[Freeipa-users] hesitate to deploy freeipa
Thomas Sailer
t.sailer at alumni.ethz.ch
Thu Jun 25 18:12:22 UTC 2015
Am 25.06.2015 um 17:47 schrieb Simo Sorce:
> Yes, the whole project is complex, but not because we like complexity,
> it is complex because the problem space is complex and we are bound to
> use existing protocols, which sometimes add in complexity, and we want
> to offer useful features to admins, so they can think about managing
> stuff and not about the plumbing all the time.
Sure, the problem space is a lot more complex than say ls.
But I think there is room for improvement, by making the individual
tools somewhat more resilient to unexpected behaviour in other components.
For example, if there's any nsuniqueid group present in a users entry,
login authentication via sssd breaks with a cryptic error message. It
would be nice, IMO, if it didn't break or if it at least issued a better
error message.
Furthermore, a good graphical generic LDAP editor would make the admin's
life significantly easier, IMO. I so far haven't found one. There's gq,
which works, mostly, but crashes relatively frequently. I'm mostly using
ldapvi now, which works quite well but only after studying its manual.
Thomas
More information about the Freeipa-users
mailing list