.



I have 200+servers and 250 linux desktops and growing.....cant manage those 
with local access with 1.5 admins....you also cant manage them with AD unless 
you buy centrify/likewise or quest software or similar and thats very expensive 
and a pain in the ass.



Unless Ive missed something?



Now looking a IPA its management interface is simple, usable, yet very 
powerful....AD for Linux and its brain dead simple, and i have whats known as 
"useradmins" they ad users, they are not IT capable....



So it takes us in excess of a day to add an admin to the  servers, 5 mins in 
IPA....the time saving is substantial. We have disparate groups so a single 
lookup for an AD group isnt going to do it.



"Just wondering why would anyone want to sync freeIPA and AD"



As per usual ppl cant think of real life situations where such things are 
necessary, well its known as life its sometimes complex and messy. I work in a 
predominantly Windows environment. So I have windows architects, windows 
security ppl, windows derived managers, windows derived directors and (mostly) 
windows admins.  They simply dont understand linux/unix, dont care, and would 
like it removed to make their life "simple" and cheaper. Also I manage 30% of 
our environment and the most mission critical on Linux and it rarely falls 
over. The clients love it, and I do it with 1.5 linux staff v 9 windows admins. 
Clients now ask for linux servers from choice....Im getting under windows ppls 
skin.



It makes my day.



;]



So I need to work in such a framework/constraint and have a workable and no 
cost solution.  My need to sync with AD is becasue we provision to AD, so if I 
can pull a lot of data across it means less resistance from the Windows trained 
identity ppl, the security ppl and the managers. Tis simple, they will happily 
spend $50k on a AD review and $500k on an identity system that hasnt worked in 
3 years but wont spend $5k on linux LDAP.....so I have to fight battles with 
little....makes winning sweeter....



:)



regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Ondrej Valousek [ondr...@s3group.cz]
Sent: Monday, 3 October 2011 9:03 p.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Question on AD to freeipa sync

Just wondering why would anyone want to sync freeIPA and AD - both can serve 
Linux systems fine, so if I already have AD, I no longer require IPA.
My 2 cents...

Ondrej

On 09/29/2011 10:35 PM, Steven Jones wrote:

Hi,

In the documentation it says that new accounts in AD are syncd over to freeIPA, 
so IPA sets the UID as it "arrives"?

What happens if the user is an existing one and has a UID they want to retain, 
does that transfer over and get used?

Also how do you set permissions and groups?  does the new user just go into a 
default group and then you login to freeIPA and set them up? or can you put the 
GIDs into AD and they get transferred and the user put into the "right" groups" 
automagically?

Looks like I can set this sort of thing "how I want" in the sync agreement?

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com<mailto:Freeipa-users@redhat.com>
https://www.redhat.com/mailman/listinfo/freeipa-users


________________________________
The information contained in this e-mail and in any attachments is confidential 
and is designated solely for the attention of the intended recipient(s). If you 
are not an intended recipient, you must not use, disclose, copy, distribute or 
retain this e-mail or any part thereof. If you have received this e-mail in 
error, please notify the sender by return e-mail and delete all copies of this 
e-mail from your computer system(s). Please direct any additional queries to: 
communicati...@s3group.com. Thank You. Silicon and Software Systems Limited (S3 
Group). Registered in Ireland no. 378073. Registered Office: South County 
Business Park, Leopardstown, Dublin 18
________________________________


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to