[Freeipa-users] Password pass-through to an existing LDAP server?
Simo Sorce
simo at redhat.com
Thu Jun 14 17:59:53 UTC 2012
On Thu, 2012-06-14 at 09:54 -0400, Jason Riedy wrote:
> And Dmitri Pal writes:
> > Can you explain what is the reason of having local accounts
> > other than system ones?
>
> Sorry, I didn't explain well enough. I mean local to the
> *subnet*, not the host. I don't want them in /etc/passwd.
> Nor do I want all global users defined by default, although
> that's less important.
>
> That's what OpenLDAP's pass-through mechanism accomplishes.
> I'd declare the local users in the subnet's LDAP server and set
> their passwords to direct to another LDAP server. Does FreeIPA
> have a similar facility?
the underlying 389ds have a way to do that, but we do not expose it in
IPA as it would make little sense there.
That said we have plans to allow having 'branch office replicas' where
only a subset of users is replicated to that branch replica. But these
are future plans, it will take a few minor versions after 3.0 at least.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list