[Freeipa-users] Multi-tennancy and Freeipa
Dmitri Pal
dpal at redhat.com
Wed Sep 14 15:36:02 UTC 2011
Can Freeipa accommodate a mufti-tennant environment? i.e. I work for
a managed service provider that currently uses LDAP for authentication
for both our users and our customer's users. But Customer A cannot
see Customer B's data due to access control on our directory. Each
customer has at least one LDAP service account in their container in
the tree that can only view that customer's container and my company
container.
Would we have to do something like create realms for each customer?
Then configure trusts from customer realm to ours?
EXAMPLE.COM - our realm
CUSTOMERA.EXAMPLE.COM - customer a realm
... so on
What about data within the directory? Currently our DIT is like:
o=MyCompany,dc=example,dc=com
o=CustomerA,dc=excample,dc=com
Would seperating by realms automatically divide that up? What about
would Customer A be able to see any Customer B users using multiple
realms alone or would we have to take additional precautions?
Regards,
-Alan
============================
Posted on behalf of Alan
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list