On Thu, Sep 22, 2016 at 5:52 AM, Mark Clarke <m...@jumpingbean.co.za> wrote:

> Your points have not convinced about the level of deployment of the IPA
> solution

Virtually _all_ mixed environments I've worked in since 2012 have use SSSD,
including Ubuntu 2013+, and the "common denominator" of "Policy Objects" in
those environments are the ones in IPA, even if it's hosted on 389 or even

I.e., The fact that you're so "tunnel visioned" on thinking IPA is a Samba
or LDAP replacement is part of your problem here.  I'm _talking_ "Policy
Objects" in the directdory server, whether it's IPA, 389 or even OpenLDAP,
with SSSD on the client.

I have now stated the _context_ of my 'position' a dozen times.

but your passions is undeniable.

Okay, I'll humor you ...

_Where_ do you think that alleged "passion" comes from?  Could it be actual
integrations?  Corporate adoption?

Or "ancedotal evidence" that the "NSS/389/Dogtag" is an "emerging
technology"?  ;)

My opinions still stands the exams objectives and weightings should reflect
> what administrators come across in their day-to-day work.

In your world, yes.
What you're failing to understand is ... I have my experience too.

How this can be controversial I do not understand.

Yet, you cannot respect my experience as anything but "ancedotal."

By your own admission, you don't see NSS/389/Dogtag at all.  You think it's
an "emerging technology."  And you also think any coverage of IPA in 303 is
already overboard.

What you fail to understand is, with Microsoft's change for Windows
10/Server 2016 and the corresponding AD 2016 domain/forest-level, Microsoft
is going to _force_ adoption of something like IPA, in "mixed
environments."  But this wasn't accidental.  In fact, it was Microsoft
giving Red Hat a nod that they 'got it right.'

Because AD architects don't want any POSIX in their AD Forest, because AD
admins don't populate, much less understand, even the basic IETF RFC 2307
attributes.  Less than 1% of AD domains have a single IDMU populated.
That's why they are dropping them.

At the same time, AD architects and their AD admins _do_ want to access
Linux resources, such as Samba servers.  The Samba service itself has a lot
of issues with this as a Member Server in many, huge corporate AD
environments.  It's only really good for segmented, departmental or SMB

Putting Samba in an IPA dmain solves that, with the corresponding AD Forest
Trust with Windows systems.  Windows stays Windows, POSIX stays POSIX.

I guess we will wait for others to give us their insights and opinions on
> this matter and be guided by them.

Well, I'm certainly not here for my health.  I.e., I have a lot of people
who tell me not to bother with LPI because of statements exactly like
yours.  ;)

But what do I know?  I just offer "ancedotal evidence."

-- bjs
lpi-examdev mailing list

Reply via email to