Hi Harold Perhaps you should not think of FreeIPA as a product. Perhaps a better analogy is a Product Stack. Another example would be LAMP. And as far as I can make out, the point of the FreeIPA project is to better integrate the various products that build the stack.
A very important factor - at least to me is this community: It is vibrant and active, you get advice, "they" listen and change things. For example I can think of at least 3 changes made to the documentation in the last few months due to mistakes I had made! I second the use of Apache Directory Studio - very useful for peaking under the hood and studying the guts of your LDAP directory. Cheers Chris From: Rich Megginson <rmegg...@redhat.com> To: email@example.com Date: 25.06.2015 20:32 Subject: Re: [Freeipa-users] hesitate to deploy freeipa Sent by: freeipa-users-boun...@redhat.com On 06/25/2015 12:12 PM, Thomas Sailer wrote: > Am 25.06.2015 um 17:47 schrieb Simo Sorce: > >> Yes, the whole project is complex, but not because we like complexity, >> it is complex because the problem space is complex and we are bound to >> use existing protocols, which sometimes add in complexity, and we want >> to offer useful features to admins, so they can think about managing >> stuff and not about the plumbing all the time. > > Sure, the problem space is a lot more complex than say ls. > > But I think there is room for improvement, by making the individual > tools somewhat more resilient to unexpected behaviour in other > components. +1 - just look at the bug lists for freeipa, 389, sssd, dogtag, etc. > > For example, if there's any nsuniqueid group present in a users entry, > login authentication via sssd breaks with a cryptic error message. It > would be nice, IMO, if it didn't break or if it at least issued a > better error message. Sure. For starters, there's https://fedorahosted.org/389/ticket/48161 > > Furthermore, a good graphical generic LDAP editor would make the > admin's life significantly easier, IMO. I so far haven't found one. > There's gq, which works, mostly, but crashes relatively frequently. > I'm mostly using ldapvi now, which works quite well but only after > studying its manual. Have you tried Apache Directory Studio? > > Thomas > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project