I'm also interested in how people are handling this - especially when using AD
When using a trust, the IPA host not only has to communicate with IPA servers,
but with potentially every AD domain controller in your HUB site. For us, this
is a large number of domain controllers which means we would need a large
number of ACL's on our firewalls to permit the IPA DMZ client access to the AD
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Aly Khimji
Sent: Wednesday, October 07, 2015 1:12 PM
Subject: [Freeipa-users] FreeIPA DMZ topology
Question for you, would having a replica be the ideal solution for authorizing
hosts in a DMZ?
Do you have any use cases for DMZ access/authorization or topologies you can
share for DMZ zones where FreeIPA is used?
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project