[Freeipa-users] RHEL6 IPA and Active Directory synchronisation and Solaris RBAC

[Dmitri Pal]

On 02/13/2013 09:58 AM, Dag Wieers wrote:
> Hi,
>
> We are investigating whether IPA is an acceptable solution for our
> environment. One of the aspects that is not clear (from reading the
> documentation and testing it without AD) is whether the
> synchronization with AD can be limited to a subset.
>
>
> Since we would like to only synchronize certain user-accounts
> (conforming to a specific format) from AD unidirectionally, and we
> also want to manage functional/technical accounts on IPA, we need to
> make sure that we:
>
>  - can filter the stuff we pull from AD
>  - can avoid the synchronisation to remove other accounts managed in IPA
>
> Can someone confirm that this is possible ? Is there any indepth
> information on how this AD sycnhronization works (preferably about
> RHEL6 IPA) ?
>
>
> Also since we also require compatibility with Solaris, and roles
> (RBAC) is currently used on Solaris, does IPA support RBAC on Solaris
> ? (We noticed that RBAC mentioned in the IPA web interface only
> relates to IPA management).
>
>
> Thanks in advance,
If you are planning to use latest bits from upstream you also can
consider using trusts and PAM passthough instead of password
synchronization.

-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/