On 02/13/2013 09:58 AM, Dag Wieers wrote:
> Hi,
> We are investigating whether IPA is an acceptable solution for our
> environment. One of the aspects that is not clear (from reading the
> documentation and testing it without AD) is whether the
> synchronization with AD can be limited to a subset.
> Since we would like to only synchronize certain user-accounts
> (conforming to a specific format) from AD unidirectionally, and we
> also want to manage functional/technical accounts on IPA, we need to
> make sure that we:
>  - can filter the stuff we pull from AD
>  - can avoid the synchronisation to remove other accounts managed in IPA
> Can someone confirm that this is possible ? Is there any indepth
> information on how this AD sycnhronization works (preferably about
> RHEL6 IPA) ?
> Also since we also require compatibility with Solaris, and roles
> (RBAC) is currently used on Solaris, does IPA support RBAC on Solaris
> ? (We noticed that RBAC mentioned in the IPA web interface only
> relates to IPA management).
> Thanks in advance,
If you are planning to use latest bits from upstream you also can
consider using trusts and PAM passthough instead of password

Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.

Looking to carve out IT costs?

Freeipa-users mailing list

Reply via email to