[Freeipa-users] Extending IPA schema for Federation services.

Steven Jones Steven.Jones at vuw.ac.nz
Mon Mar 19 19:58:58 UTC 2012 

Hi,

Im starting from scratch here so bear with me......ie I dont know a lot of this....which should be obvious....

Extending Easy? oh because it doesnt strike me as easy......

:/

Initially I am about to build our production IPA servers.  These attributes are a requirement of the Federation system New Zealand wants to use and is probably the same for Australia. So I think the schema has to be done/extended for IPA to be viable in tertiary institutions in NZ, without it not many if anyone will use IPA they will stay with openldap.  So each person should have these I think.....they may not be used initially but once extended initially then I dont have to extend the schema later.

What connects to these is an apache/tomcat front end. There are two aspects/functions to this, the IdP and the SdP.  The Idp allows remote tertiary organisations to query us and say our user is we legit....they then use their LDAP to provide resources via the SdP.  So the Idp provides an identity to remote ppl and the SdP provides access to a resource at our end. later I expect we will have to to the SdP bit got our high performance cluster and storage...

It maybe a year or more before we actually use this, but it strikes me as sensible that these are done on initial build.....I will put ina  RH support case for this.   We will probably also pull the actual fields/contents out of AD.....not sure yet.

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: Rob Crittenden [rcritten at redhat.com]
Sent: Tuesday, 20 March 2012 2:55 a.m.
To: Steven Jones
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Extending IPA schema for Federation services.

Steven Jones wrote:
> Hi,
>
>
> Is it possible to expand IPA's schema to do this?

Adding the schema is easy, doing something with it is where things get
interesting. What do you want to do with these attributes/objectclasses?

rob

More information about the Freeipa-users mailing list