----- Original Message -----
> On Tue, 04 Nov 2014, Roman Naumenko wrote:
> >I'm planning to use FreeIPA to manage infrastructure resources, sudo
> >users, DNS and things like that. But I also need isp style
> >with multiple organizations and root DNs to control users, mainly
> >authentication purpose. FreeIPA wouldn't suitable for latter, so I'm
> >looking at OpenDJ or Centos DS for that.
> >Could you advise what would be the most suitable product in this
> >And what the difference between RedHat and Centos versions of
> I'm not entirely understanding what do you mean by 'Centos DS' here
> let me guess.
Centos directory server.
> FreeIPA uses 389-ds as its LDAP server. It is the same code in both
> and CentOS (and other RHEL rebuilds of the same version); there
> be no difference at all on source level.
> FreeIPA, however, adds a number of own plugins to the directory
> that is used for FreeIPA purposes. These plugins are not supported
> outside of FreeIPA deployment and they implement features we consider
> important for FreeIPA like user lockout, password changes, Kerberos
> integration, 2FA implementation, DNSSEC integration, etc.
All good staff!
> You definitely can set up separate instances of 389-ds. Preferably
> should be done on separate hosts than IPA masters because otherwise
> you'll have a number of practical issues with different instances
> binding to the same LDAP/LDAPS ports and so on.
Is 389-ds equivalent of RedHat Directory Server
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project