[Freeipa-users] Using IPA on Two Completely Different Domains

Trevor T Kates (Services - 6) trevor.t.kates at dom.com
Thu Oct 17 14:56:18 UTC 2013 

> -----Original Message-----
> From: Alexander Bokovoy [mailto:abokovoy at redhat.com]
> Sent: Thursday, October 17, 2013 10:50 AM
> To: Trevor T Kates (Services - 6)
> Cc: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] Using IPA on Two Completely Different Domains
> 
> On Thu, 17 Oct 2013, Trevor T Kates (Services - 6) wrote:
> >Greetings,
> >
> >I’m looking for some advice with respect to implementing an IPA
> >solution on two different domains. Both domains have names that are
> >completely distinct from each other and are out of my control to
> >change. I have IdM 3.0 under CentOS 6.4 supporting one domain and I’d
> >like to put together another IdM instance for the other domain. There
> >is some overlap of users between the two domains. As such, I was
> >wondering if the best solution would be to just treat the domains as
> >completely distinct and manage the IdM instances separately or if there
> >is a way to link them together such that for the users that overlap,
> >modifications only need to be made once and in one place.
> Can you put machines from both DNS domains into the same IPA domain?
> Is there a need to physically separate the information between the two?

I can. The information should not need to be separated. I was concerned due to an erroneous assumption that the different domain names would make IPA reject the hosts from the other domain.

> 
> It is OK for IPA to have machines in different DNS domains.

Thanks! I'll give it a shot.

> --
> / Alexander Bokovoy

Trevor T. Kates


CONFIDENTIALITY NOTICE:  This electronic message contains
information which may be legally confidential and/or privileged and
does not in any case represent a firm ENERGY COMMODITY bid or offer
relating thereto which binds the sender without an additional
express written confirmation to that effect.  The information is
intended solely for the individual or entity named above and access
by anyone else is unauthorized.  If you are not the intended
recipient, any disclosure, copying, distribution, or use of the
contents of this information is prohibited and may be unlawful.  If
you have received this electronic transmission in error, please
reply immediately to the sender that you have received the message
in error, and delete it.  Thank you.

More information about the Freeipa-users mailing list