Iulian Roman wrote: > On Wed, Feb 22, 2017 at 6:03 PM, Michael Ströder <[email protected] > <mailto:[email protected]>> wrote: > > Iulian Roman wrote: > > On Tue, Feb 21, 2017 at 4:31 PM, Rob Crittenden <[email protected] > <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>> wrote: > > > > Iulian Roman wrote: > > > Does anybody know if the rfc2307aix schema is supported in IPA > server > > > > No, it isn't supported (it's the first I've ever heard of it). > Looking > > at the schema I doubt it is something that would ever be fully > supported. > > > > is there any possibility to extend the existing schema with additional > > attributes/object > > Do you really use this specific AIX schema? > If yes, which attributes for which purpose? > > I do need the aixAuxAccount and aixAuxGroup object classes . they implement > some > password restrictions needed for security/compliance
Password policy is something best enforced centrally in the authentication server and password management system. So IMHO this serves as perfect example for proprietary attributes you won't need. How is authentication done? SSH keys, Kerberos, LDAP simple bind? > + some other security related attributes. > Personally i do not consider them a must - they are rather some nice to have > features - > but i have to migrate an environment which does use them. And i would like as > well to > make the migration as transparent as possible (therefore without "missing > features"). Is the existing environment also an LDAP server with this particular AIX schema? Or are you trying to follow a migration path to LDAP suggested by IBM docs? Being in your position I'd first compile a list of functional and security requirements and ask then whether these requirements can be implemented with FreeIPA. I'm curious to learn whether "some other security related attributes" are still needed after all. Ciao, Michael.
smime.p7s
Description: S/MIME Cryptographic Signature
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
