Re: [Freeipa-users] Some feature requests

2011-12-04 Thread Dmitri Pal
On 12/04/2011 02:35 PM, Steven Jones wrote:
 Hi,

 RFE? request for engineering?  via RHN support portal?

Request for enhancement = RFE

 I will also raise these with my RH solution architect.

 I noticed that you have a freeipa nfs howto/engineering proof of concept, 
 more of those would be good.  What I am finding is its very hard (actually 
 impossible) to figure out how to get 3rd party hardware to talk LDAP into 
 IPA. It seems the hardware talks one way or multiple ways and IPA answers 
 differently, the result is they dont communicate. So far I have failed with 
 Sun's Solar SAN, and Bluecoat's proxy server.the info just seems 
 lackingor maybe a dictionary from IPA to LDAP or into steven's speak is 
 needed I certainly dont find it simple to understand. 

We do not know what this hardware wants or expects. We do not even know
what kind of lookups it does. Is it nss_ldap? If so and underlying OS is
Solaris you need to turn on the IPA compat tree and point the device to
that tree.
Via compat tree you can expose the information inside FreeIPA tree in
any shape you want so if the device wants something special you would be
able to satisfy its tastes as long as the data already is some place in
the main tree. If it is not then it is a different issue.

 ;]

 I will be attempting a new Bluearc this week..which is centos 4.8 
 apparently

 ;/

 I also find that the vendors only speak AD, they are all MS trained.they 
 are totally clueless when I mention LDAP and especially IPA.Ive never 
 done a Linux/LDAP connection, I will have to ask engineering is the common 
 answer..seems in NZ and even in APAC that is a common, I usually dont get 
 an answer...

If it is AD specific it might not use LDAP. Do you know that these
devices actually use LDAP?

 Satellite - OTP, it would be per machine.each machine is recorded 
 individually in RH Sat so you know what is vulnerable and what patches there 
 are..I kind of envisioned another tab in the kickstart file generator 
 where you would put in the infomaybe it isnt that easy...but 
 integrating their products is what many vendors are slick at.or make a 
 huge mess of, depending on the vendor

RFE would be helpful.


 ;]

 regards

 Steven Jones

 Technical Specialist - Linux RHCE

 Victoria University, Wellington, NZ

 0064 4 463 6272

 
 From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
 behalf of Dmitri Pal [d...@redhat.com]
 Sent: Sunday, 4 December 2011 7:44 a.m.
 To: freeipa-users@redhat.com
 Subject: Re: [Freeipa-users] Some feature requests

 On 11/28/2011 04:36 PM, Steven Jones wrote:
 I cant see anything in the glster admin guide on connecting it to a IPA 
 setup...

 We will be working with them but it will take some time.
 Would be nice to have RFEs for those components filed.


 As for kickstart any ipa-client invocation requires and authentication.
 You either need to do it manually or in some way add OTP to the
 kickstart file.
 At best OTP should be one per machine but you can reuse it for a group
 of machines.
 This seems to be a problem that can only be solved by the individual
 admin depending on the constraints of his environment.
 I do not think this has a generic solution.

 regards

 Steven Jones

 Technical Specialist - Linux RHCE

 Victoria University, Wellington, NZ

 0064 4 463 6272

 
 From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
 behalf of Adam Young [ayo...@redhat.com]
 Sent: Tuesday, 29 November 2011 10:32 a.m.
 To: freeipa-users@redhat.com
 Subject: Re: [Freeipa-users] Some feature requests

 On 11/28/2011 04:16 PM, Steven Jones wrote:
 Hi,

 a) Auto setup in RH satellite to allow auto joining to freeIPA from a 
 baremetal kickstart.
 That is a Satellite,  not FreeIPA,  request.

 b) Setup/config (info etc) to allow a gluster system to join to IPA.
 What  would a gluster system require that we do not already provide?

 Since these are all RH...shouldn't be too hard.

 ;]

 regards

 Steven Jones

 Technical Specialist - Linux RHCE

 Victoria University, Wellington, NZ

 0064 4 463 6272

 ___
 Freeipa-users mailing list
 Freeipa-users@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-users
 ___
 Freeipa-users mailing list
 Freeipa-users@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-users

 ___
 Freeipa-users mailing list
 Freeipa-users@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-users



 --
 Thank you,
 Dmitri Pal

 Sr. Engineering Manager IPA project,
 Red Hat Inc.


 ---
 Looking to carve out IT costs?
 www.redhat.com/carveoutcosts/



 ___
 Freeipa-users mailing list
 Freeipa-users

Re: [Freeipa-users] Some feature requests

2011-12-04 Thread Steven Jones
Hi,

The Sun SAN and the Bluecoat have multiple authentication sections, looks like 
they will query both til they get an answer. ie a specific AD tab and then a 
generic LDAP tab can also be configured.

Bluearc can only do one type per EVS (virtual storage server) it seems so we 
have to designate either AD or LDAP per EVS but we can have 64 EVS's so its how 
we split them up. 

I will do RFE's  once RHEL6.2 is GA and ive sucked the Bluearc's architect's 
brain dry...

:D

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272


From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Dmitri Pal [d...@redhat.com]
Sent: Monday, 5 December 2011 1:00 p.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Some feature requests

On 12/04/2011 02:35 PM, Steven Jones wrote:
 Hi,

 RFE? request for engineering?  via RHN support portal?

Request for enhancement = RFE

 I will also raise these with my RH solution architect.

 I noticed that you have a freeipa nfs howto/engineering proof of concept, 
 more of those would be good.  What I am finding is its very hard (actually 
 impossible) to figure out how to get 3rd party hardware to talk LDAP into 
 IPA. It seems the hardware talks one way or multiple ways and IPA answers 
 differently, the result is they dont communicate. So far I have failed with 
 Sun's Solar SAN, and Bluecoat's proxy server.the info just seems 
 lackingor maybe a dictionary from IPA to LDAP or into steven's speak is 
 needed I certainly dont find it simple to understand.

We do not know what this hardware wants or expects. We do not even know
what kind of lookups it does. Is it nss_ldap? If so and underlying OS is
Solaris you need to turn on the IPA compat tree and point the device to
that tree.
Via compat tree you can expose the information inside FreeIPA tree in
any shape you want so if the device wants something special you would be
able to satisfy its tastes as long as the data already is some place in
the main tree. If it is not then it is a different issue.

 ;]

 I will be attempting a new Bluearc this week..which is centos 4.8 
 apparently

 ;/

 I also find that the vendors only speak AD, they are all MS trained.they 
 are totally clueless when I mention LDAP and especially IPA.Ive never 
 done a Linux/LDAP connection, I will have to ask engineering is the common 
 answer..seems in NZ and even in APAC that is a common, I usually dont get 
 an answer...

If it is AD specific it might not use LDAP. Do you know that these
devices actually use LDAP?

 Satellite - OTP, it would be per machine.each machine is recorded 
 individually in RH Sat so you know what is vulnerable and what patches there 
 are..I kind of envisioned another tab in the kickstart file generator 
 where you would put in the infomaybe it isnt that easy...but 
 integrating their products is what many vendors are slick at.or make a 
 huge mess of, depending on the vendor

RFE would be helpful.


 ;]

 regards

 Steven Jones

 Technical Specialist - Linux RHCE

 Victoria University, Wellington, NZ

 0064 4 463 6272

 
 From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
 behalf of Dmitri Pal [d...@redhat.com]
 Sent: Sunday, 4 December 2011 7:44 a.m.
 To: freeipa-users@redhat.com
 Subject: Re: [Freeipa-users] Some feature requests

 On 11/28/2011 04:36 PM, Steven Jones wrote:
 I cant see anything in the glster admin guide on connecting it to a IPA 
 setup...

 We will be working with them but it will take some time.
 Would be nice to have RFEs for those components filed.


 As for kickstart any ipa-client invocation requires and authentication.
 You either need to do it manually or in some way add OTP to the
 kickstart file.
 At best OTP should be one per machine but you can reuse it for a group
 of machines.
 This seems to be a problem that can only be solved by the individual
 admin depending on the constraints of his environment.
 I do not think this has a generic solution.

 regards

 Steven Jones

 Technical Specialist - Linux RHCE

 Victoria University, Wellington, NZ

 0064 4 463 6272

 
 From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
 behalf of Adam Young [ayo...@redhat.com]
 Sent: Tuesday, 29 November 2011 10:32 a.m.
 To: freeipa-users@redhat.com
 Subject: Re: [Freeipa-users] Some feature requests

 On 11/28/2011 04:16 PM, Steven Jones wrote:
 Hi,

 a) Auto setup in RH satellite to allow auto joining to freeIPA from a 
 baremetal kickstart.
 That is a Satellite,  not FreeIPA,  request.

 b) Setup/config (info etc) to allow a gluster system to join to IPA.
 What  would a gluster system require that we do not already provide?

 Since these are all RH...shouldn't be too hard

Re: [Freeipa-users] Some feature requests

2011-11-28 Thread Adam Young

On 11/28/2011 04:16 PM, Steven Jones wrote:

Hi,

a) Auto setup in RH satellite to allow auto joining to freeIPA from a baremetal 
kickstart.

That is a Satellite,  not FreeIPA,  request.



b) Setup/config (info etc) to allow a gluster system to join to IPA.


What  would a gluster system require that we do not already provide?



Since these are all RH...shouldn't be too hard.

;]

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] Some feature requests

2011-11-28 Thread Steven Jones
I cant see anything in the glster admin guide on connecting it to a IPA setup...

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272


From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Adam Young [ayo...@redhat.com]
Sent: Tuesday, 29 November 2011 10:32 a.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Some feature requests

On 11/28/2011 04:16 PM, Steven Jones wrote:
 Hi,

 a) Auto setup in RH satellite to allow auto joining to freeIPA from a 
 baremetal kickstart.
That is a Satellite,  not FreeIPA,  request.


 b) Setup/config (info etc) to allow a gluster system to join to IPA.

What  would a gluster system require that we do not already provide?


 Since these are all RH...shouldn't be too hard.

 ;]

 regards

 Steven Jones

 Technical Specialist - Linux RHCE

 Victoria University, Wellington, NZ

 0064 4 463 6272

 ___
 Freeipa-users mailing list
 Freeipa-users@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-users

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users