On May 13, 2012, at 2:23 PM, "Steven Jones" <steven.jo...@vuw.ac.nz<mailto:steven.jo...@vuw.ac.nz>> wrote:
Hi, >From a user perspective such as myself, If its mission critical and complex need today then you need to also look at more mature solutions. Mileage may vary. I for one have found no suitable scalable substitute for FreeIPA. I currently run over 21 (soon to be 42) Production FreeIPA servers. These are globally dispersed in every major continent. They support over 5,000 servers (Mostly RHEL with some Fedora, and Ubuntu mixed in), 1,000 Networking devices (Cisco and Juniper) and around 2,000 users. I heavily utilize centralized authentication, SSO, hbac, sudo, and automember (with sometimes as many as 100 new hosts a week being built and automatically assigned to their respective hostgroups.). My use case tends to be the most complex that I've heard of. The important bugs that I find and report have patches sometimes within a few days. My advice is to stage thoroughly so you know what you need to have in order to run effectively in production. There is no real end all be all for all things relating to authentication. I suggest that if you find an important delta, don't give up, experiment with integrating whatever protocol you need. Document the success or the challenges for others to benefit or contribute. -JR These however will cost you a lot of time and money to deploy. We have been there and the costs are obscene and the support worryingly poor in AP. Since you have only mentioned 389 and Openldap as options I suspect IPA will suit you its the best of the three, so take a look. regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________ From: freeipa-users-boun...@redhat.com<mailto:freeipa-users-boun...@redhat.com> [freeipa-users-boun...@redhat.com<mailto:freeipa-users-boun...@redhat.com>] on behalf of Chandan Kumar [chandank.ku...@gmail.com<mailto:chandank.ku...@gmail.com>] Sent: Saturday, 12 May 2012 6:18 a.m. To: Freeipa-users@redhat.com<mailto:Freeipa-users@redhat.com> Subject: [Freeipa-users] FreeIPA and others Hi All, I was considering different centralized authentication/authorization services such as FreeIPA, 389 and Open ldap to deploy into our network in order to have a good centralized user authentication/authorization machanism. I was wondering what are they key that FreeIPA provides as compared to other directory servies in terms of extra feature, ease of deployment and use etc. Thanks Chandan _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com<mailto:Freeipa-users@redhat.com> https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
