[Freeipa-devel] FreeIPA Footprint
Rob Crittenden
rcritten at redhat.com
Thu Feb 21 14:54:04 UTC 2008
W. Michael Petullo wrote:
> I have been piecing together an authentication and authorization solution
> using Kerberos and OpenLDAP for about two years [1]. I have recently begun
> looking at FreeIPA. I may be able to help with the integration of Mac
> OS X clients into a FreeIPA-based network.
Great! We have some amount of documentation on it at
http://www.freeipa.com/page/ConfiguringOtherClients#Mac_OS_X but it
could use another set of eyes and some other enhancements. Currently it
just adds the OS X machine to the realm.
> I do have a few questions about FreeIPA, related to my interest in a
> very low-footprint solution.
>
> 1. Is there a good document on reducing the memory footprint of the Fedora
> Directory Server? On my computer, FDS / ns-slapd seems to use 500 MB of
> memory. A similar configuration using OpenLDAP / slapd used only 20 MB.
DS by default has very large caches. It is possible to tune these down.
We haven't done much IPA-specific tuning beyond creating an index for
each attribute we search on.
> 2. Is there any interest in making the Fedora IPA packages more
> fine-grained? For example, the web-based configuration tools brings in
> quite a few dependencies. Could this be split into an separate package? In
> this case, I am interested in disk space.
You raise a good point. Can you file a bug on this so it doesn't fall
thru the cracks?
I'll have to think a bit about how this would work. Separating the files
is probably fairly straightforward but what it means to have IPA w/o the
UI I'm not sure. It will require other changes so we don't configure
Apache to forward requests. Or we could just leave Apache as it is and
let it proxy things to nowhere :-)
>
> [1] http://www.redhatmagazine.com/2008/01/17/serving-apples-integrating-mac-os-x-clients-into-a-fedora-network/
I'll make sure our docs writer takes a look at this.
BTW, I saw your bug on the acutil dependency. I think you need to
install authconfig to fix this.
regards
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20080221/ddf577cd/attachment.bin>
More information about the Freeipa-devel
mailing list