Hello all,

 It is difficult for newcomers to cope with all this 389DS/FreeIPA stuff, after 
reading the project documentation and several mail messages in the archives I 
still have some unanswered questions so I would be very grateful if list 
members could answer the following doubts.

I need use services in an Active Directory environment and the WinSync solution 
has important limitations, the MODRDN operation is not handled correctly losing 
the relation with AD objects (it delete and add the entry so a new SID and GUID 
is assigned), the upcoming "IPAv3 Trust" feature seems very promising because 
AFAIK no sinchronization is necessary, but by using IPA it seems very 
restrictive to support current applications which need a LDAP hierarchical 
tree, custom schema with custom objectclassess and attributes, custom ACLs for 
applications...... I know about Directory Server virtual views, but I'm worried 
about the consequences of low level manipulation of the FreeIPA Directory 
Server instance. 

So how others are solving this paradox?
they run  389DS with (fractional) replication towards (or from) FreeIPA 389DS?
they add custom schemas to FreeIPA 389DS?
the do low level manipulation of FreeIPA 389DS for ACLs, plugin activation, 
...? 
what about upgrades after this modifications were done?

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to