Jakub Hrozek wrote:

> I'm glad it works now, but why did you choose to use the LDAP back end
> over the IPA back end? By using LDAP, you gain the ability to not enroll
> clients with ipa-client-install, but you loose the ease of
> manageability, HBAC, easy SUDO integration, not to mention you need to
> put passwords into the config file..
>
> Well, we wanted a quick solution for migrating all our servers (a mixture
of Centos, Debian, SLES, Ubuntu) from using SSSD with an old LDAP server to
auth against FreeIPA. Since we have all our servers puppetized and using
sudoers files, it was the best approach I could think of.

Can you think of a better way of tackling this?

Now that the dust settles down after the migration, we started enrolling
infrastructure servers to FreeIPA using ipa-client-install.

-- 
Kind regards,
 Peter Pakos
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to