Hello all, It is difficult for newcomers to cope with all this 389DS/FreeIPA stuff, after reading the project documentation and several mail messages in the archives I still have some unanswered questions so I would be very grateful if list members could answer the following doubts.
I need use services in an Active Directory environment and the WinSync solution has important limitations, the MODRDN operation is not handled correctly losing the relation with AD objects (it delete and add the entry so a new SID and GUID is assigned), the upcoming "IPAv3 Trust" feature seems very promising because AFAIK no sinchronization is necessary, but by using IPA it seems very restrictive to support current applications which need a LDAP hierarchical tree, custom schema with custom objectclassess and attributes, custom ACLs for applications...... I know about Directory Server virtual views, but I'm worried about the consequences of low level manipulation of the FreeIPA Directory Server instance. So how others are solving this paradox? they run 389DS with (fractional) replication towards (or from) FreeIPA 389DS? they add custom schemas to FreeIPA 389DS? the do low level manipulation of FreeIPA 389DS for ACLs, plugin activation, ...? what about upgrades after this modifications were done? _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users