[Freeipa-users] Using 389-console with FreeIPA 3
Rich Megginson
rmeggins at redhat.com
Fri Sep 5 13:28:14 UTC 2014
On 09/05/2014 03:32 AM, Sankar Ramlingam wrote:
> On 09/05/2014 02:54 AM, Andrew Krause wrote:
>> I realize this question has been brought forth previously, but I am
>> unable to find a clear answer. I have a 389-ds environment that is
>> serving as an authentication back end for a python application. The
>> plan was to use this as a kind of SSO for other future applications
>> and we have MANY users/groups/OUs and different policies involved
>> already. Since it's not really feasible to re-create everything, and
>> it will not integrate directly with FreeIPA I would like to be able
>> to import my subtree to the 389-ds instance within my new FreeIPA
>> install and manage that subtree separately from all my hosts and
>> POSIX users.
>>
>> The short question, how can I manage to get the admin console working
>> with the 389-ds that is included in FreeIPA?
> Hi Andrew,
> I assume you are running FreeIPA server on Fedora19/20 or above.
> If that assumption is correct, then you can do "yum install 389-ds
> 389-admin-console idm-console-framework". All versions of fedora has
> these packages by default.
Actually, just "yum install 389-console" installs the console.
However, that is not sufficient. You will need a "configuration
directory server", which has been configured with the o=NetscapeRoot
tree, among other things. You will need to install the 389-admin
package on the machines that have 389-ds-base installed. You will need
to run the register-ds-admin.pl script to create your configuration ds
and to register directory servers with the config ds. And, since we do
not test this at all, there is no guarantee that it will not break your
IPA deployment, so be sure to backup/snapshot/etc. before going down
this road.
>
> Thanks,
> -Sankar R
>>
>> I'd really like to use FreeIPA for all my host based authentication,
>> but it becomes a non-option if we have to run multiple directory
>> clusters.
>>
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140905/91dbf5aa/attachment.htm>
More information about the Freeipa-users
mailing list