Here's my situation:
I'm installing Hadoop for a customer, and the Hadoop cluster is secured
with Kerberos. I used FreeIPA as a KDC.
The customer uses openLDAP as a directory server.
For now, our solution is to copy the whole openLDAP user base to
FreeIPA, and then use FreeIPA for the identification and authorization
(all the keytab stuff).
But keeping openLDAP and FreeIPA in sync is a nightmare, and I was
Would it be possible to configure SSSD to simultaneously target the
openLDAP server to identify a user, and the FreeIPA server to get the
That way, we can avoid having to keep openLDAP and FreeIPA in sync...
Is there an efficient way to keep openLDAP and FreeIPA in sync?
All ideas are welcome!!
Thank you guys,
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project