[Freeipa-users] Recomendations on multi-domain environments
Arturo Borrero
aborrero at cica.es
Wed Sep 18 11:40:16 UTC 2013
Hi there!
This is my situation.
I have some users of my main domain "cica.es".
But I also maintain a database of users of others domain, ie "example.es".
I can apply most of FreeIPA configuration to "cica.es" users: access to
hosts, groups, policies, roles, etc..
But users of "example.es" are dummy users, who just have an LDAP account
in order to use virtual mailboxes in Postfix/Dovecot.
Do anyone have any advice on how handle this situation?
I see some options:
* create a second FreeIPA server, each to handle his own domain.
* get the main FreeIPA server to handle two complete different LDAP
tree (with different root DNs, don't know if possible).
* integrate "example.es" users into specific groups, "prefix" or
something each group and user.
We are talking of about 2k users in total (main domain + secondary
domain). In addition, there is the possibility to have more than two
domains.
How FreeIPA handles this multi-domain environment?
Best regards.
--
Arturo Borrero González
Departamento de Seguridad Informática (nis at cica.es)
Centro Informático Científico de Andalucía (CICA)
Avda. Reina Mercedes s/n - 41012 - Sevilla (Spain)
Tfno.: +34 955 056 600 / FAX: +34 955 056 650
Consejería de Economía, Innovación, Ciencia y Empleo
Junta de Andalucía
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3072 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130918/bf16c1bb/attachment.p7s>
More information about the Freeipa-users
mailing list