----- Original Message ----- > On Tue, 04 Nov 2014, Roman Naumenko wrote: > >Hi, > > > > > >I'm planning to use FreeIPA to manage infrastructure resources, sudo > >users, DNS and things like that. But I also need isp style > >directory > >with multiple organizations and root DNs to control users, mainly > >for > >authentication purpose. FreeIPA wouldn't suitable for latter, so I'm > >looking at OpenDJ or Centos DS for that. > > > > > >Could you advise what would be the most suitable product in this > >case? > >And what the difference between RedHat and Centos versions of > >directory > >servers? > I'm not entirely understanding what do you mean by 'Centos DS' here > but > let me guess.
Centos directory server. > FreeIPA uses 389-ds as its LDAP server. It is the same code in both > RHEL > and CentOS (and other RHEL rebuilds of the same version); there > should > be no difference at all on source level. > > FreeIPA, however, adds a number of own plugins to the directory > instance > that is used for FreeIPA purposes. These plugins are not supported > outside of FreeIPA deployment and they implement features we consider > important for FreeIPA like user lockout, password changes, Kerberos > keys > integration, 2FA implementation, DNSSEC integration, etc. All good staff! > You definitely can set up separate instances of 389-ds. Preferably > this > should be done on separate hosts than IPA masters because otherwise > you'll have a number of practical issues with different instances > binding to the same LDAP/LDAPS ports and so on. Is 389-ds equivalent of RedHat Directory Server (http://www.redhat.com/en/technologies/cloud-computing/directory-server)? --Roman -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project