On Mon, Dec 5, 2011 at 10:05 PM, Steven Jones <steven.jo...@vuw.ac.nz> wrote:
> Hi
> 8><--------
> What you need is some knowledge of LDAP, and to work with your vendors
> to figure out how they should be configured to work with IPA.
> 8><-------
> Funny but I thought a goal of IPA was to make this easier....so you dont need 
> such depth of knowledge.....
> Like I keep saying its a translation process so you can start to understand 
> it.....Im having huge problems with it...
> which is a worry because if I have problems the other admins are probably 
> going to fail.  I have tried to self-educate myself but Im not getting far at 
> it.

I disagree with you here. Understanding ldap is quite essential stuff
for deploying a directory based identity management system. I mean, if
you just want to provision users and authenticate them to computer
systems in an IPA realm, that's it, you need nothing more than the
tools ipa give you. However, life is usually more complicated and
people want to use other applications to do stuff. And those
applications have ldap bindings, so you need to know how to use them.
This is by the way no different as to how to do it with AD.

I routinely configure applications to query our AD for user
info/authentication/authorization, so I need to specify ldap bases,
common names (cn) to bind, etc, .., as well. No difference here as to
what you are experiencing.

In my experience most vendors have technical info on how to configure
and ldap connection to their applications/appliances. You name
Bluecoat, and if I google 'bluecoat ldap' the first hit I get is a
nice pdf with exactly the info you need (provided this is about the
bluecoat.com company).

I strongly suggest that you get a good grasp on ldap if you need to
manage any directory based service, be it AD, IPA or whatever.

> "Vendors" in NZ just import in a box, its a function of our small population, 
> few have any depth of knowledge....a few have happily admitted to me that if 
> we buy the hardware they will get some training....until then they are as 
> clueless as we are.

Wow. Are you talking to technical staff or to sales people there?


Freeipa-users mailing list

Reply via email to