[Freeipa-users] Free IPA and Google Apps
Simo Sorce
simo at redhat.com
Tue May 20 20:33:51 UTC 2014
On Tue, 2014-05-20 at 13:33 -0500, Chris Whittle wrote:
> Awesome... Can ipsilon be installed on the same server as FreeIPA?
It should be possible, although I always used a separate server for my
tests.
Btw, use at least version 0.2.4, there are important bugs fixed there,
although not all of the known ones are, I am planning 0.2.5 in a few
days :-)
Simo.
> On Mon, May 19, 2014 at 7:16 AM, Simo Sorce <simo at redhat.com> wrote:
>
> > On Sun, 2014-05-18 at 20:40 -0500, Chris Whittle wrote:
> > > Anything new on ipsilon?
> >
> > I released 0.2.3: https://fedorahosted.org/ipsilon/
> >
> > It is still a bit rough on the edges, but can be used.
> >
> > Simo.
> >
> > > On Fri, Apr 25, 2014 at 9:18 AM, Simo Sorce <simo at redhat.com> wrote:
> > >
> > > > On Fri, 2014-04-25 at 10:00 -0400, Dmitri Pal wrote:
> > > > > On 04/25/2014 09:51 AM, Simo Sorce wrote:
> > > > > > On Fri, 2014-04-25 at 09:29 -0400, Dmitri Pal wrote:
> > > > > >> On 04/25/2014 08:39 AM, Simo Sorce wrote:
> > > > > >>> On Fri, 2014-04-25 at 07:27 -0500, Chris Whittle wrote:
> > > > > >>>> Thanks Martin, I found a few notes on FreeIPA and GADS but most
> > > > were people
> > > > > >>>> saying not to do it on principal but nothing saying if it's
> > > > possible or not.
> > > > > >>>>
> > > > > >>>> I like the SAML option, including the mysterious ipsilon (Is
> > there
> > > > anything
> > > > > >>>> more than the git repo yet?), but wonder how much control it
> > has.
> > > > > >>> At the moment no control at all.
> > > > > >>>
> > > > > >>>> Does it just allow them to SSO using their LDAP credentials?
> > > > > >>> Yes.
> > > > > >>>
> > > > > >>>> If I disable a user in LDAP does it only recognize that only
> > during
> > > > login
> > > > > >>>> or is it smart enough to kill their Google Apps sessions and
> > make
> > > > them
> > > > > >>>> login again?
> > > > > >>> At the moment no, in future, perhaps we can develop a plugin that
> > > > will
> > > > > >>> call a SSO logout to the remote applications the user logged
> > into,
> > > > but
> > > > > >>> this will require the server to be more stateful. This feature
> > is not
> > > > > >>> available in the current code.
> > > > > >>>
> > > > > >>> Simo.
> > > > > >>>
> > > > > >>>
> > > > > >>> _______________________________________________
> > > > > >>> Freeipa-users mailing list
> > > > > >>> Freeipa-users at redhat.com
> > > > > >>> https://www.redhat.com/mailman/listinfo/freeipa-users
> > > > > >>
> > > > > >> Simo, how much Ipsilon is ready for a POC like this?
> > > > > >> I understand it is probably somewhere between alpha and beta
> > quality
> > > > but
> > > > > >> it might be a good exercise to try to set it up for a real use
> > case.
> > > > > >> What do you think?
> > > > > > It can be tried, but I need to write some documentation on how to
> > set
> > > > it
> > > > > > up first :-)
> > > > > >
> > > > > > Simo.
> > > > > >
> > > > > Hint-hint, nudge-nudge :-)
> > > >
> > > > I know, I know.
> > > > I got done with lasso and mod_auth_mellon patches, now I can go back to
> > > > Ipsilon.
> > > >
> > > > If Jan gives me the go, I will cut a first release and start writing
> > > > instruction, file for Fedora packages and all that
> > > >
> > > > Simo.
> > > >
> > > >
> > > > --
> > > > Simo Sorce * Red Hat, Inc * New York
> > > >
> > > > _______________________________________________
> > > > Freeipa-users mailing list
> > > > Freeipa-users at redhat.com
> > > > https://www.redhat.com/mailman/listinfo/freeipa-users
> > > >
> >
> >
> > --
> > Simo Sorce * Red Hat, Inc * New York
> >
> >
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list