[Freeipa-devel] Ubuntu interests in FreeIPA
Rob Crittenden
rcritten at redhat.com
Tue Jun 30 13:22:41 UTC 2009
Mathias Gug wrote:
> Hi,
>
> I'm part of the Ubuntu Server Team. I've been looking at the FreeIPA
> project for some time now and how it could be integrated in Ubuntu for
> the next release (Karmic scheduled October 2009). I'd like to get your
> input on my proposal.
>
> Interesting components of FreeIPA that I'd like to get integrated in Ubuntu:
>
> * sssd (there is already a work in progress to get debian packages in
> the next release (karmic)).
> * the management tools: web UI + cli + XML-RPC backend.
> * MIT kerberos.
>
> Components that I'm looking into replacing:
>
> * replace 389 Directory Server with openldap.
>
> The main reason being that the 389 Directory server is not available in
> the Ubuntu archive yet (there is a work in progress to get it included
> in Debian/Ubuntu) while openldap is already in the archive and the
> currently recommended directory solution in Ubuntu.
>
> My question is how tight are FreeIPA and 389 Directory Server coupled?
Very tightly coupled. We rely on a number of features that I believe are
only available in 389, and have added some of our own that are
389-specific.
* Distributed Numeric Assignment (DNA) is used to automatically assign
the next uidNumber/gidNumber
* Multi-master replication to distribute users and schema. OpenLDAP has
some MMR capabilities but as I understand it uses a simpler conflict
resolution process.
* We wrote a password changing plugin that would need to be
refactored/re-written from scratch
* Not sure if password policies are handled in the same way
* Access control is completely different
So within the realm of possibility but would be quite a bit of work.
I'd guess that a good bit of the IPA installer would need to be reworked
as well.
> * different Directory Information Tree (DIT): replace with openldap-dit [1].
>
> [1]: https://launchpad.net/openldap-dit
>
> My question is how tight are the management tools and the DIT coupled?
Very tightly coupled. Not something that couldn't be changed but it
would really be quite a fork.
>
> * deployment scripts: replace with puppet recipes/manifests.
>
> Here is my current proposal for karmic (schedule for October 2009):
> * package SSSD.
> * package FreeIPA 1.2.1 management tools.
>
> I've got several other questions:
> * When will the refactoring of the management tools will be completed?
> * Is there an updated roadmap and timeline?
No firm timeline yet but I wouldn't expect to see anything earlier than
this Fall/Autumn.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20090630/48d22bb3/attachment.bin>
More information about the Freeipa-devel
mailing list