Hi, FWIW one of our customers (a bank) uses freeIPA 3.0 + samba with 4 servers and 5000+ clients, with no major issues. We were able to solve every issue they had tuning the dirsrv or with help from this list.
Best regards El vie, 21-08-2015 a las 04:44 +0200, Vaclav Adamec escribió: > Hi, > > Don't want to start flame, but my question is quite simple, is there > anybody who use it in real production/commercial setup without any > major issues ? don't you lack commercial support ? no issues with > auditors ? > > after a year/two of usage/testing/troubleshooting of freeipa/redhat > ipa it seems, for me as a simple admin, to be still not very mature > project, even basic configuration isn't very stable/solid to use it > in > real production. I started with latest freeipa on fedora with one > server (VM vmware), then add other master replicas but after many > issues I carefully keep one server on redhat 7 with up2date version > of > ipa from rhel repos, default installation setup, no replication. But > still with stability issue (processes died occasionally, mostly due > multiple clients removing, sometimes it dies completely with cryptic > errors in journal (but sometimes no errors at all just wait for > something during restart) and only fast option is restore from > snaphot > backups with loosing some clients). Performance is also issue, we > cannot register more then 4-5 servers at once, or it will timeout > (but > no visible network or cpu/mem load issue). > > As there are no other complex solutions like IPA it's quite hard > decide what to use as a replacement, but right now it's seems that we > have no other option and we probably switch to simple openldap and > missing functionality cover by puppet and some 2factor solution. > > We don't need anything special, no dns handling, no certificates, no > AD connection, just simple servers/clients, users with groups and > rules for access/sudo. Multimaster (with DNS SRV) solution for higher > performance and reliability would be nice, but not necessary if we > can > keep it stable and handle more clients registration. We have tens of > users/groups, hundreds servers/clients with random registration > "burst" as we use it also for temp. build environments and OpenStack > instances. > > Oficial support from RedHat is not very helpful, also they don't > provide any real training for IPA, so only option is mail conference > (very helpful, thanks for that) and tones of documentation/examples > for variety of versions, but for such complex thing probably not > enough for commercial use. > > Can I ask you for your opinion ? > > Vasek > -- Loris Santamaria linux user #70506 xmpp:lo...@lgs.com.ve Links Global Services, C.A. http://www.lgs.com.ve Tel: 0286 952.06.87 Cel: 0414 095.00.10 sip:1...@lgs.com.ve ------------------------------------------------------------ "If I'd asked my customers what they wanted, they'd have said a faster horse" - Henry Ford
Description: S/MIME cryptographic signature
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project