On Thu, Sep 22, 2016 at 5:52 AM, Mark Clarke <m...@jumpingbean.co.za> wrote:
> Your points have not convinced about the level of deployment of the IPA > solution > Virtually _all_ mixed environments I've worked in since 2012 have use SSSD, including Ubuntu 2013+, and the "common denominator" of "Policy Objects" in those environments are the ones in IPA, even if it's hosted on 389 or even OpenLDAP. I.e., The fact that you're so "tunnel visioned" on thinking IPA is a Samba or LDAP replacement is part of your problem here. I'm _talking_ "Policy Objects" in the directdory server, whether it's IPA, 389 or even OpenLDAP, with SSSD on the client. I have now stated the _context_ of my 'position' a dozen times. but your passions is undeniable. > Okay, I'll humor you ... _Where_ do you think that alleged "passion" comes from? Could it be actual integrations? Corporate adoption? Or "ancedotal evidence" that the "NSS/389/Dogtag" is an "emerging technology"? ;) My opinions still stands the exams objectives and weightings should reflect > what administrators come across in their day-to-day work. > In your world, yes. What you're failing to understand is ... I have my experience too. How this can be controversial I do not understand. > Yet, you cannot respect my experience as anything but "ancedotal." By your own admission, you don't see NSS/389/Dogtag at all. You think it's an "emerging technology." And you also think any coverage of IPA in 303 is already overboard. What you fail to understand is, with Microsoft's change for Windows 10/Server 2016 and the corresponding AD 2016 domain/forest-level, Microsoft is going to _force_ adoption of something like IPA, in "mixed environments." But this wasn't accidental. In fact, it was Microsoft giving Red Hat a nod that they 'got it right.' Because AD architects don't want any POSIX in their AD Forest, because AD admins don't populate, much less understand, even the basic IETF RFC 2307 attributes. Less than 1% of AD domains have a single IDMU populated. That's why they are dropping them. At the same time, AD architects and their AD admins _do_ want to access Linux resources, such as Samba servers. The Samba service itself has a lot of issues with this as a Member Server in many, huge corporate AD environments. It's only really good for segmented, departmental or SMB setups. Putting Samba in an IPA dmain solves that, with the corresponding AD Forest Trust with Windows systems. Windows stays Windows, POSIX stays POSIX. I guess we will wait for others to give us their insights and opinions on > this matter and be guided by them. > Well, I'm certainly not here for my health. I.e., I have a lot of people who tell me not to bother with LPI because of statements exactly like yours. ;) But what do I know? I just offer "ancedotal evidence." -- bjs
_______________________________________________ lpi-examdev mailing list lpi-examdev@lpi.org http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev
