[Freeipa-users] Questions about FreeIPA vs 389DS

Dmitri Pal dpal at redhat.com
Thu Sep 13 22:43:32 UTC 2012 

On 09/13/2012 10:57 AM, Rich Megginson wrote:
> On 09/13/2012 07:01 AM, mailing lists wrote:
>> Hello all,
>>
>>   It is difficult for newcomers to cope with all this 389DS/FreeIPA
>> stuff, after reading the project documentation and several mail
>> messages in the archives I still have some unanswered questions so I
>> would be very grateful if list members could answer the following
>> doubts.
>>
>> I need use services in an Active Directory environment and the
>> WinSync solution has important limitations, the MODRDN operation is
>> not handled correctly losing the relation with AD objects (it delete
>> and add the entry so a new SID and GUID is assigned),
>
> What version of 389-ds-base are you using?
>
>> the upcoming "IPAv3 Trust" feature seems very promising because AFAIK
>> no sinchronization is necessary, but by using IPA it seems very
>> restrictive to support current applications which need a LDAP
>> hierarchical tree, custom schema with custom objectclassess and
>> attributes, custom ACLs for applications...... I know about Directory
>> Server virtual views, but I'm worried about the consequences of low
>> level manipulation of the FreeIPA Directory Server instance.
>>
>> So how others are solving this paradox?
>> they run  389DS with (fractional) replication towards (or from)
>> FreeIPA 389DS?
>> they add custom schemas to FreeIPA 389DS?
>> the do low level manipulation of FreeIPA 389DS for ACLs, plugin
>> activation, ...?
>> what about upgrades after this modifications were done?

If you need this level of flexibility and customization 389 DS is
probably better for you than IPA.
It seems that you want to do a lot of "do it yourself" things. IPA is
more about "use as is with minor tweaks so that you do not need to do it
yourself".

>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

More information about the Freeipa-users mailing list