On 02/13/2013 09:58 AM, Dag Wieers wrote: > Hi, > > We are investigating whether IPA is an acceptable solution for our > environment. One of the aspects that is not clear (from reading the > documentation and testing it without AD) is whether the > synchronization with AD can be limited to a subset. > > > Since we would like to only synchronize certain user-accounts > (conforming to a specific format) from AD unidirectionally, and we > also want to manage functional/technical accounts on IPA, we need to > make sure that we: > > - can filter the stuff we pull from AD > - can avoid the synchronisation to remove other accounts managed in IPA > > Can someone confirm that this is possible ? Is there any indepth > information on how this AD sycnhronization works (preferably about > RHEL6 IPA) ? > > > Also since we also require compatibility with Solaris, and roles > (RBAC) is currently used on Solaris, does IPA support RBAC on Solaris > ? (We noticed that RBAC mentioned in the IPA web interface only > relates to IPA management). > > > Thanks in advance, If you are planning to use latest bits from upstream you also can consider using trusts and PAM passthough instead of password synchronization.
-- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users