On ti, 25 loka 2016, Frank Munsche wrote:
we are currently evaluating free-ipa. We've used the sun one ds, sun /
oracle dsee and 389 so far. All of those are easy to customize
respective the schema, class of service, dynamic groups,...
Unfortunately most applications like jenkins, jira, confluence, gitblit,
bitbucket, nexus and others don't have a native interface to
authenticate against free-ipa. But most of them can do ldap(s) / tls
and can connect to any ldap server with a proxy user configured. This
way and by using class of service and dynamic groups, we were able to
tie them to the directory and use it for authentication and sometimes
aothorization as well.
Have you checked http://www.freeipa.org/page/HowTos ?
As I've seen so far, the 389 as part of free-ipa is tightly coupled to
the rest of the components and it's schema and dit are structured to
fit the needs of ipa.
Some questions that come into my mind:
Would it be possible to extend the schema and configure the 389 ds for
my own needs?
Everything is possible but you'll be responsible for whatever would be
Could the dit be restructured to match the logic of our
Most likely no. The flat DIT assumptions and naming of subtrees are
encoded in FreeIPA framework.
I remember the sun idm server which was a pretty complex product but
gave the user lots of possible customizations of the web ui and
included workflows. Is that possible with ipa also?
Read existing documentation.
and overall links under http://www.freeipa.org/page/Documentation
/ Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project