----- Original Message -----
> On Tue, 04 Nov 2014, Roman Naumenko wrote:
> >Hi,
> >
> >
> >I'm planning to use FreeIPA to manage infrastructure resources, sudo
> >users, DNS and things like that.  But I also need isp style
> >directory
> >with multiple organizations and root DNs to control users, mainly
> >for
> >authentication purpose. FreeIPA wouldn't suitable for latter, so I'm
> >looking at OpenDJ or Centos DS for that.
> >
> >
> >Could you advise what would be the most suitable product in this
> >case?
> >And what the difference between RedHat and Centos versions of
> >directory
> >servers?
> I'm not entirely understanding what do you mean by 'Centos DS' here
> but
> let me guess.

Centos directory server. 

> FreeIPA uses 389-ds as its LDAP server. It is the same code in both
> RHEL
> and CentOS (and other RHEL rebuilds of the same version); there
> should
> be no difference at all on source level.
> 
> FreeIPA, however, adds a number of own plugins to the directory
> instance
> that is used for FreeIPA purposes. These plugins are not supported
> outside of FreeIPA deployment and they implement features we consider
> important for FreeIPA like user lockout, password changes, Kerberos
> keys
> integration, 2FA implementation, DNSSEC integration, etc.

All good staff!

> You definitely can set up separate instances of 389-ds. Preferably
> this
> should be done on separate hosts than IPA masters because otherwise
> you'll have a number of practical issues with different instances
> binding to the same LDAP/LDAPS ports and so  on.

Is 389-ds equivalent of RedHat Directory Server 
(http://www.redhat.com/en/technologies/cloud-computing/directory-server)?

--Roman

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to