On 12.1.2015 17:20, brendan kearney wrote:
If you insist on a replicated FS then try Gluster.
> On Jan 12, 2015 11:04 AM, "Craig White" <cwh...@skytouchtechnology.com>
>> *From:* freeipa-users-boun...@redhat.com [mailto:
>> freeipa-users-boun...@redhat.com] *On Behalf Of *Dale Macartney
>> *Sent:* Sunday, January 11, 2015 2:16 PM
>> *To:* email@example.com
>> *Subject:* [Freeipa-users] Group Policy-like features in FreeIPA
>> Morning folks
>> I am currently working on a little pet project which I think some would
>> find useful.
>> I would like to introduce some group policy like functionality into a
>> FreeIPA domain.
>> For example:
>> In an environment running FreeIPA Server with Fedora or RHEL based
>> workstations, I would like to be able to introduce a few extra features
>> which initially may be pushed via a login script (maybe even configure a
>> dbus session as well, who knows?).
>> My intentions here would be to be able to apply host specific policies as
>> well as have the option for user specific policies which would be applied
>> when the user logs in.
>> Practically speaking, adding an attribute to LDAP to specify a login
>> script file name is easy enough, however actually fetching this is where I
>> am hoping for a bit of brain storming. My thoughts would be the local user
>> would fetch the name of the login script via ldap, and then perhaps fetch
>> the file from a shared resource on the FreeIPA masters in order to be
>> executed locally.
>> LDAP is obviously replicated, however to my knowledge, there is no file
>> synchronization between masters. I am thinking something similar to the MS
>> equivalent of the SYSVOL data that replicates between MS Domain
>> Controllers. One option would be to store all data within LDAP, however
>> I've seen many scenarios where admins store CD ISO's in replicated domain
>> data, so I am not certain this would be the best option.
>> With this replicated data folder, I would be able to store centrally
>> managed scripts which would be used for hosts or users, and then configure
>> the default user template on each workstation (/etc/skel/) to add the login
>> script file name which would be fetched from the users LDAP attributes.
>> Real world usability for what I am thinking of is a way to manage users
>> who can have their corporate email mailbox configured on login,
>> automatically setting the users session to point to an internal SSO enabled
>> proxy server or perhaps any other number of things which an admin may wish
>> to achieve without the need to manually do the work themselves.
>> Has anyone undertaken a similar scenario in their environments or would
>> perhaps have any suggestions on how to manage the centrally accessible file
>> Many thanks
>> Specifically, I haven’t fully implemented what you are asking but
>> obviously parts and pieces yes.
>> One of the best features of Linux and all of its various toolsets is that
>> one are quite so overarching and the objectives are more focused. String
>> them together and you have a working tool set. As a system administrator,
>> you learn to pipe grep output to awk or sed or cut etc.
>> SYSVOL ó NFS and if that doesn’t do it for you, check out Unison.
>> I guess one of the temptations of FreeIPA is to try to make it exactly
>> like active directory. The FreeIPA developers are already doing an amazing
>> job without a ton of manpower.
>> Manage your subscription for the Freeipa-users mailing list:
>> Go To http://freeipa.org for more info on the project
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project