On Fri, Jul 22, 2016 at 03:04:01PM +0100, Peter Pakos wrote:
> Jakub Hrozek wrote:
> > I'm glad it works now, but why did you choose to use the LDAP back end
> > over the IPA back end? By using LDAP, you gain the ability to not enroll
> > clients with ipa-client-install, but you loose the ease of
> > manageability, HBAC, easy SUDO integration, not to mention you need to
> > put passwords into the config file..
> > Well, we wanted a quick solution for migrating all our servers (a mixture
> of Centos, Debian, SLES, Ubuntu) from using SSSD with an old LDAP server to
> auth against FreeIPA. Since we have all our servers puppetized and using
> sudoers files, it was the best approach I could think of.
> Can you think of a better way of tackling this?
> Now that the dust settles down after the migration, we started enrolling
> infrastructure servers to FreeIPA using ipa-client-install.
Ah, sorry, if you are going through a migration, then it's understandable.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project