On Tue, 04 Nov 2014, Roman Naumenko wrote:
I'm planning to use FreeIPA to manage infrastructure resources, sudo
users, DNS and things like that. But I also need isp style directory
with multiple organizations and root DNs to control users, mainly for
authentication purpose. FreeIPA wouldn't suitable for latter, so I'm
looking at OpenDJ or Centos DS for that.
Could you advise what would be the most suitable product in this case?
And what the difference between RedHat and Centos versions of directory
I'm not entirely understanding what do you mean by 'Centos DS' here but
let me guess.
FreeIPA uses 389-ds as its LDAP server. It is the same code in both RHEL
and CentOS (and other RHEL rebuilds of the same version); there should
be no difference at all on source level.
FreeIPA, however, adds a number of own plugins to the directory instance
that is used for FreeIPA purposes. These plugins are not supported
outside of FreeIPA deployment and they implement features we consider
important for FreeIPA like user lockout, password changes, Kerberos keys
integration, 2FA implementation, DNSSEC integration, etc.
You definitely can set up separate instances of 389-ds. Preferably this
should be done on separate hosts than IPA masters because otherwise
you'll have a number of practical issues with different instances
binding to the same LDAP/LDAPS ports and so on.
/ Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project