[Freeipa-users] organizational units
Dmitri Pal
dpal at redhat.com
Mon Mar 16 14:30:00 UTC 2009
Natxo Asenjo wrote:
> On Fri, Feb 27, 2009 at 6:56 PM, Rob Crittenden <rcritten at redhat.com> wrote:
>
>> Natxo Asenjo wrote:
>>
>>> hi,
>>>
>>> In freeipa 1.2.1 from fedora10, is it possible to create different ou
>>> in the directory server in order to organize the directory for
>>> different branches, like, ou=europe,dc=example,dc=lcom;
>>> ou=asia,dc=example,dc=com etc. Having all users under
>>> cn=users,cn=accounts,dc=example,dc=com can be a bit disorganized.
>>>
>> Storing users in one place is on purpose. Trying to separate users by OU,
>> region, etc tends to be difficult because people move a lot, companies
>> reorganize, etc
>>
>
> ok, that's an interesting startpoint. So how will policies be
> implemented then? Excuse my asking, I guess I am a bit used to the AD
> way of coupling policies to ou's.
>
The machine related policies will be related to the policy groups.
Policy groups will be associated with groups of hosts.
http://www.freeipa.org/page/Overall_Design_of_Policy_Related_Components
http://www.freeipa.org/page/DS_Design_Summary_2
Use related policies will be looked at in later versions.
>
>>> Another question: will the webgui have a ldap browser interface? Will
>>> the ipa-admintools be able to create objects in different
>>> ou/containers in the directory?
>>>
>> There are no plans for a generic ldap browser. One of the goals is to hide
>> the implementation so we may never provide one.
>>
>
> I see. Well, I suppose one can always use any of the available ldap
> browsers if the need arises.
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
--
Thank you,
Dmitri Pal
Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list