Hi guys, we are currently evaluating free-ipa. We've used the sun one ds, sun / oracle dsee and 389 so far. All of those are easy to customize respective the schema, class of service, dynamic groups,... Unfortunately most applications like jenkins, jira, confluence, gitblit, bitbucket, nexus and others don't have a native interface to authenticate against free-ipa. But most of them can do ldap(s) / tls and can connect to any ldap server with a proxy user configured. This way and by using class of service and dynamic groups, we were able to tie them to the directory and use it for authentication and sometimes aothorization as well. As I've seen so far, the 389 as part of free-ipa is tightly coupled to the rest of the components and it's schema and dit are structured to fit the needs of ipa. Some questions that come into my mind:
Would it be possible to extend the schema and configure the 389 ds for my own needs? Could the dit be restructured to match the logic of our environments? I remember the sun idm server which was a pretty complex product but gave the user lots of possible customizations of the web ui and included workflows. Is that possible with ipa also? thank you very much, cheers, Frank -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project