Hi!  FreeIPA newbie here, with experience in DNS & LDAP . . .

I am inheriting a FreeIPA installation which needs to expand to multiple datacenters, and was hoping for a little advice. The current freeipa setup uses a subdomain, ny.company.com - with a kerberos realm NY7.COMPANY.COM - and I'm wondering if I want to continue this by creating additional subdomains & realms for the other datacenters, or if I'm better off flattening the namespace to company.com for all datacenters.

The reasons to use subdomains are generally:
1. to avoid naming collisions
2. to delegate administration to some other unit.

Did I miss anything? I don't plan on doing either of those, so I'm looking to flatten the namespace. Anyone have any thoughts? Especially on the kerberos portion of this question? Thanks a lot!!


Freeipa-users mailing list

Reply via email to