On Mon, Dec 5, 2011 at 10:05 PM, Steven Jones <steven.jo...@vuw.ac.nz> wrote: > Hi > > 8><-------- > > What you need is some knowledge of LDAP, and to work with your vendors > to figure out how they should be configured to work with IPA. > > 8><------- > Funny but I thought a goal of IPA was to make this easier....so you dont need > such depth of knowledge..... > Like I keep saying its a translation process so you can start to understand > it.....Im having huge problems with it... > which is a worry because if I have problems the other admins are probably > going to fail. I have tried to self-educate myself but Im not getting far at > it.
I disagree with you here. Understanding ldap is quite essential stuff for deploying a directory based identity management system. I mean, if you just want to provision users and authenticate them to computer systems in an IPA realm, that's it, you need nothing more than the tools ipa give you. However, life is usually more complicated and people want to use other applications to do stuff. And those applications have ldap bindings, so you need to know how to use them. This is by the way no different as to how to do it with AD. I routinely configure applications to query our AD for user info/authentication/authorization, so I need to specify ldap bases, common names (cn) to bind, etc, .., as well. No difference here as to what you are experiencing. In my experience most vendors have technical info on how to configure and ldap connection to their applications/appliances. You name Bluecoat, and if I google 'bluecoat ldap' the first hit I get is a nice pdf with exactly the info you need (provided this is about the bluecoat.com company). I strongly suggest that you get a good grasp on ldap if you need to manage any directory based service, be it AD, IPA or whatever. > "Vendors" in NZ just import in a box, its a function of our small population, > few have any depth of knowledge....a few have happily admitted to me that if > we buy the hardware they will get some training....until then they are as > clueless as we are. Wow. Are you talking to technical staff or to sales people there? -- natxo _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users