On May 14, 2012, at 9:50 PM, "Steven Jones" <steven.jo...@vuw.ac.nz> wrote:
> Mileage may vary.
> I for one have found no suitable scalable substitute for FreeIPA.
> Sure but depends on capability and experience, I for one am
> struggling.....while significantly easier than say 389 (which I gave up on),
> its still a huge step up.......
I agree that it doesn't solve /all/ problems (yet) ;)
However, I have looked for a very very long time to find a scalable LDAP
implementation with integrated Kerberos and RBAC/HBAC. I've had numerous
personal discussions with the creators /maintainers of openldap, pam_ldap,
sudo, and some of the MIT-Kerb folk along my way.
Because no one else had solve those problems, I was actually in the middle of
writing my own solution when I stumbled onto FeeIPA...
For example, Pam_ldap expect(s/ed) that every user object contain an attribute
entry for every single host they are allowed to log into.... Doesn't quite
scale when you have to manage complex mixtures of thousands of users to
thousands of hosts...
What do you feel is the biggest struggle?
Is it the base core features, or is it external integration pains for things
feature that don't exist yet?
"Keeping your head in the cloud"
Jr Aquino | Sr. Information Security Specialist
GIAC Certified Incident Handler | GIAC WebApp Penetration Tester
Citrix Online | 7408 Hollister Avenue | Goleta, CA 93117
Freeipa-users mailing list