On Wed, 2012-11-14 at 16:47 -0200, Andre Rodrigues wrote:
> thanks for the info Simo!
> I work at a university and the current structure is:
> a meta-directory that feeds a master 389-ds, and the master replicates
> the data to two read-only directories, that are accessible to
> any changes in the directory should be sent to the meta-directory,
> which will apply the changes on the master.
> Now I'm studying FreeIPA to see a possible exchange of 389DS for
> FreeIPA (primarily by trust with ad).
> This is not an appropriate structure for FreeIPA(nor a directory
> actually) but a read-only FreeIPA would be best for us.
Oh so you would want a completely read-only setup, no changes at all on
any server in orer to drive everything from the meta-directory ?
Don't think that will be possible. You can certainly use metadirectories
to synchronize stuff but enforcing read-only behavior for everything
simply does not cope with the feature set unless you want to strip
freeipa of all the reasons to use it :)
Simo Sorce * Red Hat, Inc * New York
Freeipa-users mailing list