[Freeipa-users] FreeIPA, RedHat Directory Server and Centros DS
Roman Naumenko
roman at naumenko.ca
Tue Nov 4 16:14:29 UTC 2014
----- Original Message -----
> On Tue, 04 Nov 2014, Roman Naumenko wrote:
> >Hi,
> >
> >
> >I'm planning to use FreeIPA to manage infrastructure resources, sudo
> >users, DNS and things like that. But I also need isp style
> >directory
> >with multiple organizations and root DNs to control users, mainly
> >for
> >authentication purpose. FreeIPA wouldn't suitable for latter, so I'm
> >looking at OpenDJ or Centos DS for that.
> >
> >
> >Could you advise what would be the most suitable product in this
> >case?
> >And what the difference between RedHat and Centos versions of
> >directory
> >servers?
> I'm not entirely understanding what do you mean by 'Centos DS' here
> but
> let me guess.
Centos directory server.
> FreeIPA uses 389-ds as its LDAP server. It is the same code in both
> RHEL
> and CentOS (and other RHEL rebuilds of the same version); there
> should
> be no difference at all on source level.
>
> FreeIPA, however, adds a number of own plugins to the directory
> instance
> that is used for FreeIPA purposes. These plugins are not supported
> outside of FreeIPA deployment and they implement features we consider
> important for FreeIPA like user lockout, password changes, Kerberos
> keys
> integration, 2FA implementation, DNSSEC integration, etc.
All good staff!
> You definitely can set up separate instances of 389-ds. Preferably
> this
> should be done on separate hosts than IPA masters because otherwise
> you'll have a number of practical issues with different instances
> binding to the same LDAP/LDAPS ports and so on.
Is 389-ds equivalent of RedHat Directory Server (http://www.redhat.com/en/technologies/cloud-computing/directory-server)?
--Roman
More information about the Freeipa-users
mailing list