[Freeipa-users] migrate from LDAP to FreeIPA ?
Jan-Frode Myklebust
janfrode at tanso.net
Mon Apr 4 08:12:26 UTC 2011
On Fri, Mar 25, 2011 at 05:14:02PM -0400, Rob Crittenden wrote:
>
> Shouldn't be too bad. Here is our beta documentation on migration:
>
> http://obriend.fedorapeople.org/freeIPA2.0/Identity_and_Policy_Management_Guide/html-single/#chap-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA
Ok, good, that looks like it should cover the bulk of our migration.
The other problems I'm looking at are probably more of design issues.
Are there a deployment guide somewhere as well ?
Currently we use netgroups for servers and users, mainly to manage who
can log in to which server trough pam_access/access.conf plus for sudo
rules. Should we continue using netgroups, or will the "user groups" and
"host groups" in IPA cover this ? Does the user groups allow nesting of
posix groups ? I.e. user1 is member of group1 which automatically make him
member of group2 and group3?
Some guides for configuring roles/privileges would be very interesting.
We want to have "group admins" who are allowed to add/remove members of
the groups this admin admins... Also we might want to allow team leaders
to add new users..
Oh.. and are there any training available/planned for IPA (v2)?
-jf
More information about the Freeipa-users
mailing list