On May 14, 2012, at 9:50 PM, "Steven Jones" <steven.jo...@vuw.ac.nz> wrote:

> 8><---------
> Mileage may vary.
> I for one have found no suitable scalable substitute for FreeIPA.
> 8><----------
> Sure but depends on capability and experience, I for one am 
> struggling.....while significantly easier than say 389 (which I gave up on), 
> its still a huge step up.......

I agree that it doesn't solve /all/ problems (yet) ;)

However, I have looked for a very very long time to find a scalable LDAP 
implementation with integrated Kerberos and RBAC/HBAC.  I've had numerous 
personal discussions with the creators /maintainers of openldap, pam_ldap, 
sudo, and some of the MIT-Kerb folk along my way.

Because no one else had solve those problems, I was actually in the middle of 
writing my own solution when I stumbled onto FeeIPA... 

For example, Pam_ldap expect(s/ed) that every user object contain an attribute 
entry for every single host they are allowed to log into.... Doesn't quite 
scale when you have to manage complex mixtures of thousands of users to 
thousands of hosts...

What do you feel is the biggest struggle?

Is it the base core features, or is it external integration pains for things 
feature that don't exist yet?

"Keeping your head in the cloud"
Jr Aquino | Sr. Information Security Specialist
GIAC Certified Incident Handler | GIAC WebApp Penetration Tester
Citrix Online | 7408 Hollister Avenue | Goleta, CA 93117

Freeipa-users mailing list

Reply via email to