On 09/15/2015 05:14 PM, Nicola Canepa wrote:
> Hello list.
> I'm trying to make a test deploy of FreeIPA, and I was wondering if it
> is possible to authenticate remote sites via LDAP by havong a partial
> replica based on saome filter (maybe a group, an attribute or similar).
> Sorry if this is a silly question, but I am trying to explore the
> possibilities that I could have to slowly replace local authentications
> spread in various sites by having a central store (backed by FreeIPA)
> and many partial replicas which would contain what now I have in RADIUS
> or other authentication sources.
> Thank you for any advice or pointer you can give to me.
Short answer is that FreeIPA does not support filter-based partial
AFAIK, 389 can do fractional replication, which can exclude certain
attributes from being replicated (and hence lower the replication
traffic), but I gather that will not help in your use case. See
nsds5replicatedattributelist and nsds5replicatedattributelisttotal
attributes of the replication agreement, if interested.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project