Iulian Roman wrote:
> On Wed, Feb 22, 2017 at 6:03 PM, Michael Ströder <mich...@stroeder.com
> <mailto:mich...@stroeder.com>> wrote:
>     Iulian Roman wrote:
>     > On Tue, Feb 21, 2017 at 4:31 PM, Rob Crittenden <rcrit...@redhat.com 
> <mailto:rcrit...@redhat.com>
>     > <mailto:rcrit...@redhat.com <mailto:rcrit...@redhat.com>>> wrote:
>     >
>     >     Iulian Roman wrote:
>     >     > Does anybody know if the rfc2307aix schema is supported in IPA 
> server
>     >
>     >     No, it isn't supported (it's the first I've ever heard of it). 
> Looking
>     >     at the schema I doubt it is something that would ever be fully 
> supported.
>     >
>     > is there any possibility to extend the existing schema with additional
>     > attributes/object
>     Do you really use this specific AIX schema?
>     If yes, which attributes for which purpose?
> I do need the aixAuxAccount and aixAuxGroup object classes . they implement 
> some
> password restrictions needed for security/compliance

Password policy is something best enforced centrally in the authentication 
server and
password management system. So IMHO this serves as perfect example for 
attributes you won't need.

How is authentication done? SSH keys, Kerberos, LDAP simple bind?

> +  some other security related attributes.
> Personally i do not consider them a must - they are rather some nice to have 
> features  -
> but i have to migrate an environment which does use them. And i would like as 
> well to
> make the migration as transparent as possible (therefore without "missing 
> features").

Is the existing environment also an LDAP server with this particular AIX schema?
Or are you trying to follow a migration path to LDAP suggested by IBM docs?

Being in your position I'd first compile a list of functional and security 
and ask then whether these requirements can be implemented with FreeIPA. I'm 
curious to
learn whether "some other security related attributes" are still needed after 

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to