[Freeipa-users] one step away from having freeipa work with vsphere ldap

2014-12-07 Thread Gianluca Cecchi
Hello, I'm quite near to have users and groups working using ipa 3.3 as in CentOS 7 as this gives ability to do binds against compat tree. This is with the use of schema compatibility The last step I need is getting components of groups so that vSphere con enforce group membership permission over

Re: [Freeipa-users] one step away from having freeipa work with vsphere ldap

2014-12-07 Thread Gianluca Cecchi
On Sun, Dec 7, 2014 at 3:44 PM, Gianluca Cecchi wrote: > Hello, > I'm quite near to have users and groups working using ipa 3.3 as in CentOS > 7 as this gives ability to do binds against compat tree. > This is with the use of schema compatibility > > The last step I need is getting components of

Re: [Freeipa-users] DNS configuration

2014-12-07 Thread Matthew Herzog
Thanks guys. I'm sorry for my delay in responding. Firstly, I was under the impression (from reading the docs) that having named running on IPA server was critical. Also, the first question the ipa-server-install script asks is, "Do you want to configure integrated DNS (BIND)? ." While it's true t

Re: [Freeipa-users] DNS configuration

2014-12-07 Thread Dmitri Pal
On 12/07/2014 06:44 PM, Matthew Herzog wrote: Thanks guys. I'm sorry for my delay in responding. Firstly, I was under the impression (from reading the docs) that having named running on IPA server was critical. Properly configured DNS is critical. How you accomplish it is up to you. IPA allow

Re: [Freeipa-users] DNS configuration

2014-12-07 Thread Dmitri Pal
On 12/07/2014 09:51 PM, Matthew Herzog wrote: What must be done in or on the ipa server with regard to DNS, if anything? Our DNS works. It works well. We have four Linux DNS servers and two AD domain controllers that also do DNS. So if we already have DNS working well in our domain, why do w

Re: [Freeipa-users] DNS configuration

2014-12-07 Thread Matthew Herzog
So should the FreeIPA server be authoritative for the Kerb. realm/DNS domain or can it/should it be a slave DNS server instead? Or caching only? On Sun, Dec 7, 2014 at 9:57 PM, Dmitri Pal wrote: > On 12/07/2014 09:51 PM, Matthew Herzog wrote: > > What must be done in or on the ipa server with r

Re: [Freeipa-users] DNS configuration

2014-12-07 Thread Dmitri Pal
On 12/07/2014 10:10 PM, Matthew Herzog wrote: So should the FreeIPA server be authoritative for the Kerb. realm/DNS domain or can it/should it be a slave DNS server instead? Or caching only? IPA DNS can't be a slave so you either delegate a whole zone to it or manage IPA DNS domain via your ow