[Freeipa-users] RHEL6 IPA and Active Directory synchronisation and Solaris RBAC

Steven Jones Steven.Jones at vuw.ac.nz
Wed Feb 13 23:16:08 UTC 2013 

Hi,

However trusts open a whole nest of vipers...

The advantage of using winsync is you can control what happens in IPA, so if AD say gets hacked anything in IPA probably will survive.  

The reverse is of course also true....

;]

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Dmitri Pal [dpal at redhat.com]
Sent: Thursday, 14 February 2013 11:24 a.m.
To: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] RHEL6 IPA and Active Directory synchronisation and Solaris RBAC

On 02/13/2013 09:58 AM, Dag Wieers wrote:
> Hi,
>
> We are investigating whether IPA is an acceptable solution for our
> environment. One of the aspects that is not clear (from reading the
> documentation and testing it without AD) is whether the
> synchronization with AD can be limited to a subset.
>
>
> Since we would like to only synchronize certain user-accounts
> (conforming to a specific format) from AD unidirectionally, and we
> also want to manage functional/technical accounts on IPA, we need to
> make sure that we:
>
>  - can filter the stuff we pull from AD
>  - can avoid the synchronisation to remove other accounts managed in IPA
>
> Can someone confirm that this is possible ? Is there any indepth
> information on how this AD sycnhronization works (preferably about
> RHEL6 IPA) ?
>
>
> Also since we also require compatibility with Solaris, and roles
> (RBAC) is currently used on Solaris, does IPA support RBAC on Solaris
> ? (We noticed that RBAC mentioned in the IPA web interface only
> relates to IPA management).
>
>
> Thanks in advance,
If you are planning to use latest bits from upstream you also can
consider using trusts and PAM passthough instead of password
synchronization.

--
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

More information about the Freeipa-users mailing list