Hi Harold

Perhaps you should not think of FreeIPA as a product. Perhaps a better
analogy is a Product Stack. Another example would be LAMP. And as far as I
can make out, the point of the FreeIPA project is to better integrate the
various products that build the stack.

A very important factor - at least to me is this community: It is vibrant
and active, you get advice, "they" listen and change things. For example I
can think of at least 3 changes made to the documentation in the last few
months due to mistakes I had made!

I second the use of Apache Directory Studio - very useful for peaking under
the hood and studying the guts of your LDAP directory.

Cheers

Chris



From:   Rich Megginson <rmegg...@redhat.com>
To:     freeipa-users@redhat.com
Date:   25.06.2015 20:32
Subject:        Re: [Freeipa-users] hesitate to deploy freeipa
Sent by:        freeipa-users-boun...@redhat.com



On 06/25/2015 12:12 PM, Thomas Sailer wrote:
> Am 25.06.2015 um 17:47 schrieb Simo Sorce:
>
>> Yes, the whole project is complex, but not because we like complexity,
>> it is complex because the problem space is complex and we are bound to
>> use existing protocols, which sometimes add in complexity, and we want
>> to offer useful features to admins, so they can think about managing
>> stuff and not about the plumbing all the time.
>
> Sure, the problem space is a lot more complex than say ls.
>
> But I think there is room for improvement, by making the individual
> tools somewhat more resilient to unexpected behaviour in other
> components.

+1 - just look at the bug lists for freeipa, 389, sssd, dogtag, etc.

>
> For example, if there's any nsuniqueid group present in a users entry,
> login authentication via sssd breaks with a cryptic error message. It
> would be nice, IMO, if it didn't break or if it at least issued a
> better error message.

Sure.  For starters, there's https://fedorahosted.org/389/ticket/48161

>
> Furthermore, a good graphical generic LDAP editor would make the
> admin's life significantly easier, IMO. I so far haven't found one.
> There's gq, which works, mostly, but crashes relatively frequently.
> I'm mostly using ldapvi now, which works quite well but only after
> studying its manual.

Have you tried Apache Directory Studio?

>
> Thomas
>

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project




-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to