[Freeipa-users] 389-ds and AD integration questions

[Prashanth Sundaram]

Dear FreeIPA community,

I have a bunch of requirements that I am looking forward from ipa-server.
Please clarify if these are possible

Background: We are planning to deploy 389-ds(formerly Fedora DS) as our core
ldap server in a Multi-Master Replication scenario. We will be having set of
slave server to cater at different locations. We want to integrate password
authentication with MS Active Directory. 389-DS offers PAM Pass-thru plugin,
but it has been quite difficult to configure the parameters and kerberos to
get that working. Some of the features I am looking are

1. Easy setup of PAM Pass-thru setup. Where 389-ds queries Active Directory
for password. 
2. Syncing new users automatically between AD and 389-ds including UNIX
attributes in AD(after installing SFU 3.5). Though Windows Sync agreement
does it, we are looking on a finer control over the OU¹s and
objectclass/attributes imported.
3. Password change in unix world reflect on AD,
4. Netgroups, adding hosts to the Directory server and have a inventory
withhostname and IP address and/or perform basic host tasks.
5. Create ACI¹s such that support team has only access to create ldap
accounts and update group memberships.
6. How is the easy is it going to be if upgraded from 1.2.2 to 2.0? Any
issues anticipated?

I am still going through the vast Admin Guide, release notes, user config
guide to get these answers and know more. Also let me know if it is worth
waiting till 2.0

Thanks,
Prashanth


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20090921/213c5883/attachment.htm>