we are currently evaluating free-ipa. We've used the sun one ds, sun /
oracle dsee and 389 so far. All of those are easy to customize
respective the schema, class of service, dynamic groups,...
Unfortunately most applications like jenkins, jira, confluence, gitblit,
bitbucket, nexus and others don't have a native interface to
authenticate against free-ipa. But most of them can do ldap(s) / tls
and can connect to any ldap server with a proxy user configured. This
way and by using class of service and dynamic groups, we were able to
tie them to the directory and use it for authentication and sometimes
aothorization as well.
As I've seen so far, the 389 as part of free-ipa is tightly coupled to
the rest of the components and it's schema and dit are structured to
fit the needs of ipa.
Some questions that come into my mind:
Would it be possible to extend the schema and configure the 389 ds for
my own needs?
Could the dit be restructured to match the logic of our
I remember the sun idm server which was a pretty complex product but
gave the user lots of possible customizations of the web ui and
included workflows. Is that possible with ipa also?
thank you very much,
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project