On 08/21/2015 09:44 AM, Vaclav Adamec wrote:
> Hi,
> Don't want to start flame, but my question is quite simple, is there
> anybody who use it in real production/commercial setup without any
> major issues ? don't you lack commercial support ? no issues with
> auditors ?

FreeIPA is upstream for Red Hat IdM, if you wanna get
commercial/enterprise support, go for Red Hat Subscription.

>  after a year/two of usage/testing/troubleshooting of freeipa/redhat
> ipa it seems, for me as a simple admin, to be still not very mature
> project, even basic configuration isn't very stable/solid to use it in
> real production. I started with latest freeipa on fedora with one
> server (VM vmware), then add other master replicas but after many
> issues I carefully keep one server on redhat 7 with up2date version of
> ipa from rhel repos, default installation setup, no replication. But
> still with stability issue (processes died occasionally, mostly due
> multiple clients removing, sometimes it dies completely with cryptic
> errors in journal (but sometimes no errors at all just wait for
> something during restart) and only fast option is restore from snaphot
> backups with loosing some clients). Performance is also issue, we
> cannot register more then 4-5 servers at once, or it will timeout (but
> no visible network or cpu/mem load issue).
> As there are no other complex solutions like IPA it's quite hard
> decide what to use as a replacement, but right now it's seems that we
> have no other option and we probably switch to simple openldap and
> missing functionality cover by puppet and some 2factor solution.
> We don't need anything special, no dns handling, no certificates, no
> AD connection, just simple servers/clients, users with groups and
> rules for access/sudo. Multimaster (with DNS SRV) solution for higher
> performance and reliability would be nice, but not necessary if we can
> keep it stable and handle more clients registration. We have tens of
> users/groups, hundreds servers/clients with random registration
> "burst" as we use it also for temp. build environments and OpenStack
> instances.
> Oficial support from RedHat is not very helpful, also they don't
> provide any real training for IPA, so only option is mail conference
> (very helpful, thanks for that) and tones of documentation/examples
> for variety of versions, but for such complex thing probably not
> enough for commercial use.

IMHO, there's no official support from Red Hat on FreeIPA, I was though
it was community support. If you wanna official support or real training
for IdM (Identity Management) from Red Hat, go to

> Can I ask you for your opinion ?
> Vasek

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to