On Fri, Jul 22, 2016 at 03:04:01PM +0100, Peter Pakos wrote: > Jakub Hrozek wrote: > > > I'm glad it works now, but why did you choose to use the LDAP back end > > over the IPA back end? By using LDAP, you gain the ability to not enroll > > clients with ipa-client-install, but you loose the ease of > > manageability, HBAC, easy SUDO integration, not to mention you need to > > put passwords into the config file.. > > > > Well, we wanted a quick solution for migrating all our servers (a mixture > of Centos, Debian, SLES, Ubuntu) from using SSSD with an old LDAP server to > auth against FreeIPA. Since we have all our servers puppetized and using > sudoers files, it was the best approach I could think of. > > Can you think of a better way of tackling this? > > Now that the dust settles down after the migration, we started enrolling > infrastructure servers to FreeIPA using ipa-client-install.
Ah, sorry, if you are going through a migration, then it's understandable. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project