[Freeipa-users] Running a FreeIPA replica in a limited-resource environment

[Christopher Swingler]

Hello, FreeIPA list.

We're looking to start using FreeIPA to replace our standard 389 LDAP server on our public web server.

That public web server also houses a public wiki, which currently authenticates against 389. We're running FreeIPA on site in our hackerspace, but are working toward a goal of a federated login system between all of our public and internal systems.

My plan, as it stands, is to set up a VPN link between our public web server and our space, and set up a master-master replication between a FreeIPA server running onsite, and another on our public web server.

The limitation I'm currently considering is that our public web server is limited on resources - it's a VM with 1GB of RAM, on which we're already running Apache, Mediawiki, and an IRC bot. The VM is currently donated by a member. We're a little crunched on resources as it is, and I fear that spinning up a full FreeIPA replica on that system may push us over the edge of resource constraints.

Is it possible to tune FreeIPA to run with fewer resources, or replicate only the portions of it that we really need running remotely (just the LDAP server)? 

Thanks!

Christopher Swingler
CTO
South Side Hackerspace Chicago
2233 South Throop St | Unit 214 | Chicago, IL 60608

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140416/3582bf5b/attachment.htm>