On May 13, 2012, at 2:23 PM, "Steven Jones" 
<steven.jo...@vuw.ac.nz<mailto:steven.jo...@vuw.ac.nz>> wrote:


>From a user perspective such as myself,

If its mission critical and complex need today then you need to also look at 
more mature solutions.

Mileage may vary.

I for one have found no suitable scalable substitute for FreeIPA.

I currently run over 21 (soon to be 42) Production FreeIPA servers. These are 
globally dispersed in every major continent.

They support over 5,000 servers (Mostly RHEL with some Fedora, and Ubuntu mixed 
in), 1,000 Networking devices (Cisco and Juniper) and around 2,000 users.

I heavily utilize centralized authentication, SSO, hbac, sudo, and automember 
(with sometimes as many as 100 new hosts a week being built and automatically 
assigned to their respective hostgroups.).

My use case tends to be the most complex that I've heard of.

The important bugs that I find and report have patches sometimes within a few 

My advice is to stage thoroughly so you  know what you need to have in order to 
run effectively in production.

There is no real end all be all for all things relating to authentication.  I 
suggest that if you find an important delta, don't give up, experiment with 
integrating whatever protocol you need. Document the success or the challenges 
for others to benefit or contribute.


These however will cost you a lot of time and money to deploy. We have been 
there and the costs are obscene and the support worryingly poor in AP.  Since 
you have only mentioned 389 and Openldap as options I suspect IPA will suit you 
its the best of the three, so take a look.


Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

From: freeipa-users-boun...@redhat.com<mailto:freeipa-users-boun...@redhat.com> 
[freeipa-users-boun...@redhat.com<mailto:freeipa-users-boun...@redhat.com>] on 
behalf of Chandan Kumar 
Sent: Saturday, 12 May 2012 6:18 a.m.
To: Freeipa-users@redhat.com<mailto:Freeipa-users@redhat.com>
Subject: [Freeipa-users] FreeIPA and others

Hi All,

I was considering different centralized authentication/authorization services 
such as FreeIPA, 389 and Open ldap to deploy into our network in order to have 
a good centralized user authentication/authorization machanism. I was wondering 
what are they key that FreeIPA provides as compared to other directory servies 
in terms of extra feature, ease of deployment and use etc.


Freeipa-users mailing list

Freeipa-users mailing list

Reply via email to