Brian Topping wrote:
I'm new to FreeIPA and have some questions. I've searched the archives for
similar articles and found
https://www.redhat.com/archives/freeipa-users/2011-May/msg00040.html, but with
some differences. Please excuse my lack of knowledge, but hope that answers to
these questions might help others through the archives.
*** I saw the announcement that 2.1.4 from the updates-testing repo is "strongly
advised". In the previous message, I saw that deploying a production server on
Fedora was a bad idea. 2.1.3 is the last version available on the CentOS repos. Is that
one reasonable to use? Are there any gotchas that I should know about like disabling
selinux? Is 2.1.3 usable while waiting for 2.1.4 to hit the CentOS repos?
RHEL (and therefore CentOS) versioning can be misleading because it
tends to not move much over time despite patches being added. ipa
2.1.3-9 is more or less equivalent to FreeIPA 2.1.4 (a number of
features are disabled, perhaps a patch or two not backported).
The advisory is to pick up the CSRF fix which can be found in both versions.
Deploying in production in Fedora can be fine you just have to accept
that the window of support for any given release is relatively short
(~13 months).
*** AD synchronization is under active development, but I'm wanting to work
with Open Directory. The last references I've seen to it on the user list was
with 1.x. I've seen the opaque objects in the OD schema, realize the OD schema
is rather fluid and understand that maintaining an integration like that may
not be productive for such a small audience. On the other hand, are there
configurations with limited replication or referrals that might provide basic
interoperability? I haven't been too successful with getting Apache Directory
Studio connected to FreeIPA so I can browse around, but does anyone have some
insights they could share on this? Anyone have FreeIPA working at any level
with OpenDirectory that they could share insights about?
389-ds is our LDAP server so we generally support what it can do. AFAIK
it does not do replication with OD. What is it you want to replicate,
what direction, etc?
I've never used the Apache studio but others have reported success. It
is probably just a matter of getting your basedn right (e.g.
dc=example,dc=com) and perhaps providing a bind user (cn=Directory
Manager). Are you getting specific error messages, that might help
troubleshoot things.
regards
rob
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
