Hi there!

This is my situation.

I have some users of my main domain "cica.es".

But I also maintain a database of users of others domain, ie "example.es".

I can apply most of FreeIPA configuration to "cica.es" users: access to hosts, groups, policies, roles, etc..

But users of "example.es" are dummy users, who just have an LDAP account in order to use virtual mailboxes in Postfix/Dovecot.

Do anyone have any advice on how handle this situation?

I see some options:
 * create a second FreeIPA server, each to handle his own domain.
* get the main FreeIPA server to handle two complete different LDAP tree (with different root DNs, don't know if possible). * integrate "example.es" users into specific groups, "prefix" or something each group and user.

We are talking of about 2k users in total (main domain + secondary domain). In addition, there is the possibility to have more than two domains.

How FreeIPA handles this multi-domain environment?

Best regards.

Arturo Borrero González
Departamento de Seguridad Informática (n...@cica.es)
Centro Informático Científico de Andalucía (CICA)
Avda. Reina Mercedes s/n - 41012 - Sevilla (Spain)
Tfno.: +34 955 056 600 / FAX: +34 955 056 650
Consejería de Economía, Innovación, Ciencia y Empleo
Junta de Andalucía

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Freeipa-users mailing list

Reply via email to