Hello list,

Here's my situation:
I'm installing Hadoop for a customer, and the Hadoop cluster is secured with Kerberos. I used FreeIPA as a KDC.
The customer uses openLDAP as a directory server.

For now, our solution is to copy the whole openLDAP user base to FreeIPA, and then use FreeIPA for the identification and authorization (all the keytab stuff). But keeping openLDAP and FreeIPA in sync is a nightmare, and I was wondering something: Would it be possible to configure SSSD to simultaneously target the openLDAP server to identify a user, and the FreeIPA server to get the tickets?
That way, we can avoid having to keep openLDAP and FreeIPA in sync...


Is there an efficient way to keep openLDAP and FreeIPA in sync?

All ideas are welcome!!

Thank you guys,


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to