On 09/13/2012 07:01 AM, mailing lists wrote:
Hello all,

  It is difficult for newcomers to cope with all this 389DS/FreeIPA stuff, 
after reading the project documentation and several mail messages in the 
archives I still have some unanswered questions so I would be very grateful if 
list members could answer the following doubts.

I need use services in an Active Directory environment and the WinSync solution 
has important limitations, the MODRDN operation is not handled correctly losing 
the relation with AD objects (it delete and add the entry so a new SID and GUID 
is assigned),

What version of 389-ds-base are you using?

the upcoming "IPAv3 Trust" feature seems very promising because AFAIK no 
sinchronization is necessary, but by using IPA it seems very restrictive to support 
current applications which need a LDAP hierarchical tree, custom schema with custom 
objectclassess and attributes, custom ACLs for applications...... I know about Directory 
Server virtual views, but I'm worried about the consequences of low level manipulation of 
the FreeIPA Directory Server instance.

So how others are solving this paradox?
they run  389DS with (fractional) replication towards (or from) FreeIPA 389DS?
they add custom schemas to FreeIPA 389DS?
the do low level manipulation of FreeIPA 389DS for ACLs, plugin activation, ...?
what about upgrades after this modifications were done?

Freeipa-users mailing list

Freeipa-users mailing list

Reply via email to