Saqib N Ali wrote:
I understand that with Trust to AD, we can use AD for System of Records
for the User Accounts.
We do want IPA to maintain the policies, but just want to use SunLDAP
instead of 389 Directory Server for storing the policies. From
Enterprise Architecture point of view, 389 Directory Server would be Yet
Another Directory Server in our environment. It seems an overkill if we
already have SunLDAP.
389-ds is an integral part of IPA, it isn't just a data sink.
On Wed, Jun 15, 2016 at 10:31 PM, Alexander Bokovoy <aboko...@redhat.com
On Wed, 15 Jun 2016, Saqib N Ali wrote:
If we want to use the FreeIPA Active Directory Trust Integration
can we use an existing implementation of SunLDAP to store the
(e.g. sudo, hbac etc.)
Essentially we don't to create another LDAP Directory just for
FreeIPA cannot work with another LDAP Directory. It is integrated
solution that relies on the set of plugins in 389-ds directory, there
are about dozen specialized plugins that come with FreeIPA itself.
Trust to Active Directory option is part of that setup and cannot be
done against another LDAP directory because it also relies on the
specific plugins to 389-ds that don't exist in your SunLDAP.
If you deploy FreeIPA, you cannot have it 'just for storing the
policies'. It will be used for all kinds of objects. With trust to
Active Directory you may opt to not create native IPA users but then
these wouldn't be coming from your SunLDAP directory either, AD users
would be coming from AD.
/ Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project